AdobeR.exe

AdobeR.exe

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 2

Logfile of HijackThis v1.99.1
Scan saved at 1:21:03, on 23.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AdobeR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\D-Link\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Montaza 2\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....9930615203
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Privremeno isključi antivirus pre pokretanja sledećeg programa...

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 2

ComboFix 08-03-22.3 - Montaza 2 2008-03-23 15:45:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.701 [GMT 1:00]
Running from: C:\Documents and Settings\Montaza 2\Desktop\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
pv -kf -l"* pid.bat *"
CF9188.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Montaza 2\ravmonlog
C:\WINDOWS\adober.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 15:43 . 2008-03-23 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-23 01:51 . 2008-03-23 02:30 <DIR> d-------- C:\Program Files\Eset
2008-03-22 19:46 . 2008-03-22 19:46 <DIR> d-------- C:\Program Files\Doctor Alex
2008-03-22 14:51 . 2008-03-22 14:51 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\FastStone
2008-03-21 19:51 . 2008-03-21 19:50 101,608 -r-hs---- C:\h1dwg20.exe
2008-03-20 16:46 . 2008-03-20 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-20 13:46 . 2008-03-20 13:47 <DIR> d-------- C:\Program Files\Any Video Converter Professional
2008-03-18 22:11 . 2008-03-18 22:43 <DIR> d-------- C:\Program Files\Total Video Converter
2008-03-17 17:02 . 2008-03-17 17:02 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-17 16:52 . 2008-03-20 13:47 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\Any Video Converter Professional
2008-03-16 21:29 . 2008-03-16 21:29 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-03-16 21:00 . 2008-03-16 21:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-16 20:44 . 2008-03-16 20:44 <DIR> d-------- C:\DVDVideoSoft
2008-03-16 19:33 . 2008-03-22 14:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 19:33 . 2008-03-16 19:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 18:07 . 2008-03-16 18:07 <DIR> d-------- C:\Documents and Settings\Montaza 2\Bluetooth Software
2008-03-16 18:04 . 2008-03-16 18:04 <DIR> d-------- C:\Program Files\D-Link
2008-03-16 17:22 . 2008-03-16 17:22 <DIR> d-------- C:\Program Files\FLV Player
2008-03-16 07:39 . 2008-03-20 13:46 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-03-15 16:19 . 2008-03-16 20:35 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-03-15 16:19 . 2008-03-16 20:35 <DIR> d-------- C:\Program Files\AVS4YOU
2008-03-15 16:19 . 2008-03-15 16:19 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\AVS4YOU
2008-03-15 16:19 . 2008-03-15 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-03-15 16:19 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-03-15 16:19 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-03-15 16:19 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-03-15 16:19 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-03-15 16:19 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-03-15 16:19 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-03-15 16:19 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-03-15 16:19 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-15 16:19 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-03-15 15:24 . 2008-03-15 15:24 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-15 15:16 . 2008-03-15 15:16 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\Apple Computer
2008-03-15 15:15 . 2008-03-15 15:16 <DIR> d-------- C:\Program Files\QuickTime
2008-03-15 15:15 . 2008-03-15 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-02 18:08 . 1997-01-02 19:24 720,690 --a------ C:\EC3-ENG.PDF
2008-03-02 18:08 . 1997-01-02 22:59 375,296 --a------ C:\EC3-ENG.8BF
2008-03-02 18:08 . 1997-01-03 09:25 361,984 --a------ C:\EyeCand3.dll
2008-03-02 18:08 . 1996-10-24 17:45 59,952 --a------ C:\UNWISE.EXE
2008-02-27 21:32 . 2008-02-27 22:41 <DIR> d-------- C:\YuRecnik
2008-02-25 22:22 . 2008-03-16 03:22 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\Skype
2008-02-25 02:36 . 2008-02-25 02:36 0 --a------ C:\WINDOWS\mngui.INI
2008-02-25 00:51 . 2008-03-02 19:20 373,248 --a------ C:\WINDOWS\EyeCand3.INI
2008-02-23 17:43 . 2008-02-23 17:43 125 --a------ C:\ioSpecial.ini
2008-02-23 17:02 . 2008-02-23 17:02 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\Valusoft
2008-02-23 17:02 . 2008-02-23 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-02-23 16:33 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2008-02-23 16:33 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2008-02-23 16:32 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2008-02-23 16:32 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-02-23 16:32 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2008-02-23 16:32 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2008-02-23 16:32 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2008-02-23 16:32 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-02-23 16:32 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-02-23 16:23 . 2006-03-13 17:35 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-02-23 16:23 . 2006-03-13 17:35 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-02-23 16:23 . 2006-03-13 17:35 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-02-23 16:23 . 2006-03-13 17:35 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-02-23 16:23 . 2006-03-13 17:35 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-02-23 16:23 . 2006-03-13 17:35 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-02-23 16:22 . 2006-03-13 17:35 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-02-23 16:22 . 2006-03-13 17:35 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-02-23 16:22 . 2006-03-13 17:35 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-02-23 16:20 . 2008-02-23 16:21 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\Teleca
2008-02-23 16:20 . 2008-02-23 16:20 <DIR> d-------- C:\Documents and Settings\Montaza 2\Application Data\Sony Ericsson
2008-02-23 16:18 . 2008-02-23 16:18 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-02-23 16:18 . 2008-02-23 16:19 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-23 16:18 . 2008-02-23 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-23 16:18 . 2008-02-23 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 12:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-18 02:24 --------- d-----w C:\Program Files\MP4Tool
2008-02-26 19:43 --------- d-----w C:\Documents and Settings\Montaza 2\Application Data\AdobeUM
2008-02-21 15:41 --------- d-----w C:\Documents and Settings\Montaza 2\Application Data\Gamelab
2008-02-21 15:41 --------- d-----w C:\Documents and Settings\Montaza 2\Application Data\GameHouse
2008-02-21 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-02-19 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-02-18 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-18 15:02 --------- d-----w C:\Program Files\Yahoo!
2008-02-09 20:19 --------- d-----w C:\Program Files\MSN Games
2008-02-08 15:18 --------- d-----w C:\Program Files\Fab Fashion
2008-02-08 13:40 --------- d-----w C:\Documents and Settings\Montaza 2\Application Data\Home Sweet Home
2008-01-29 19:37 --------- d-----w C:\Program Files\HP
2008-01-29 19:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-10 01:51 155,995 ----a-w C:\WINDOWS\java\Packages\Y4FHV3R3.ZIP
2008-01-07 21:15 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-01-05 13:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-05 13:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="C:\PROGRA~1\DAP\DAP.exe" [2008-01-07 22:15 1139712]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-15 15:15 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvshell]
-ra------ 2002-10-22 07:45 331776 C:\WINDOWS\Anvshell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-05-02 08:19 4640768 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2003-05-02 08:19 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-14 11:36 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\mIRC\\uninstall.exe _=C\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13762:TCP"= 13762:TCP:NortonAV
"14349:TCP"= 14349:TCP:NortonAV

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4d762f2-e864-11dc-be9b-000f21e860a2}]
\Shell\AutoRun\command - H:\ylr.exe
\Shell\explore\Command - H:\ylr.exe
\Shell\open\Command - H:\ylr.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-23 15:48:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\D-Link\Bluetooth Software\BTTray.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-03-23 15:49:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 14:49:48

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ukoliko imaš neki USB flash drive, priključi ga u toku narednog postupka...

Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.



-------------------------------------------------------------------------------------



Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\h1dwg20.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4d762f2-e864-11dc-be9b-000f21e860a2}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 1353 korisnika na forumu :: 49 registrovanih, 4 sakrivenih i 1300 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Acivi, amaterSRB, aramis s, babaroga, bankulen, bojankrstc, Botovac, Bubimir, danilopu, darcaud, DENIRO, dule10savic, GandorCC, Georgius, HogarStrashni, HrcAk47, ILGromovnik, Ivan Campo, Ivan001, kalens021, Kubovac, kunktator, kybonacci, milanovic, mile09, milenko crazy north, milutin134, Mixelotti, Motocar, mrvica78, nenooo, Panonsky, Panter, robertino, ruma, S2M, Shinobi, slonic_tonic, Smajser, Srle993, Sumadija34, suton, theNedjeljko, vathra, VJ, Vladko, vukovi