MyCity » Ambulanta -> Arhiva Ambulante » Molim provjeru log-a

Molim provjeru log-a

Napisano na dan: 16.12.2008

Strana:
1
2

Molim provjeru log-a

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Bespuche Poslao: 16 Dec 2008 21:58 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:41:24 PM, on 12/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Predsjednistvo BiH\Desktop\neda.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Profil

dr_Bora Poslao: 16 Dec 2008 23:12 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Log je čist. Postoji li neki problem?

Profil

Bespuche Poslao: 17 Dec 2008 09:56 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To mi je racunar u firmi. S vremena na vrijeme mi se monitor ugasi, tj. ode u standby, ali ZA VRIJEME rada na racunaru. I onda ga moram ugasiti i upaliti ponovo (monitor). I Kasperski nece da se update-uje,a licenciran je. Kada probam, samo pise 0Kb update.

Profil

dr_Bora Poslao: 17 Dec 2008 16:03 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa, to sa monitorom sigurno nema veze sa malware-om. A za ovo drugo ćemo odraditi još jednu proveru... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Bespuche Poslao: 25 Dec 2008 13:20 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pred kraj downloada Kasp mi izbaci da je ovo virus "Heue.Invader malicious http object detected". Kliknem da dopusti download, pa ga pokrenem i onda on izbaci prozor upozorenje i pise corrupt i pise "download fresh copy or retry instalation corrupt file"

Profil

dr_Bora Poslao: 25 Dec 2008 13:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deaktiviraj Kaspersky pre download-a.

Profil

Bespuche Poslao: 25 Dec 2008 14:42 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-24.01 - Predsjednistvo BiH 2008-12-25 14:22:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.614 [GMT 1:00] Running from: c:\documents and settings\Predsjednistvo BiH\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\abk.bat C:\autorun.inf C:\lky.exe c:\windows\system32\gasretyw0.dll c:\windows\system32\gasretyw1.dll c:\windows\system32\kamsoft.exe C:\yannh.cmd E:\abk.bat E:\Autorun.inf E:\lky.exe E:\yannh.cmd . ((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-25 13:29 2,071,584 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-25 13:28 128,032 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-25 13:26 29,432 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-25 13:26 14,024 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-25 13:08 --------- d-----w c:\program files\Mozilla Thunderbird 2008-12-25 07:43 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-24 10:11 91,700 ----a-w c:\windows\system32\drivers\klin.dat 2008-11-24 10:11 85,860 ----a-w c:\windows\system32\drivers\klick.dat 2008-11-24 10:11 --------- d-----w c:\program files\Lavasoft 2008-11-24 10:11 --------- d-----w c:\program files\Kaspersky Lab 2008-11-24 10:07 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-11-12 10:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-12 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-12 10:42 --------- d-----w c:\program files\Uniblue 2008-11-12 10:42 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\Uniblue 2008-11-12 10:38 74,703 ----a-w c:\windows\system32\mfc45.dll 2008-11-12 10:38 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\iolo 2008-11-12 10:38 --------- d-----w c:\documents and settings\All Users\Application Data\iolo 2008-11-12 10:27 --------- d-----w c:\program files\Innovative Solutions 2008-11-12 10:19 --------- d-----w c:\program files\Alwil Software 2008-11-12 09:55 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-12 08:33 84,992 --sh--r c:\windows\system32\kav320.dll 2008-11-12 08:26 99,504 --sh--r C:\ogcikeq.com 2008-11-12 08:26 84,992 --sh--r c:\windows\system32\kav321.dll 2008-11-11 10:27 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\oald7 2008-11-11 10:26 90,112 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-11 10:26 126,976 ----a-w c:\windows\system32\UAService7.exe 2008-11-11 10:26 --------- d-----w c:\program files\TEXTware 2008-11-11 10:26 --------- d-----w c:\program files\IDM 2008-11-11 10:26 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\SecuROM 2008-11-11 10:24 --------- d-----w c:\program files\Oxford 2008-11-06 11:37 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\Thunderbird 2008-11-06 11:37 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\Talkback 2008-10-30 12:56 --------- d-----w c:\program files\Hewlett-Packard 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2006-02-28 13:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] -ra------ 2006-01-30 17:00 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\Msmsgs.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 75856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17214b59-c2a2-11dd-99eb-001a923a6071}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17214b75-c2a2-11dd-99eb-001a923a6071}] \Shell\AutoOpen\command - f:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39bac86c-aff4-11dd-99c1-001a923a6071}] \Shell\AutoRun\command - F:\lky.exe \Shell\explore\Command - F:\lky.exe \Shell\open\Command - F:\lky.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ffcc7ea-743b-11dd-99a8-001a923a6071}] \Shell\AutoRun\command - F:\bwpncb6.com \Shell\explore\Command - F:\bwpncb6.com \Shell\open\Command - F:\bwpncb6.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4996278e-ab18-11dd-99b7-001a923a6071}] \Shell\AutoRun\command - F:\i.exe \Shell\explore\Command - F:\i.exe \Shell\open\Command - F:\i.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535b2720-bd24-11dd-99e3-001a923a6071}] \Shell\AutoRun\command - F:\e8kj.exe \Shell\explore\Command - F:\e8kj.exe \Shell\open\Command - F:\e8kj.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ba1eb4-afdd-11dd-99c0-001a923a6071}] \Shell\AutoRun\command - F:\qquq.bat \Shell\explore\Command - F:\qquq.bat \Shell\open\Command - F:\qquq.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94165b8c-00b1-11dd-9985-001a923a6071}] \Shell\AutoRun\command - F:\0n.bat \Shell\explore\Command - F:\0n.bat \Shell\open\Command - F:\0n.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97b1a0ee-8852-11dc-9925-001a923a6071}] \Shell\AutoRun\command - F:\lky.exe \Shell\explore\Command - F:\lky.exe \Shell\open\Command - F:\lky.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{998b8b6e-a683-11dd-99af-001a923a6071}] \Shell\AutoRun\command - F:\ln9.exe \Shell\explore\Command - F:\ln9.exe \Shell\open\Command - F:\ln9.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e8ce77-b482-11dd-99d3-001a923a6071}] \Shell\AutoRun\command - F:\yannh.cmd \Shell\explore\Command - F:\yannh.cmd \Shell\open\Command - F:\yannh.cmd . Contents of the 'Scheduled Tasks' folder 2008-08-27 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-kamsoft - c:\windows\system32\kamsoft.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Predsjednistvo BiH\Application Data\Mozilla\Firefox\Profiles\2it2118y.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-25 14:28:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(984) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\klogon.dll - - - - - - - > 'lsass.exe'(1040) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll - - - - - - - > 'explorer.exe'(3980) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\ATKKBService.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\windows\system32\UAService7.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\windows\system32\ati2evxx.exe . ************************************************************************ . Completion time: 2008-12-25 14:30:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-25 13:30:40 Pre-Run: 38,346,174,464 bytes free Post-Run: 38,357,434,368 bytes free 201 --- E O F --- 2008-12-18 16:49:26

Profil

dr_Bora Poslao: 25 Dec 2008 15:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\kav320.dll C:\ogcikeq.com c:\windows\system32\kav321.dll Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17214b59-c2a2-11dd-99eb-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17214b75-c2a2-11dd-99eb-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39bac86c-aff4-11dd-99c1-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ffcc7ea-743b-11dd-99a8-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4996278e-ab18-11dd-99b7-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535b2720-bd24-11dd-99e3-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ba1eb4-afdd-11dd-99c0-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94165b8c-00b1-11dd-9985-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97b1a0ee-8852-11dc-9925-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{998b8b6e-a683-11dd-99af-001a923a6071}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e8ce77-b482-11dd-99d3-001a923a6071}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Bespuche Poslao: 25 Dec 2008 15:51 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-24.01 - Predsjednistvo BiH 2008-12-25 15:37:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.551 [GMT 1:00] Running from: c:\documents and settings\Predsjednistvo BiH\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Predsjednistvo BiH\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\ogcikeq.com c:\windows\system32\kav320.dll c:\windows\system32\kav321.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ogcikeq.com c:\windows\system32\kav320.dll c:\windows\system32\kav321.dll . ((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-25 14:41 2,204,192 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-25 14:40 132,640 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-25 14:22 --------- d-----w c:\program files\Mozilla Thunderbird 2008-12-25 13:26 29,432 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-25 13:26 14,024 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-25 07:43 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-24 10:11 91,700 ----a-w c:\windows\system32\drivers\klin.dat 2008-11-24 10:11 85,860 ----a-w c:\windows\system32\drivers\klick.dat 2008-11-24 10:11 --------- d-----w c:\program files\Lavasoft 2008-11-24 10:11 --------- d-----w c:\program files\Kaspersky Lab 2008-11-24 10:07 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-11-12 10:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-12 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-12 10:42 --------- d-----w c:\program files\Uniblue 2008-11-12 10:42 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\Uniblue 2008-11-12 10:38 74,703 ----a-w c:\windows\system32\mfc45.dll 2008-11-12 10:38 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\iolo 2008-11-12 10:38 --------- d-----w c:\documents and settings\All Users\Application Data\iolo 2008-11-12 10:27 --------- d-----w c:\program files\Innovative Solutions 2008-11-12 10:19 --------- d-----w c:\program files\Alwil Software 2008-11-12 09:55 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-11 10:27 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\oald7 2008-11-11 10:26 90,112 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-11 10:26 126,976 ----a-w c:\windows\system32\UAService7.exe 2008-11-11 10:26 --------- d-----w c:\program files\TEXTware 2008-11-11 10:26 --------- d-----w c:\program files\IDM 2008-11-11 10:26 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\SecuROM 2008-11-11 10:24 --------- d-----w c:\program files\Oxford 2008-11-06 11:37 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\Thunderbird 2008-11-06 11:37 --------- d-----w c:\documents and settings\Predsjednistvo BiH\Application Data\Talkback 2008-10-30 12:56 --------- d-----w c:\program files\Hewlett-Packard 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2006-02-28 13:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] -ra------ 2006-01-30 17:00 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\Msmsgs.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 75856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-27 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Predsjednistvo BiH\Application Data\Mozilla\Firefox\Profiles\2it2118y.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-25 15:40:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(984) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\klogon.dll - - - - - - - > 'lsass.exe'(1040) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll . Completion time: 2008-12-25 15:42:48 ComboFix-quarantined-files.txt 2008-12-25 14:42:44 ComboFix2.txt 2008-12-25 13:30:48 Pre-Run: 38,394,667,008 bytes free Post-Run: 38,377,701,376 bytes free 137 --- E O F --- 2008-12-18 16:49:26

Profil

dr_Bora Poslao: 25 Dec 2008 22:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa, ovde više nema malware-a. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Za sve preostale probleme ćeš morati potražiti savete u nekom drugom delu foruma.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim provjeru log-a

Ko je trenutno na forumu

Ukupno su 1245 korisnika na forumu :: 53 registrovanih, 7 sakrivenih i 1185 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., ajo baba, amaterSRB, Apok, armor, Atomski čoban, bojank, Bubimir, cenejac111, cinoeye, Dorcolac, dragoljub11987, Futurama, Istman, Ivan Campo, JimmyNapoli, Kaplar2, Karla, kokodakalo, kolle.the.kid, Krusarac, Krvava Devetka, kuntalo, Lieutenant, Luka1998, Marko Marković, Metanoja, mile23, milenko crazy north, milimoj, miodrag, moldway, Nemanja.M, Oscar, ozzy, panzerwaffe, Rakenica, raketaš, raso7, Regrut Boskica, SR-3m, Srki94, Srle993, stankolich, VP6919, wolf431, wolverined4, Wrangler, zdrebac, Živković, Žrnov, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by