MyCity » Ambulanta -> Arhiva Ambulante » Nakon ciscenja sa AV problem winupdate.exe

Nakon ciscenja sa AV problem winupdate.exe

Napisano na dan: 28.3.2008

Strana:
1
2

Nakon ciscenja sa AV problem winupdate.exe

Sledeća strana

Pagination

Odgovori

Strana:
1
2

smz Poslao: 28 Mar 2008 10:13 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nakon ciscenja racunara sa nekim od AV programa pocelo je da mi se pojavljuje upozorenje prilikom startovanja XPa da fali u windows/system32/winupdate.exe i jos nesto za windows/system32/drvnov.dll osim sto se pojavi na pocetku vise ne primecujem da stvara probleme... o cemu se radi, kako da to otklonim? Logfile of HijackThis v1.99.1 Scan saved at 10:02:46, on 28.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe C:\DATEV\SYSTEM\PSNTSERV.EXE C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Administrator\Desktop\proba\proba.exe F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vmware-ufad.exe, O2 - BHO: label - {046B22D1-C674-416D-8F9E-0C787BBCEB40} - C:\WINDOWS\system32\label.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvnov.dll,startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - lizardtech.com/download/files/win/djvup....._de_DE.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{821CF5A8-6EFE-472C-9CF0-977E1825ED79}: NameServer = 205.188.146.145 O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE93D17-A689-4B6F-B3A0-8BB79EAFCBBD}: NameServer = 213.191.74.18 62.109.123.196 O17 - HKLM\System\CS1\Services\Tcpip\..\{821CF5A8-6EFE-472C-9CF0-977E1825ED79}: NameServer = 205.188.146.145 O20 - Winlogon Notify: winugy32 - winugy32.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe O23 - Service: DATEV Druckservice (DatevPrintService) - DATEV eG - C:\DATEV\SYSTEM\PSNTSERV.EXE O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Profil

DEMIAN Poslao: 28 Mar 2008 18:50 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nastavak na post iz druge teme.. Pre samo 3 dana.. smz :: Dopuna: 25 Mar 2008 12:27 Evo jos jednog pitanja samo se odnosi na drugi racunar...mozda bi trebao drugu temu da otvorim ali...odnosi se isto na probleme nakon ciscenja racunara sa nekim antivirusnim programom. Naime sada kada se upali comp obavestava nesto da fali windows/system32/winupdate.exe i drugi prozor nesto ako se dobro secam posto je cerkin komp ...system32/drvnov.dll ,,, inace koliko sam primetio sve drugo funkcionise jedino to prijavljuje uvek na pocetku, sta sa time da odradim? hvala unapred Nije sporno to što ti se javlja po startu windowsa. To je minut posla da se reši. Ono što je sporno je kako si uspeo da se zaraziš posle 48+ sati sa istim malware-om. Razlika je samo što ih sada imaš par aktivnih a ne radi se o jednom. E sad ćemo polako i korak po korak. Prvo ćeš da mi kažeš kojim to "nekim" AV-om si čistio PC i zašto si ga čistio kad sam ti ga pre 2-3 dana ja očistio od malware-a? Drugo pitanje je da li ti je to instalirana ona "modifikovana" verzija AOL-a? Pod tim mislim na svaku verziju koju nisi skinuo sa officijelnog sajta ili sa sajta kome se može verovati tipa Softpedia, Download.com, FileHipo.. itd. Na koliko nicka si ovde na forumu? persej - poznato? --------------- Kad mi odgovoriš nastavljamo dalje.. Onu prvu temu saljem u arhivu Ambulante. Pozz

Profil

smz Poslao: 31 Mar 2008 09:49 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK prijatelju, da krenemo od kraja... Samo sa jednim nickom sam prijavljen i ovo mi je drugi put da postavljam neku temu. Imam dva racunara jedan moj i jedan cerin i moj zajednicki, kada smo zavrsili predhodnu temu napisao sam ovo sve alii posto nisam dobio odgovor predpostavio sam da je ipak bolje da postavim novu temu. Pogledaj jos jednom napisao sam da je cerkin kompijuter tako da time nadam se resavamo mnoge nedoumice. Sledece koristim orginal AOLov program verziju 9 koji sam dobio od njih na CDu sa cetiri naknadne dopune koje su usledile posle pojave verzije 9. a stigle su automatski nakon prve konekcije i na ovom a i na onom drugom racunaru.Sledece bese kojim AVom ...cini mi se da je bio onaj kisobrancic avira se valjda zove ali nisam bas siguran jer sam ih cesto menjao pokusavajuci da vidim koji bi mi najvise odgovarao za rad.Mislim da je sve pocelo kada sam izbrisao neki program koji je kao antivirus ili tako nesto a nemam pojma kako je tu stigao...tako je to kad nas ima vise koji koristimo ovaj comp. Dakle, nadam se da su moji odgovori u redu i da nemamo vise nesporazuma. Zahvaljujem ti se u svakom slucaju

Profil

DEMIAN Poslao: 31 Mar 2008 15:37 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pošto sam mislio da se ne radi o istom računaru (nisam detaljno isčitiao post, sorry, žonglirao sam između te dve teme) zanimalo me je kako se malware tako brzo "povratio". Jedna od infekcija ti je karakteristična za tkz. Rogue Softver a najčešće se predstavljaju kao kvazi sigurnosni programi. Dosta ljudi ne zna za to i kada experimetišu sa programima za zaštitu instaliraju i ovaj malware. Očito je da ti se neki rogue AV instalirao bez tvog znanja i ponudio da ti "reši probleme sa virusima". Uz to imaš i trojance koje sam video kod ortaka pre 10tak dana, koji su se stalno vraćali posle brisanja, a za koje se kasnije ispostavilo da ih na sistem nanovo dovlači neka "modifikovana" verzija AOL-a koju je pronašao negde na netu, a koja je trebalo da mu omogući da skida sa RapidShare.com bez čekanja. Što se nicka tiče pišeš sa iste adrese kao i korisnik persej - to vam je do AOL proxy-a, uz to imate dosta slične logove, pa i korisnička imena na sistemu. NHF To sve zna da malko zbuni čoveka i nabaci mu razna pitanja kada već ima sve te informacije pred sobom.. Tvoj odgovor mi je rešio te nedoumice A sad da počistimo taj malware.. Isprati ovo uputstvo dole. ---------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

smz Poslao: 01 Apr 2008 11:18 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad mi tek nista nije jasno u vezi mojih kompijutera i AOLa i narocito onih slicnosti sa onim drugim nickom. Da jos nesto kazem imam i problem sto sa AOL kada saljem email korisnicima(ima ih vise) na nasem hemonetu njima stize ali kada oni meni odgovaraju aol im redovno svakome vrati nazad to se desava samo sa tim provajderom sa ostalima funkcionise. To cemo posle evo ga log fajl koji je odradio Combo. ----------------- ComboFix 08-03-30.5 - Administrator 2008-04-01 9:32:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.753 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\comsatac.dll C:\WINDOWS\system32\shdocvs.dll C:\WINDOWS\system32\winsrc.dll C:\WINDOWS\Temp\1224840630.exe C:\WINDOWS\Temp\1663767337.exe C:\WINDOWS\Temp\1987589145.exe C:\WINDOWS\Temp\30308182.exe C:\WINDOWS\Temp\415785937.exe C:\WINDOWS\Temp\62429467.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NTLOAD -------\Legacy_PROTECT -------\Service_ntload -------\Service_protect ((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))) . 2008-03-27 15:29 . 2008-03-27 15:29 <DIR> d-------- C:\SKEM 2008-03-27 15:28 . 2008-03-27 15:28 <DIR> d-------- C:\Program Files\SmartDraw 2008 2008-03-27 15:20 . 2008-03-27 15:20 <DIR> d-------- C:\TANGO 2008-03-27 14:31 . 2008-03-27 14:31 <DIR> d-------- C:\Program Files\ibf 2008-03-27 14:31 . 2008-03-27 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ibf 2008-03-27 14:07 . 2008-03-27 14:07 <DIR> d-------- C:\Program Files\Hutson Systems 2008-03-27 14:06 . 2008-03-27 14:06 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-03-27 14:06 . 1997-11-19 16:49 303,616 --a------ C:\WINDOWS\IsUninst.exe 2008-03-26 11:20 . 2008-03-26 11:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-26 11:20 . 2008-03-26 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-26 11:19 . 2008-03-26 11:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-26 11:03 . 2008-03-26 11:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart 2008-03-19 11:13 . 2004-08-03 23:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2008-03-19 11:12 . 2001-08-23 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-03-19 11:11 . 2001-08-23 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-03-19 11:10 . 2004-08-04 01:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-03-19 11:05 . 2001-08-23 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-03-19 10:53 . 2004-08-04 02:58 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT 2008-03-19 10:53 . 2004-08-04 02:57 1,086,058 --a--c--- C:\WINDOWS\system32\dllcache\NTPRINT.CAT 2008-03-19 10:53 . 2004-08-04 02:57 1,086,058 -ra------ C:\WINDOWS\SETBF.tmp 2008-03-19 10:53 . 2004-08-04 03:03 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT 2008-03-19 10:53 . 2004-08-04 03:03 1,042,903 -ra------ C:\WINDOWS\SETBC.tmp 2008-03-19 10:53 . 2004-08-04 02:58 502,724 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT 2008-03-19 10:53 . 2004-08-04 02:58 13,753 -ra------ C:\WINDOWS\SETCB.tmp 2008-03-18 14:01 . 2008-03-18 14:01 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-17 13:03 . 2008-03-17 13:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-03-17 11:07 . 2008-03-17 11:07 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-03-17 11:06 . 2008-03-17 11:06 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-03-17 11:05 . 2004-07-26 18:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2008-03-17 11:05 . 2004-07-26 18:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2008-03-17 11:05 . 2004-07-26 18:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2008-03-17 11:05 . 2004-07-26 18:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2008-03-17 11:05 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-03-17 11:04 . 2008-03-17 11:04 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-03-17 11:04 . 2008-03-17 11:05 <DIR> d-------- C:\Program Files\Ahead 2008-03-17 11:04 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-03-14 13:21 . 2008-03-14 13:21 <DIR> d-------- C:\Program Files\AVG 2008-03-14 13:21 . 2008-03-26 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-03-14 13:21 . 2008-03-14 13:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR 2008-03-03 10:24 . 2008-03-14 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-03 08:42 . 2008-03-03 08:42 0 --a------ C:\WINDOWS\system32\sex2.ico.tmp 2008-03-03 08:41 . 2008-03-03 08:41 0 --a------ C:\WINDOWS\system32\sex1.ico.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-26 09:16 --------- d-----w C:\Program Files\i-Sound Pro 2008-03-19 09:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-03 16:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-03 06:36 --------- d-----w C:\Program Files\ESET 2008-02-25 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ElsterFormular 2008-02-25 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-11 18:33 --------- d-----w C:\Program Files\ElsterFormular 2008-02-11 09:49 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-02-06 18:04 --------- d-----w C:\Program Files\Samsung 2008-02-06 17:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems 2008-02-06 10:24 --------- d-----w C:\Program Files\ACD Systems 2008-02-05 14:14 --------- d-----w C:\Program Files\LizardTech 2008-02-04 16:04 --------- d-----w C:\Program Files\conel 2008-02-04 15:58 --------- d-----w C:\Program Files\Borland 2008-01-03 12:20 155,995 ----a-w C:\WINDOWS\java\Packages\69ZPBNDN.ZIP 2007-12-30 15:33 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046B22D1-C674-416D-8F9E-0C787BBCEB40}] C:\WINDOWS\system32\label.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:21 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 09:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-06-21 14:42 70952] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 15:34 98304] "HostManager"="C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe" [2006-09-26 02:52 50736] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376] "MSDrive"="C:\WINDOWS\system32\drvnov.dll" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe] "RegistryMechanic"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] AOL 9.0 Tray-Symbol.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-12-18 15:33:27 156784] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winugy32] winugy32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\aol\\1198000098\\ee\\aolsoftware.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "C:\\DATEV\\PROGRAMM\\Install\\ExecDll\\ExecDllExe.exe"= "C:\\DATEV\\PROGRAMM\\Install\\Uninstal.exe"= "C:\\DATEV\\PROGRAMM\\B0000005\\CDBTool.exe"= "C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool.exe"= C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool "C:\\DATEV\\PROGRAMM\\DBMSTool\\dvpcdbcockpit.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMT.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMTUtil.exe"= "C:\\DATEV\\PROGRAMM\\DService\\LayDBAdm.exe"= "C:\\DATEV\\PROGRAMM\\NesyMand\\NesyMand.exe"= R2 DatevPrintService;DATEV Druckservice;C:\DATEV\SYSTEM\PSNTSERV.EXE [2003-11-06 18:00] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 02:05] R2 MSSQL$DATEV_CL_DE01;MSSQL$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlservr.exe [2003-12-05 18:10] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29] R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 07:50] R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-11-24 03:00] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 02:05] S3 SQLAgent$DATEV_CL_DE01;SQLAgent$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlagent.EXE [2002-12-17 18:23] . Contents of the 'Scheduled Tasks' folder "2008-03-26 09:03:43 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-01 09:38:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-04-01 9:40:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-01 07:40:06 Pre-Run: 6,545,498,112 bytes free Post-Run: 6,477,254,656 bytes free

Profil

DEMIAN Poslao: 01 Apr 2008 17:55 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! smz ::Sad mi tek nista nije jasno u vezi mojih kompijutera i AOLa i narocito onih slicnosti sa onim drugim nickom. Pojasniću ti detaljno na PP da ne spamujemo temu bespotrebno. ------------------ Prvo pokreni HijackThis, idi na opciju "System Scan Only", zatim pronađi i štikliraj kvadratić vezan za ovu liniju ispod. F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe" Klikni na "Fix Checked". Zatvori program. Zatim otvori Notepad i iskopiraj sledeci tekst: File:: C:\WINDOWS\SETBF.tmp C:\WINDOWS\SETBC.tmp C:\WINDOWS\SETCB.tmp C:\WINDOWS\system32\sex2.ico.tmp C:\WINDOWS\system32\sex1.ico.tmp C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT C:\WINDOWS\system32\label.dll C:\WINDOWS\System32\drvnov.dll C:\WINDOWS\SYSTEM32\winugy32.dll C:\WINDOWS\SYSTEM32\winupdate.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046B22D1-C674-416D-8F9E-0C787BBCEB40}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winugy32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSDrive"=- Snimi na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ------------ Sve ovo dole ako ti nije poznato i nisi siguran da nije maliciozno pakuj u zip/rar i pošalji na upload radi analize. C:\WINDOWS\java\Packages\69ZPBNDN.ZIP C:\WINDOWS\system32\DRIVERS\avmunet.sys C:\DATEV\PROGRAMM\DService\LayDBAdm.exe C:\DATEV\PROGRAMM\NesyMand\NesyMand.exe Link za upload --> http://www.mycity.rs/ambulanta-upload.php btw. Ako zadnja 2 fajla ne nađeš po putanji probaj preko Windows Search-a. Obavesti kada završiš upolad u temi ili na PP.

Profil

smz Poslao: 02 Apr 2008 11:06 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! E sad... odradio sam sve sa Hijackom ali tog reda F3 uopste nema nije se ni pojavio a nema ni ostalog u vezi sa winupdate.exe tako da cekam da mi odgovoris sta dalje ako ovoga nema i da ti kazem da se nakon ukljucenja compa wise ne pojavljuje ono upozorenje u vezi winupdatea vec samo prozor na kome pise error loading c:/windows/system32/drvnov.dll

Profil

DEMIAN Poslao: 02 Apr 2008 18:56 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! DEMIAN :: Sve ovo dole ako ti nije poznato i nisi siguran da nije maliciozno pakuj u zip/rar i pošalji na upload radi analize. C:\WINDOWS\java\Packages\69ZPBNDN.ZIP C:\WINDOWS\system32\DRIVERS\avmunet.sys C:\DATEV\PROGRAMM\DService\LayDBAdm.exe C:\DATEV\PROGRAMM\NesyMand\NesyMand.exe Link za upload --> http://www.mycity.rs/ambulanta-upload.php btw. Ako zadnja 2 fajla ne nađeš po putanji probaj preko Windows Search-a. Obavesti kada završiš upolad u temi ili na PP. Postuj i log programa CF kako bih video šta je sve brisano a šta eventualno ne. Log ti se nalazi na putanji C:\ComboFix.txt

Profil

smz Poslao: 03 Apr 2008 12:47 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! odradio.... ComboFix 08-03-30.5 - Administrator 2008-04-03 12:22:45.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.736 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT C:\WINDOWS\SETBC.tmp C:\WINDOWS\SETBF.tmp C:\WINDOWS\SETCB.tmp C:\WINDOWS\System32\drvnov.dll C:\WINDOWS\system32\label.dll C:\WINDOWS\system32\sex1.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp C:\WINDOWS\SYSTEM32\winugy32.dll C:\WINDOWS\SYSTEM32\winupdate.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT C:\WINDOWS\SETBC.tmp C:\WINDOWS\SETBF.tmp C:\WINDOWS\SETCB.tmp C:\WINDOWS\system32\sex1.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp . ((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))) . 2008-03-27 15:29 . 2008-03-27 15:29 <DIR> d-------- C:\SKEM 2008-03-27 15:28 . 2008-03-27 15:28 <DIR> d-------- C:\Program Files\SmartDraw 2008 2008-03-27 15:20 . 2008-03-27 15:20 <DIR> d-------- C:\TANGO 2008-03-27 14:31 . 2008-03-27 14:31 <DIR> d-------- C:\Program Files\ibf 2008-03-27 14:31 . 2008-03-27 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ibf 2008-03-27 14:07 . 2008-03-27 14:07 <DIR> d-------- C:\Program Files\Hutson Systems 2008-03-27 14:06 . 2008-03-27 14:06 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-03-27 14:06 . 1997-11-19 16:49 303,616 --a------ C:\WINDOWS\IsUninst.exe 2008-03-26 11:20 . 2008-03-26 11:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-26 11:20 . 2008-03-26 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-26 11:19 . 2008-03-26 11:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-26 11:03 . 2008-03-26 11:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart 2008-03-19 11:13 . 2004-08-03 23:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2008-03-19 11:12 . 2001-08-23 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-03-19 11:11 . 2001-08-23 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-03-19 11:10 . 2004-08-04 01:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-03-19 11:07 . 2008-03-19 11:07 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-03-19 11:05 . 2001-08-23 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-03-19 10:53 . 2004-08-04 02:58 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT 2008-03-19 10:53 . 2004-08-04 02:57 1,086,058 --a--c--- C:\WINDOWS\system32\dllcache\NTPRINT.CAT 2008-03-19 10:53 . 2004-08-04 03:03 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT 2008-03-19 10:53 . 2004-08-04 02:58 502,724 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT 2008-03-18 14:01 . 2008-03-18 14:01 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-17 13:03 . 2008-03-17 13:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-03-17 11:07 . 2008-03-17 11:07 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-03-17 11:06 . 2008-03-17 11:06 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-03-17 11:05 . 2004-07-26 18:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2008-03-17 11:05 . 2004-07-26 18:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2008-03-17 11:05 . 2004-07-26 18:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2008-03-17 11:05 . 2004-07-26 18:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2008-03-17 11:05 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-03-17 11:04 . 2008-03-17 11:04 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-03-17 11:04 . 2008-03-17 11:05 <DIR> d-------- C:\Program Files\Ahead 2008-03-17 11:04 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-03-14 13:21 . 2008-03-14 13:21 <DIR> d-------- C:\Program Files\AVG 2008-03-14 13:21 . 2008-03-26 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-03-14 13:21 . 2008-03-14 13:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR 2008-03-03 10:24 . 2008-03-14 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-26 09:16 --------- d-----w C:\Program Files\i-Sound Pro 2008-03-19 09:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-03 16:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-03 06:36 --------- d-----w C:\Program Files\ESET 2008-02-25 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ElsterFormular 2008-02-25 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-25 07:46 39,993 ----a-w C:\WINDOWS\system32\msratnit.dll 2008-02-11 18:33 --------- d-----w C:\Program Files\ElsterFormular 2008-02-11 09:49 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-02-06 18:04 --------- d-----w C:\Program Files\Samsung 2008-02-06 17:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems 2008-02-06 10:24 --------- d-----w C:\Program Files\ACD Systems 2008-02-05 14:14 --------- d-----w C:\Program Files\LizardTech 2008-02-04 16:04 --------- d-----w C:\Program Files\conel 2008-02-04 15:58 --------- d-----w C:\Program Files\Borland 2008-01-03 12:20 155,995 ----a-w C:\WINDOWS\java\Packages\69ZPBNDN.ZIP . ((((((((((((((((((((((((((((( snapshot@2008-04-01_ 9.39.56.45 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-03 09:43:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:21 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 09:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-06-21 14:42 70952] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 15:34 98304] "HostManager"="C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe" [2006-09-26 02:52 50736] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe] "RegistryMechanic"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] AOL 9.0 Tray-Symbol.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-12-18 15:33:27 156784] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\aol\\1198000098\\ee\\aolsoftware.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "C:\\DATEV\\PROGRAMM\\Install\\ExecDll\\ExecDllExe.exe"= "C:\\DATEV\\PROGRAMM\\Install\\Uninstal.exe"= "C:\\DATEV\\PROGRAMM\\B0000005\\CDBTool.exe"= "C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool.exe"= C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool "C:\\DATEV\\PROGRAMM\\DBMSTool\\dvpcdbcockpit.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMT.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMTUtil.exe"= "C:\\DATEV\\PROGRAMM\\DService\\LayDBAdm.exe"= "C:\\DATEV\\PROGRAMM\\NesyMand\\NesyMand.exe"= R2 DatevPrintService;DATEV Druckservice;C:\DATEV\SYSTEM\PSNTSERV.EXE [2003-11-06 18:00] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 02:05] R2 MSSQL$DATEV_CL_DE01;MSSQL$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlservr.exe [2003-12-05 18:10] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29] R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 07:50] R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-11-24 03:00] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 02:05] S3 SQLAgent$DATEV_CL_DE01;SQLAgent$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlagent.EXE [2002-12-17 18:23] Newly Created Service - ATWPKT2 . Contents of the 'Scheduled Tasks' folder "2008-03-26 09:03:43 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-03 12:25:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-03 12:25:49 ComboFix-quarantined-files.txt 2008-04-03 10:25:47 ComboFix2.txt 2008-04-02 10:50:01 ComboFix3.txt 2008-04-01 12:07:00 ComboFix4.txt 2008-04-01 07:40:09 Pre-Run: 5,315,600,384 bytes free Post-Run: 5,305,036,800 bytes free Dopuna: 03 Apr 2008 12:47 poslao sam one cetiri stvarcice za analizu. Mislim da su zadnje dve poznate ali proveri molimte.

Profil

DEMIAN Poslao: 03 Apr 2008 16:44 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Nakon ciscenja sa AV problem winupdate.exe

Ko je trenutno na forumu

Ukupno su 1051 korisnika na forumu :: 35 registrovanih, 9 sakrivenih i 1007 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, amaterSRB, Andrija357, bojankrstc, Bokiboks, bufanje, cavatina, Centauro, debeli, Dvojac005, FOX, kubura91, kunktator, ladro, Mi lao shu, milenko crazy north, Milos ZA, mocnijogurt, moldway, MrNo, Ne doznajem se u oružje, nenad81, Nobunaga, Parker, pein, pera bager, prle122, RJ, Sirius, slonic_tonic, Srle993, tubular, Vladko, vladulns, W123

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by