MyCity » Ambulanta -> Arhiva Ambulante » hijack this log file vcrt80

hijack this log file vcrt80

Napisano na dan: 29.4.2009

hijack this log file vcrt80
Sledeća strana Pagination

Idi na vrh

Poslao: 29 Apr 2009 11:43
Idi na vrh
offline
  • aldin5 
  • Novi MyCity građanin
  • Pridružio: 29 Apr 2009
  • Poruke: 2

moze li mi neko pomoci oko ovoga. na racunaru se nakon logona pojavljuje "setting personalized settings for C:\windows\system32:vcrt80.exe"
i nakon toga dobijem vcrt80.exe failed...

u hijack this ima O4 - HKLM\..\Run: [vcrt80.dll] C:\WINDOWS\system32:vcrt80.exe

nekoliko puta sam obrisao ovo iz registrija ali se stalno vraca u system32 ne postoji ovaj dll niti igdje na racunaru ima file vcrt80.exe.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:41, on 29.04.09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmproxy.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [vcrt80.dll] C:\WINDOWS\system32:vcrt80.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} (Encrypt Class) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = meltal.ba
O17 - HKLM\Software\..\Telephony: DomainName = meltal.ba
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = meltal.ba
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = meltal.ba
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Navision Attain Application Server SADIJA-CLASSIC (SADIJA-CLASSIC) - Navision a/s - C:\Program Files\Navision Attain\Application Server\nas.exe
O23 - Service: Navision Attain Application Server SADIJA-SQL (SADIJA-SQL) - Navision a/s - C:\Program Files\Navision Attain\Application Server\nassql.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\..\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7152 bytes



Poslao: 29 Apr 2009 15:58
Idi na vrh
online
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8652
  • Gde živiš: Novi Beograd

Zdravo,

Ovako ne valja:


Klikni desno dugme misa na ikonicu programa i odaberi opciju Rename:


Zadaj mu neko bezvezno ime, recimo GH5.EXE ili TR3.EXE, ili bilo sta drugo samo da se ne spominje HijackThis:


Preimenuj, pa mi postavi novi log.



Poslao: 30 Apr 2009 14:07
Idi na vrh
offline
  • aldin5 
  • Novi MyCity građanin
  • Pridružio: 29 Apr 2009
  • Poruke: 2

uspio sam nekako izbrisati ovo sranje iz registrija, bio je kreirao neki hidden registry key pa je on zezao a trend micro je ranije obrisao ovaj file iz windows\system32

ali u svakom slucaju hvala.

MyCity » Ambulanta -> Arhiva Ambulante » hijack this log file vcrt80

Ko je trenutno na forumu
 

Ukupno su 1176 korisnika na forumu :: 135 registrovanih, 17 sakrivenih i 1024 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 357magnum, Agape, aleksmajstor, aleph_one, amaterSRB, AndrejPetar, annon, Arhiv, Arsenije, Asparagus, baltazar01, Baltimor, Belac91, blue, Bobrock1, Boris BM, boro975, Botovac, bounty hunters, Bubili, bunker, BWG, cekic, Comyymoc, Darko8, Darth Wader, DeerHunter, DENIRO, Dimitrise93, Django777, djonsule, DLazić, Dogma21, Draganeli, draganl, dule10savic, El-Komadante, ElvisP, Foxdie, Gall, Georgius, Giskard, halkin gol, Hans Gajger, havoc995, helen1, HogarStrashni, igorkozar83, ivan1973, j-22orao, jalos, Jaz, JimmyNapoli, jodzula, JosipRi, Jozo74, K a s p e r, Kajzer Soze, Kamov, Kapetan Hadok, kaput21, kljift, kokodakalo, komenski, koneks, Kozi-RS, Kubovac, kybonacci, larix, Lucky 6, macak44, MajorPaton, Malik, Marko43, Mastrum Ridkali, mercedesamg, MGBRBG, Mihajlo, mikrimaus, Miler88, Millennium, MiloradKomadic, mist-mist, Mićko, mnn2, Muki 123, Naj-Turs, nazgul75, nebidrag, Nepopravljivi, Neutral-M, nick79, paja69, Panter, pedja.st, pfc74, Pilence, precan, probisic, Pururin, Pv123, Rebel Frank, Remain, rodoljub, ruma, sasa87, savuni, Saša1989, sickmouse, Siti2, StalniPromatrač, strela, Tastatura ratnik, tecataki, tubular, Underdog9, varda, vedko, Velibor Radoja, Vica1958, vidra boy, virked, VJ, VOŽD, Vrač, xAlex2, XBMC, yrraf, Yugol33, zax22r, zeka013, zlaya011, zokizemun, zombicar153