MyCity » Ambulanta -> Arhiva Ambulante » install-privacy-danger.bat

install-privacy-danger.bat

Napisano na dan: 4.9.2008

Strana:
1
2

install-privacy-danger.bat

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Slaven980 Poslao: 04 Sep 2008 17:53 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:49:35, on 4.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\WINDOWS\system32\svchost.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Vitez\Desktop\1234\1234.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122308 serial=DR12WEX-1504397-kty lang=EN O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: dgksvbpn - {4FC0694A-1A06-4604-A6B9-1805385625C9} - C:\WINDOWS\dgksvbpn.dll (file missing) O21 - SSODL: xrdwbfgn - {8996201D-5AA7-4E1F-80D4-90364CC9311A} - C:\WINDOWS\xrdwbfgn.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O24 - Desktop Component 0: (no name) - sarah-connor.com/fileadmin/layout/imgs/butt_close.png O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 5662 bytes Dakle ovako... dva dana me nema na poslu i vidi sta se desilo... napao me programcic install-privacy-danger.bat Avast ne pomaze, da li mozete vi? unapred hvala Slaven

Profil

bobby Poslao: 04 Sep 2008 17:57 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Slaven980 Poslao: 04 Sep 2008 18:39 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-03.06 - Vitez 2008-09-04 18:28:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.694 [GMT 2:00] Running from: C:\Documents and Settings\Vitez\Desktop\1234\4321.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\elbf.exe C:\WINDOWS\system32\install.exe C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssservers.dat C:\WINDOWS\xrdwbfgn.dll . ((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 ))))))))))))))))))))))))))))))) . 2008-09-04 14:53 . 2008-09-04 12:06 86,016 --a------ C:\WINDOWS\sxmaokgf.exe 2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\Program Files\MSECache 2008-08-25 13:01 . 2008-08-25 13:01 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-25 00:33 . 2008-08-25 00:33 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Corel 2008-08-24 14:15 . 2008-08-30 15:21 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-23 12:01 . 2008-08-23 12:01 <DIR> d-------- C:\Program Files\Common Files\ABBYY 2008-08-23 12:00 . 2008-08-23 12:06 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0 2008-08-23 11:57 . 2008-08-23 11:57 <DIR> d-------- C:\temp\FR90PE 2008-08-23 11:57 . 2008-08-23 11:57 <DIR> d-------- C:\temp 2008-08-22 17:51 . 2008-08-22 17:51 <DIR> d-------- C:\Program Files\uTorrent 2008-08-22 17:51 . 2008-09-04 13:03 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\uTorrent 2008-08-22 15:43 . 2008-08-22 15:43 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Share-to-Web Upload Folder 2008-08-22 15:43 . 2004-10-08 03:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-08-22 15:41 . 2008-08-22 15:49 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-08-22 15:41 . 2008-08-22 15:41 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-08-22 15:39 . 2008-08-22 15:40 <DIR> d-------- C:\col4309 2008-08-20 13:29 . 2008-08-20 13:29 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\ABBYY 2008-08-20 13:28 . 2008-08-23 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY 2008-08-20 12:52 . 2008-08-20 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-19 18:56 . 2008-08-19 18:56 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-19 15:51 . 2008-08-19 15:51 <DIR> d-------- C:\Program Files\Microsoft 2008-08-19 13:29 . 2008-08-19 13:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-08-19 12:49 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys 2008-08-19 12:46 . 2004-04-20 01:42 602,880 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys 2008-08-19 12:46 . 2002-04-01 23:15 4,816 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys 2008-08-19 12:46 . 2003-04-08 20:30 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys 2008-08-19 12:45 . 2001-08-17 13:51 5,248 --a------ C:\WINDOWS\system32\drivers\aliide.sys 2008-08-19 12:45 . 2001-08-17 13:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys 2008-08-18 17:31 . 2008-08-18 17:31 <DIR> d-------- C:\Program Files\Corel 2008-08-18 17:31 . 2008-08-18 17:31 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-18 16:43 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-18 16:35 . 2008-08-18 16:35 <DIR> d-------- C:\Program Files\WhereIsIt 2008-08-18 15:40 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2008-08-18 15:40 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-08-18 15:40 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-08-18 15:40 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-08-18 15:39 . 2008-08-18 15:39 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-08-18 15:39 . 2008-08-18 15:40 <DIR> d-------- C:\Program Files\Ahead 2008-08-18 15:39 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-08-18 15:39 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-08-18 15:39 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-08-18 15:39 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-08-18 15:39 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-08-18 15:34 . 2008-08-18 15:34 <DIR> d-------- C:\Program Files\Yahoo! 2008-08-18 15:05 . 2008-08-18 15:05 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Thunderbird 2008-08-18 15:05 . 2008-08-18 15:05 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-18 15:01 . 2008-09-04 13:03 <DIR> d-------- C:\Program Files\Mozilla Thunderbird 2008-08-18 14:46 . 2008-08-18 14:46 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmpFECB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmpC6DB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp9DDB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp5FBB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp4AEB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp12FB0.FOT 2008-08-18 13:54 . 2008-09-04 17:19 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\skypePM 2008-08-18 13:54 . 2008-08-18 13:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-08-18 13:52 . 2008-09-04 18:30 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Skype 2008-08-18 13:51 . 2008-08-18 13:52 <DIR> d-------- C:\Program Files\Skype 2008-08-18 13:51 . 2008-08-18 13:51 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-08-18 13:51 . 2008-08-18 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-08-18 13:46 . 2008-08-18 14:02 230 --a------ C:\WINDOWS\wcx_ftp.ini 2008-08-18 13:45 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-18 13:45 . 2008-08-18 13:45 376 --a------ C:\WINDOWS\ODBC.INI 2008-08-18 13:44 . 2008-08-18 13:44 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-08-18 13:43 . 2008-08-18 13:44 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-18 13:43 . 2008-08-18 13:43 <DIR> d-------- C:\totalcmd 2008-08-18 13:43 . 2008-08-18 13:43 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-08-18 13:43 . 2008-09-04 17:48 4,838 --a------ C:\WINDOWS\wincmd.ini 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF 2008-08-18 13:41 . 2008-08-18 13:41 <DIR> dr-h----- C:\MSOCache 2008-08-16 16:22 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-08-16 16:22 . 2004-05-10 08:52 172,032 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-08-16 16:22 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-16 16:22 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe 2008-08-16 16:22 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe 2008-08-16 16:22 . 2004-03-21 02:30 2,509 --a------ C:\WINDOWS\system32\nvnrm.nvu 2008-08-16 16:22 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu 2008-08-16 16:22 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-08-16 16:22 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu 2008-08-16 13:24 . 2008-08-16 13:24 635 --a------ C:\WINDOWS\Rtcw.INI 2008-08-16 11:04 . 2008-04-14 02:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-08-16 11:03 . 2008-04-14 02:11 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2008-08-16 10:57 . 2008-08-16 10:57 0 --a------ C:\WINDOWS\PowerReg.dat 2008-08-16 00:25 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-11 18:41 . 2008-08-11 18:41 <DIR> d---s---- C:\Documents and Settings\Vitez\UserData 2008-08-11 18:39 . 2008-08-11 18:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-08-11 18:35 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmpD4779.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmpC7779.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp51679.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp37679.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp1A679.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp0F679.FOT 2008-08-11 17:49 . 2008-08-11 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision 2008-08-11 17:33 . 2008-08-11 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-08-11 17:27 . 2008-08-11 17:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-08-11 17:20 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-11 17:20 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-11 17:14 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-08-11 17:10 . 2008-08-19 12:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-11 17:10 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-11 17:06 . 2008-08-11 17:06 103 --a------ C:\WINDOWS\system32\hptrace.ini 2008-08-11 17:05 . 2008-08-11 17:07 18,563 --a------ C:\WINDOWS\hplj1010.his 2008-08-11 17:05 . 2008-08-11 17:07 3,773 --a------ C:\WINDOWS\hplj1010.ini 2008-08-11 16:58 . 2004-02-09 13:06 15,360 --a------ C:\WINDOWS\system32\drivers\NetMotCM.sys 2008-08-11 16:55 . 2008-08-11 16:55 <DIR> d-------- C:\Program Files\Managed DirectX (0900) 2008-08-11 16:51 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys 2008-08-11 16:46 . 2004-02-09 18:38 14,225,408 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL 2008-08-11 16:45 . 2008-08-20 11:13 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\ATI 2008-08-11 16:41 . 2008-08-11 16:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-08-11 16:39 . 2008-08-18 17:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-08-11 16:39 . 2008-08-11 18:06 <DIR> d-------- C:\Program Files\ATI Technologies 2008-08-11 16:39 . 2005-05-03 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-08-11 16:38 . 2008-08-18 17:31 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-08-11 16:38 . 2008-08-11 16:38 <DIR> d-------- C:\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-11 13:50 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 32768] "Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-11 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-04 32768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 44928] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-02-21 83596] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-02-21 5331] R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Vitez\Desktop\New Folder\kerneld.wnt [2005-08-18 7168] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\npeuinst.exe Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-FineReader7NewsReaderPro - C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe MSConfigStartUp-zzzHPSETUP - I:\Setup.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Vitez\Application Data\Mozilla\Firefox\Profiles\npkc0gzo.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-04 18:30:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Documents and Settings\Vitez\Desktop\New Folder\kerneld.wnt" . Completion time: 2008-09-04 18:31:15 ComboFix-quarantined-files.txt 2008-09-04 16:31:11 Pre-Run: 8,496,488,448 bytes free Post-Run: 8,530,612,224 bytes free 227 --- E O F --- 2008-08-23 17:23:09 done!

Profil

bobby Poslao: 04 Sep 2008 21:42 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prvo uradi backup svih vaznijih podataka sa kompa, posto postoji mala mogucnost da stvari krenu naopako. Zakacio si prilicno nezgodnu infekciju. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\sxmaokgf.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Slaven980 Poslao: 05 Sep 2008 12:38 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-04.08 - Vitez 2008-09-05 12:32:59.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.584 [GMT 2:00] Running from: C:\Documents and Settings\Vitez\Desktop\1234\4321.exe Command switches used :: C:\Documents and Settings\Vitez\Desktop\1234\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\sxmaokgf.exe . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-08-25 17:57 . 2008-08-25 17:57 <DIR> d-------- C:\Program Files\MSECache 2008-08-25 13:01 . 2008-08-25 13:01 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-25 00:33 . 2008-08-25 00:33 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Corel 2008-08-24 14:15 . 2008-08-30 15:21 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-23 12:01 . 2008-08-23 12:01 <DIR> d-------- C:\Program Files\Common Files\ABBYY 2008-08-23 12:00 . 2008-08-23 12:06 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0 2008-08-23 11:57 . 2008-08-23 11:57 <DIR> d-------- C:\temp\FR90PE 2008-08-23 11:57 . 2008-08-23 11:57 <DIR> d-------- C:\temp 2008-08-22 17:51 . 2008-08-22 17:51 <DIR> d-------- C:\Program Files\uTorrent 2008-08-22 17:51 . 2008-09-04 13:03 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\uTorrent 2008-08-22 15:43 . 2008-08-22 15:43 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Share-to-Web Upload Folder 2008-08-22 15:43 . 2004-10-08 03:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-08-22 15:41 . 2008-08-22 15:49 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-08-22 15:41 . 2008-08-22 15:41 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-08-22 15:39 . 2008-08-22 15:40 <DIR> d-------- C:\col4309 2008-08-20 13:29 . 2008-08-20 13:29 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\ABBYY 2008-08-20 13:28 . 2008-08-23 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY 2008-08-20 12:52 . 2008-08-20 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-19 18:56 . 2008-08-19 18:56 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-19 15:51 . 2008-08-19 15:51 <DIR> d-------- C:\Program Files\Microsoft 2008-08-19 13:29 . 2008-08-19 13:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-08-19 12:49 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys 2008-08-19 12:46 . 2004-04-20 01:42 602,880 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys 2008-08-19 12:46 . 2002-04-01 23:15 4,816 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys 2008-08-19 12:46 . 2003-04-08 20:30 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys 2008-08-19 12:45 . 2001-08-17 13:51 5,248 --a------ C:\WINDOWS\system32\drivers\aliide.sys 2008-08-19 12:45 . 2001-08-17 13:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys 2008-08-18 17:31 . 2008-08-18 17:31 <DIR> d-------- C:\Program Files\Corel 2008-08-18 17:31 . 2008-08-18 17:31 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-18 16:45 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-18 16:43 . 2008-08-18 16:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-18 16:35 . 2008-08-18 16:35 <DIR> d-------- C:\Program Files\WhereIsIt 2008-08-18 15:40 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2008-08-18 15:40 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-08-18 15:40 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-08-18 15:40 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-08-18 15:39 . 2008-08-18 15:39 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-08-18 15:39 . 2008-08-18 15:40 <DIR> d-------- C:\Program Files\Ahead 2008-08-18 15:39 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-08-18 15:39 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-08-18 15:39 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-08-18 15:39 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-08-18 15:39 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-08-18 15:34 . 2008-08-18 15:34 <DIR> d-------- C:\Program Files\Yahoo! 2008-08-18 15:05 . 2008-08-18 15:05 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Thunderbird 2008-08-18 15:05 . 2008-08-18 15:05 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-18 15:01 . 2008-09-04 13:03 <DIR> d-------- C:\Program Files\Mozilla Thunderbird 2008-08-18 14:46 . 2008-08-18 14:46 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmpFECB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmpC6DB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp9DDB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp5FBB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp4AEB0.FOT 2008-08-18 14:08 . 2008-08-18 14:08 1,409 --a------ C:\WINDOWS\system32\tmp12FB0.FOT 2008-08-18 13:54 . 2008-09-05 12:27 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\skypePM 2008-08-18 13:54 . 2008-08-18 13:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-08-18 13:52 . 2008-09-05 12:27 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\Skype 2008-08-18 13:51 . 2008-08-18 13:52 <DIR> d-------- C:\Program Files\Skype 2008-08-18 13:51 . 2008-08-18 13:51 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-08-18 13:51 . 2008-08-18 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-08-18 13:46 . 2008-08-18 14:02 230 --a------ C:\WINDOWS\wcx_ftp.ini 2008-08-18 13:45 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-18 13:45 . 2008-08-18 13:45 376 --a------ C:\WINDOWS\ODBC.INI 2008-08-18 13:44 . 2008-08-18 13:44 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-08-18 13:43 . 2008-08-18 13:44 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-18 13:43 . 2008-08-18 13:43 <DIR> d-------- C:\totalcmd 2008-08-18 13:43 . 2008-08-18 13:43 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-08-18 13:43 . 2008-09-04 19:21 4,043 --a------ C:\WINDOWS\wincmd.ini 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-08-18 13:43 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF 2008-08-18 13:41 . 2008-08-18 13:41 <DIR> dr-h----- C:\MSOCache 2008-08-16 16:22 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-08-16 16:22 . 2004-05-10 08:52 172,032 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-08-16 16:22 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-16 16:22 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe 2008-08-16 16:22 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe 2008-08-16 16:22 . 2004-03-21 02:30 2,509 --a------ C:\WINDOWS\system32\nvnrm.nvu 2008-08-16 16:22 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu 2008-08-16 16:22 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-08-16 16:22 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu 2008-08-16 13:24 . 2008-08-16 13:24 635 --a------ C:\WINDOWS\Rtcw.INI 2008-08-16 11:04 . 2008-04-14 02:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-08-16 11:03 . 2008-04-14 02:11 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2008-08-16 10:57 . 2008-08-16 10:57 0 --a------ C:\WINDOWS\PowerReg.dat 2008-08-16 00:25 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-11 18:41 . 2008-08-11 18:41 <DIR> d---s---- C:\Documents and Settings\Vitez\UserData 2008-08-11 18:39 . 2008-08-11 18:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-08-11 18:35 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmpD4779.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmpC7779.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp51679.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp37679.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp1A679.FOT 2008-08-11 17:54 . 2008-08-11 17:54 1,409 --a------ C:\WINDOWS\system32\tmp0F679.FOT 2008-08-11 17:49 . 2008-08-11 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision 2008-08-11 17:33 . 2008-08-11 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-08-11 17:27 . 2008-08-11 17:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-08-11 17:20 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-11 17:20 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-11 17:14 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-08-11 17:10 . 2008-08-19 12:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-11 17:10 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-11 17:06 . 2008-08-11 17:06 103 --a------ C:\WINDOWS\system32\hptrace.ini 2008-08-11 17:05 . 2008-08-11 17:07 18,563 --a------ C:\WINDOWS\hplj1010.his 2008-08-11 17:05 . 2008-08-11 17:07 3,773 --a------ C:\WINDOWS\hplj1010.ini 2008-08-11 16:58 . 2004-02-09 13:06 15,360 --a------ C:\WINDOWS\system32\drivers\NetMotCM.sys 2008-08-11 16:55 . 2008-08-11 16:55 <DIR> d-------- C:\Program Files\Managed DirectX (0900) 2008-08-11 16:51 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys 2008-08-11 16:46 . 2004-02-09 18:38 14,225,408 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL 2008-08-11 16:45 . 2008-08-20 11:13 <DIR> d-------- C:\Documents and Settings\Vitez\Application Data\ATI 2008-08-11 16:41 . 2008-08-11 16:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-08-11 16:39 . 2008-08-18 17:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-08-11 16:39 . 2008-08-11 18:06 <DIR> d-------- C:\Program Files\ATI Technologies 2008-08-11 16:39 . 2005-05-03 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-08-11 16:38 . 2008-08-18 17:31 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-08-11 16:38 . 2008-08-11 16:38 <DIR> d-------- C:\ATI 2008-08-11 16:35 . 2008-08-11 16:35 <DIR> d-------- C:\Documents and Settings\Vitez\WINDOWS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-11 13:50 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-04_18.30.53.17 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-04 15:22:56 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-05 10:31:42 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-09-04 15:22:56 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-05 10:31:42 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-05 10:27:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_13c.dat + 2008-09-05 10:27:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ab4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 32768] "Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-11 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-04 32768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 44928] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-02-21 83596] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-02-21 5331] R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Vitez\Desktop\New Folder\kerneld.wnt [2005-08-18 7168] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\npeuinst.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-05 12:34:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Documents and Settings\Vitez\Desktop\New Folder\kerneld.wnt" . Completion time: 2008-09-05 12:35:08 ComboFix-quarantined-files.txt 2008-09-05 10:35:05 ComboFix2.txt 2008-09-04 16:31:15 Pre-Run: 8,768,249,856 bytes free Post-Run: 8,755,625,984 bytes free 223 --- E O F --- 2008-08-23 17:23:09 ajmo dalje

Profil

bobby Poslao: 05 Sep 2008 17:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Meni ovo sada izgleda OK. Kakva je situacija sada sa kompom? Ima li jos nekih vidljivih simptoma? Dopuna: 05 Sep 2008 17:23 Izvini, zaboravio sam nesto. Daj mi svez HijackThis log, treba nesto proveriti.

Profil

Slaven980 Poslao: 05 Sep 2008 17:28 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:25:37, on 5.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Adobe InDesign CS2\InDesign.exe C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\Vitez\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Adobe\Photoshop CS\Photoshop.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Vitez\Desktop\1234\1234.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122308 serial=DR12WEX-1504397-kty lang=EN O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O24 - Desktop Component 0: (no name) - sarah-connor.com/fileadmin/layout/imgs/butt_close.png -- End of file - 5660 bytes evo log Nema nikakvih simptoma... nista se nije desilo (a reko si da ce biti cupavo)

Profil

bobby Poslao: 05 Sep 2008 17:39 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:nista se nije desilo (a reko si da ce biti cupavo) Nemoj prizeljkivati nevolju Znam da su ljudi imali zescih problema sa ovom infekcijom, zato sam napomenuo ono gore. Ostalo nam je da uradimo sledece: - skeniraj ponovo HJT-om (ne treba mi log) - stikliraj polje ispred sledece linije Citat:O24 - Desktop Component 0: (no name) - http://www.sarah-connor.com/fileadmin/layout/imgs/butt_close.png - klikni Fix Checked Nakon toga uradi deinstalaciju ComboFixa: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

Slaven980 Poslao: 05 Sep 2008 17:46 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! all done... thanks... PS... da li je nesto od ovoga moglo da se rasiri LANom? zaboravio sam spomenuti da imam i LAN kako mogu da se oduzim... ja sam graf. dizajner, pa ako ti nesto treba...

Profil

bobby Poslao: 05 Sep 2008 17:49 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Slaven980 ::PS... da li je nesto od ovoga moglo da se rasiri LANom? zaboravio sam spomenuti da imam i LAN Daj mi ComboFix log sa jos nekog od racunara s te mreze, pa cemo da vidimo. Mislim da se ovo siri putem sajtova, ali niko ne moze biti 100% siguran. Hvala za ponudu, javicu se ako zatreba neki logo ili nesto slicno

Profil

MyCity » Ambulanta -> Arhiva Ambulante » install-privacy-danger.bat

Ko je trenutno na forumu

Ukupno su 890 korisnika na forumu :: 12 registrovanih, 1 sakriven i 877 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Dimitrije Paunovic, gorican, goxin, Kriglord, Kristian_KG, mikki jons, Ognjen D., simazr, Sir Budimir, sovanova95, stalja, Valter071

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by