MyCity » Ambulanta -> Arhiva Ambulante » Gadna infekcija...

Gadna infekcija...

Napisano na dan: 20.4.2008

Strana:
1
2

Gadna infekcija...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Boske_KG Poslao: 20 Apr 2008 12:38 Idi na vrh
offline Boske_KG Ugledni građanin Tomica Komitet za bezbednost saobraćaja Pridružio: 22 Jun 2006 Poruke: 430 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vrlo cesto mi iskacu razni prozori koji mi govore da je moj racunar inficiran i koji mi nude neka resenja za to.To je verovatno Vundo,ali ipak sam odlucio da se obratim vama -> Logfile of HijackThis v1.99.1 Scan saved at 12:27, on 2008-04-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\www\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\www\mysql\bin\mysqld-max-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\www\Apache2\bin\apache.exe C:\Documents and Settings\All Users\Application Data\cjuxuhiz\uxwjibwd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\fkzelypw.exe C:\Program Files\X-Micro\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC-Cleaner\PC-Cleaner.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\uTorrent\utorrent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Petrovic Tomica\Desktop\New Folder\tr3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: qtvglped - {65C76A0A-B5A4-4170-8F62-947A0145677C} - C:\WINDOWS\qtvglped.dll O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [fbblfbtu] C:\WINDOWS\system32\kvudwrqn.exe O4 - HKCU\..\Run: [icnsbmoc] C:\WINDOWS\system32\fkzelypw.exe O4 - HKCU\..\Run: [fcamnwpv] C:\WINDOWS\system32\hchgbgdm.exe O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\X-Micro\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\X-Micro\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\X-Micro\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: lJAPIaaY - lJAPIaaY.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: ComponentUnknown - {beb7278a-ce3c-4643-a6aa-d3d0958a92d1} - (no file) O23 - Service: Apache2 - Unknown owner - C:\www\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\X-Micro\Bluetooth Software\bin\btwdins.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\www\mysql\bin\mysqld-max-nt.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

Profil

DEMIAN Poslao: 20 Apr 2008 12:49 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz, Blizu si.. Nije Vundo već SmitFraud infekcija. ------- 1) Preuzmi program SmitFraudFix sa ovog linka. 2.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ] 3.) Pronađi i dvoklikom pokreni fajl Smitfraudfix.exe. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pritisni bilo koje dugme na tastaturi za prelazak na sledeći nivo. 4.) 5.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. 6.) Biće ti postavljeno pitanje: "Registry cleaning - Do you want to clean the registry ?" odgovori "Yes" kucajući Y (i potvrdi sa Enter) 7.) Program će takođe proveriti da li je wininet.dll inficiran. Ukoliko jeste, bićeš upitan(a) oko zamene wininet.dll. Odgovori "Yes" na pitanje "Replace infected file ?" kucajući Y (i potvrdi sa Enter) Nakon što SmitFraudFix završi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svež HJT log.

Profil

Boske_KG Poslao: 20 Apr 2008 13:25 Idi na vrh
offline Boske_KG Ugledni građanin Tomica Komitet za bezbednost saobraćaja Pridružio: 22 Jun 2006 Poruke: 430 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SmitFraudFix v2.315 Scan done at 13:05:00.70, 2008-04-20 Run from C:\Documents and Settings\Petrovic Tomica\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri C:\WINDOWS\qtvglped.dll deleted. »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Scientific-Atlanta WebSTAR 2000 series Cable Modem #2 - Packet Scheduler Miniport DNS Server Search Order: 82.117.194.2 DNS Server Search Order: 82.117.194.3 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6F64E83C-C9FA-4F25-9A18-473EC6C1E9CB}: DhcpNameServer=82.117.194.2 82.117.194.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6F64E83C-C9FA-4F25-9A18-473EC6C1E9CB}: DhcpNameServer=82.117.194.2 82.117.194.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6F64E83C-C9FA-4F25-9A18-473EC6C1E9CB}: DhcpNameServer=82.117.194.2 82.117.194.3 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.117.194.2 82.117.194.3 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.117.194.2 82.117.194.3 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.117.194.2 82.117.194.3 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 13:22, on 2008-04-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\www\Apache2\bin\apache.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\www\mysql\bin\mysqld-max-nt.exe C:\Documents and Settings\All Users\Application Data\cjuxuhiz\uxwjibwd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\kvudwrqn.exe C:\Program Files\PC-Cleaner\PC-Cleaner.exe C:\Program Files\X-Micro\Bluetooth Software\BTTray.exe C:\www\Apache2\bin\apache.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Petrovic Tomica\Desktop\New Folder\tr3.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [fbblfbtu] C:\WINDOWS\system32\kvudwrqn.exe O4 - HKCU\..\Run: [icnsbmoc] C:\WINDOWS\system32\fkzelypw.exe O4 - HKCU\..\Run: [fcamnwpv] C:\WINDOWS\system32\hchgbgdm.exe O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\X-Micro\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\X-Micro\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\X-Micro\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: lJAPIaaY - lJAPIaaY.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: ComponentUnknown - {beb7278a-ce3c-4643-a6aa-d3d0958a92d1} - (no file) O23 - Service: Apache2 - Unknown owner - C:\www\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\X-Micro\Bluetooth Software\bin\btwdins.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\www\mysql\bin\mysqld-max-nt.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

Profil

DEMIAN Poslao: 20 Apr 2008 13:33 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Boske_KG Poslao: 20 Apr 2008 14:03 Idi na vrh
offline Boske_KG Ugledni građanin Tomica Komitet za bezbednost saobraćaja Pridružio: 22 Jun 2006 Poruke: 430 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-18.3 - Petrovic Tomica 2008-04-20 13:43:12.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.53 [GMT 2:00] Running from: C:\Documents and Settings\Petrovic Tomica\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\PC-Cleaner C:\Program Files\PC-Cleaner\com\pcsd.dll C:\Program Files\PC-Cleaner\PC-Cleaner.db C:\Program Files\PC-Cleaner\PC-Cleaner.exe C:\Program Files\PC-Cleaner\pccleaner.pkg C:\Program Files\PC-Cleaner\program.info C:\Program Files\PC-Cleaner\Uninstall.exe . ---- Previous Run ------- . C:\Documents and Settings\Petrovic Tomica\Desktopblackbird.jpg C:\Documents and Settings\Petrovic Tomica\DesktopEditorFKWP1.5.exe C:\Documents and Settings\Petrovic Tomica\DesktopEditorFKWP2.0.exe C:\Documents and Settings\Petrovic Tomica\Desktopfilemanagerclient.exe C:\Documents and Settings\Petrovic Tomica\Desktopfkwp1.5.exe C:\Documents and Settings\Petrovic Tomica\Desktopfkwp2.0.exe C:\Documents and Settings\Petrovic Tomica\Desktopfwebd.exe C:\Documents and Settings\Petrovic Tomica\DesktopFWebdEditor.exe C:\Documents and Settings\Petrovic Tomica\DesktopTrojan.Win32.BlackBird.exe C:\Documents and Settings\Petrovic Tomica\Desktopvirii C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.exe C:\Program Files\antiviirus.exe C:\Program Files\bho.exe C:\Program Files\Inet Delivery C:\Program Files\Inet Delivery\inetdl.exe C:\Program Files\Inet Delivery\intdel.exe C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\resources\ComponentUnknown.dll C:\WINDOWS\resources\DriveWin.dll C:\WINDOWS\resources\DrvSetup.dll C:\WINDOWS\resources\RomKbd.dll C:\WINDOWS\system32\bIjklkkj.ini C:\WINDOWS\system32\bIjklkkj.ini2 C:\WINDOWS\system32\fCRLcdEv.dll C:\WINDOWS\system32\iptrjcck.dll C:\WINDOWS\system32\jkklkjIb.dll C:\WINDOWS\system32\kccjrtpi.ini C:\WINDOWS\system32\lJAPIaaY.dll C:\WINDOWS\system32\qOiJbXQK.dll C:\WINDOWS\system32akttzn.exe C:\WINDOWS\system32anticipator.dll C:\WINDOWS\system32awtoolb.dll C:\WINDOWS\system32bdn.com C:\WINDOWS\system32bsva-egihsg52.exe C:\WINDOWS\system32dpcproxy.exe C:\WINDOWS\system32emesx.dll C:\WINDOWS\system32h@tkeysh@@k.dll C:\WINDOWS\system32hoproxy.dll C:\WINDOWS\system32hxiwlgpm.dat C:\WINDOWS\system32hxiwlgpm.exe C:\WINDOWS\system32medup012.dll C:\WINDOWS\system32medup020.dll C:\WINDOWS\system32msgp.exe C:\WINDOWS\system32msnbho.dll C:\WINDOWS\system32mssecu.exe C:\WINDOWS\system32msvchost.exe C:\WINDOWS\system32mtr2.exe C:\WINDOWS\system32mwin32.exe C:\WINDOWS\system32netode.exe C:\WINDOWS\system32newsd32.exe C:\WINDOWS\system32ps1.exe C:\WINDOWS\system32psof1.exe C:\WINDOWS\system32psoft1.exe C:\WINDOWS\system32regc64.dll C:\WINDOWS\system32regm64.dll C:\WINDOWS\system32Rundl1.exe C:\WINDOWS\system32smp C:\WINDOWS\system32smp\msrc.exe C:\WINDOWS\system32sncntr.exe C:\WINDOWS\system32ssurf022.dll C:\WINDOWS\system32ssvchost.com C:\WINDOWS\system32ssvchost.exe C:\WINDOWS\system32sysreq.exe C:\WINDOWS\system32taack.dat C:\WINDOWS\system32taack.exe C:\WINDOWS\system32temp#01.exe C:\WINDOWS\system32thun.dll C:\WINDOWS\system32thun32.dll C:\WINDOWS\system32VBIEWER.OCX C:\WINDOWS\system32vbsys2.dll C:\WINDOWS\system32vcatchpi.dll C:\WINDOWS\system32winlogonpc.exe C:\WINDOWS\system32winsystem.exe C:\WINDOWS\system32WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\Web\def.htm C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp ----- BITS: Possible infected sites ----- hxxp://77.91.228.186 . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 13:05 . 2008-04-20 13:05 2,248 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-19 03:54 . 2008-04-19 03:54 <DIR> d-------- C:\Documents and Settings\Petrovic Tomica\Application Data\PC-Cleaner 2008-04-19 03:53 . 2008-04-19 03:53 106,496 --a------ C:\WINDOWS\system32\hchgbgdm.exe 2008-04-18 10:51 . 2008-04-18 10:51 102,400 --a------ C:\WINDOWS\system32\fkzelypw.exe 2008-04-18 10:42 . 2008-04-18 10:18 266,240 --a------ C:\WINDOWS\omlbpkaw.dll 2008-04-18 10:42 . 2008-04-18 10:18 258,048 --a------ C:\WINDOWS\lgmxvpatwxm.dll 2008-04-18 10:42 . 2008-04-18 10:18 225,280 --a------ C:\WINDOWS\pmsoarbf.dll 2008-04-18 10:42 . 2008-04-18 10:18 106,496 --a------ C:\WINDOWS\npqtsrak.exe 2008-04-18 10:42 . 2008-04-18 10:18 81,920 --a------ C:\WINDOWS\rtqmekwg.exe 2008-04-18 10:28 . 2008-04-18 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cjuxuhiz 2008-04-18 10:28 . 2008-04-18 10:28 102,400 --a------ C:\WINDOWS\system32\kvudwrqn.exe 2008-04-17 12:47 . 2008-04-17 12:47 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-04-16 23:06 . 2008-04-20 13:42 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-04-16 13:31 . 2008-04-16 13:31 <DIR> d-------- C:\Program Files\Microsoft 2008-04-15 17:34 . 2008-04-15 17:34 19,968 --a------ C:\tanja nemacki.doc 2008-04-14 00:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-14 00:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-14 00:05 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-13 22:20 . 2008-04-14 00:39 2,756 --a------ C:\configuration.php 2008-04-13 22:05 . 2008-04-13 22:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-13 22:04 . 2008-04-13 22:04 <DIR> d-------- C:\Program Files\Windows Live 2008-04-13 22:04 . 2008-04-13 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-12 14:12 . 2008-04-12 14:12 <DIR> d-------- C:\Program Files\Opsenarijum 2008-04-12 03:03 . 2008-04-12 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-04-11 14:25 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-04-09 19:42 . 2008-04-09 20:36 51,576,832 --a------ C:\dump_dvd.vob 2008-04-06 17:48 . 2008-04-06 17:47 762,348 --a------ C:\SWScan00038.jpg 2008-04-06 10:52 . 2008-04-06 10:52 268 --ah----- C:\sqmdata07.sqm 2008-04-06 10:52 . 2008-04-06 10:52 244 --ah----- C:\sqmnoopt07.sqm 2008-04-06 00:24 . 2008-04-06 00:24 268 --ah----- C:\sqmdata06.sqm 2008-04-06 00:24 . 2008-04-06 00:24 244 --ah----- C:\sqmnoopt06.sqm 2008-04-04 22:57 . 2008-04-04 22:57 268 --ah----- C:\sqmdata05.sqm 2008-04-04 22:57 . 2008-04-04 22:57 244 --ah----- C:\sqmnoopt05.sqm 2008-04-04 11:29 . 2008-04-04 11:29 268 --ah----- C:\sqmdata04.sqm 2008-04-04 11:29 . 2008-04-04 11:29 244 --ah----- C:\sqmnoopt04.sqm 2008-04-03 22:56 . 2008-04-03 22:56 268 --ah----- C:\sqmdata03.sqm 2008-04-03 22:56 . 2008-04-03 22:56 244 --ah----- C:\sqmnoopt03.sqm 2008-04-03 11:08 . 2008-04-03 11:08 268 --ah----- C:\sqmdata02.sqm 2008-04-03 11:08 . 2008-04-03 11:08 244 --ah----- C:\sqmnoopt02.sqm 2008-04-02 16:10 . 2008-04-02 16:10 268 --ah----- C:\sqmdata01.sqm 2008-04-02 16:10 . 2008-04-02 16:10 244 --ah----- C:\sqmnoopt01.sqm 2008-04-02 11:15 . 2008-04-02 11:15 268 --ah----- C:\sqmdata00.sqm 2008-04-02 11:15 . 2008-04-02 11:15 244 --ah----- C:\sqmnoopt00.sqm 2008-03-29 18:17 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2008-03-29 18:17 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax 2008-03-29 18:17 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2008-03-29 18:16 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2008-03-29 18:16 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2008-03-29 18:16 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv 2008-03-29 18:16 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2008-03-29 18:16 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd 2008-03-29 18:16 . 2008-03-29 18:16 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2008-03-29 18:16 . 2008-03-29 18:16 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2008-03-29 18:11 . 2008-03-29 18:11 <DIR> d-------- C:\Program Files\JoWooD 2008-03-29 18:11 . 2008-04-09 15:35 144 --a------ C:\htsetup.err 2008-03-28 07:49 . 2003-09-24 10:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-03-28 07:49 . 2003-09-24 10:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-03-28 07:49 . 2003-09-24 10:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-03-27 18:48 . 2008-03-27 18:48 <DIR> d-------- C:\Program Files\HP 2008-03-27 18:48 . 2008-03-27 18:48 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-03-27 18:47 . 2008-03-27 18:52 220,285 --a------ C:\WINDOWS\hpdj3500.his 2008-03-27 18:47 . 2008-03-27 18:52 10,390 --a------ C:\WINDOWS\hpdj3500.ini 2008-03-27 18:45 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-03-27 18:45 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-03-27 17:25 . 2005-05-31 15:06 44,163 --a------ C:\WINDOWS\system32\drivers\btwhid.sys 2008-03-27 17:25 . 2005-05-31 15:10 17,516 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys 2008-03-22 14:57 . 2008-03-22 14:57 <DIR> d-------- C:\Program Files\Corel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 11:51 1,005,856 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-20 11:49 98,456 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-20 11:49 250,052 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-20 11:49 19,613,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-20 11:49 --------- d-----w C:\Documents and Settings\Petrovic Tomica\Application Data\uTorrent 2008-04-19 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-19 01:03 --------- d-----w C:\Program Files\ArtIcons Pro 2008-04-19 00:30 --------- d-----w C:\Program Files\123 Flash Menu 2008-04-17 10:48 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-04-11 19:50 --------- d-----w C:\Program Files\Red Devils Script 2008-04-11 14:57 --------- d-----w C:\Program Files\Total Commander 7.01 2008-03-29 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 16:09 --------- d-----w C:\Program Files\Total Video Converter 2008-03-22 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cabela's Trophy Bucks Saves 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-15 18:05 --------- d-----w C:\Program Files\IconUtils 2008-03-12 18:41 --------- d-----w C:\Program Files\Java 2008-03-12 18:40 --------- d-----w C:\Program Files\Common Files\Java 2008-03-12 18:09 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-03-11 14:47 --------- d-----w C:\Program Files\Activision Value 2008-03-11 14:43 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2008-03-11 14:42 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-11 14:40 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1853.sys 2008-03-11 14:40 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-08 12:48 348,160 --sh--w C:\msvcr71.dll 2008-03-08 12:48 3,514,318 --sh--w C:\AdobeR.exe 2008-03-04 20:54 --------- d-----w C:\Program Files\Eltima Software 2008-03-04 20:54 --------- d-----w C:\Program Files\Common Files\Eltima Shared 2008-03-04 20:54 --------- d-----w C:\Documents and Settings\Petrovic Tomica\Application Data\Eltima Software 2008-02-21 13:33 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-02-21 13:33 --------- d-----w C:\Program Files\Flash4D v5 - Home Edition Trial 2008-02-21 13:30 --------- d-----w C:\Program Files\ImTOO 2008-02-20 10:47 --------- d-----w C:\Documents and Settings\Petrovic Tomica\Application Data\Ahead 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-06 12:04 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe 2008-02-06 12:04 33,533 ----a-w C:\WINDOWS\system32\CoreVorbis-uninstall.exe 2008-02-06 12:02 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-04 09:23 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-03 19:55 104,688 ----a-w C:\WINDOWS\~GLC0001.TMP 2008-02-03 19:53 86,400 ----a-w C:\WINDOWS\~GLC0000.TMP . ------- Sigcheck ------- 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2004-08-04 03:07 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys 2008-04-17 12:48 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-04-17 12:48 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-04-16_23.15.21,75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-16 10:46:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-20 11:51:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-02-03 09:51:21 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll + 2008-04-19 00:44:08 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "fbblfbtu"="C:\WINDOWS\system32\kvudwrqn.exe" [2008-04-18 10:28 102400] "icnsbmoc"="C:\WINDOWS\system32\fkzelypw.exe" [2008-04-18 10:51 102400] "fcamnwpv"="C:\WINDOWS\system32\hchgbgdm.exe" [2008-04-19 03:53 106496] "PC-Cleaner"="C:\Program Files\PC-Cleaner\PC-Cleaner.exe" [ ] "ngufkjty"="C:\WINDOWS\system32\ypmhyhwd.exe" [2008-04-20 13:56 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2004-03-12 10:23 159744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 14:19 7626752] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42 176128] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 23:36 218640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "yirjoVt2GE"= C:\Documents and Settings\All Users\Application Data\cjuxuhiz\uxwjibwd.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lJAPIaaY] lJAPIaaY.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a------ 2007-05-19 23:36 218640 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 03:07 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVCLOCK] -ra------ 2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-07-12 14:19 7626752 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-07-12 14:19 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-07-12 14:19 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-11-12 16:48 21760296 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "16107:TCP"= 16107:TCP:NortonAV "13693:TCP"= 13693:TCP:NortonAV "14142:TCP"= 14142:TCP:NortonAV "17976:TCP"= 17976:TCP:NortonAV "17113:TCP"= 17113:TCP:NortonAV "12948:TCP"= 12948:TCP:NortonAV "12079:TCP"= 12079:TCP:NortonAV "12561:TCP"= 12561:TCP:NortonAV "15249:TCP"= 15249:TCP:NortonAV "16953:TCP"= 16953:TCP:NortonAV "13498:TCP"= 13498:TCP:NortonAV "16002:TCP"= 16002:TCP:NortonAV "15359:TCP"= 15359:TCP:NortonAV "12015:TCP"= 12015:TCP:NortonAV "17385:TCP"= 17385:TCP:NortonAV "17599:TCP"= 17599:TCP:NortonAV "18340:TCP"= 18340:TCP:NortonAV "14947:TCP"= 14947:TCP:NortonAV "13805:TCP"= 13805:TCP:NortonAV "15394:TCP"= 15394:TCP:NortonAV "13368:TCP"= 13368:TCP:NortonAV "13133:TCP"= 13133:TCP:NortonAV "12595:TCP"= 12595:TCP:NortonAV "15015:TCP"= 15015:TCP:NortonAV R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-03-12 13:34] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-03-12 13:34] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-03-12 13:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 13:54] S3 VGAUTI;VGAUTI;C:\WINDOWS\system32\DRIVERS\VGAUTI.sys [2003-10-22 11:37] S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 10:53] . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 13:52:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ypmhyhwd.exe 110592 bytes executable scan completed successfully hidden files: 4 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\www\Apache2\bin\Apache.exe C:\Program Files\X-Micro\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\www\Apache2\bin\Apache.exe C:\www\mysql\bin\mysqld-max-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-04-20 13:59:30 - machine was rebooted [Petrovic Tomica] ComboFix-quarantined-files.txt 2008-04-20 11:59:22 ComboFix2.txt 2008-04-16 21:15:56 Pre-Run: 17,429,737,472 bytes free Post-Run: 17,435,873,280 bytes free 387 --- E O F --- 2008-04-14 11:02:20

Profil

DEMIAN Poslao: 20 Apr 2008 15:09 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\hchgbgdm.exe C:\WINDOWS\system32\fkzelypw.exe C:\WINDOWS\omlbpkaw.dll C:\WINDOWS\lgmxvpatwxm.dll C:\WINDOWS\pmsoarbf.dll C:\WINDOWS\rtqmekwg.exe C:\WINDOWS\system32\kvudwrqn.exe C:\WINDOWS\system32\ypmhyhwd.exe Folder:: C:\Documents and Settings\Petrovic Tomica\Application Data\PC-Cleaner C:\Documents and Settings\All Users\Application Data\cjuxuhiz Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "fbblfbtu"=- "fbblfbtu"=- "icnsbmoc"=- "fcamnwpv"=- "PC-Cleaner"=- "ngufkjty"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "yirjoVt2GE"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lJAPIaaY] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Boske_KG Poslao: 20 Apr 2008 15:31 Idi na vrh
offline Boske_KG Ugledni građanin Tomica Komitet za bezbednost saobraćaja Pridružio: 22 Jun 2006 Poruke: 430 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-18.3 - Petrovic Tomica 2008-04-20 15:17:42.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT 2:00] Running from: C:\Documents and Settings\Petrovic Tomica\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Petrovic Tomica\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\lgmxvpatwxm.dll C:\WINDOWS\omlbpkaw.dll C:\WINDOWS\pmsoarbf.dll C:\WINDOWS\rtqmekwg.exe C:\WINDOWS\system32\fkzelypw.exe C:\WINDOWS\system32\hchgbgdm.exe C:\WINDOWS\system32\kvudwrqn.exe C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\ypmhyhwd.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\cjuxuhiz C:\Documents and Settings\All Users\Application Data\cjuxuhiz\uxwjibwd.exe C:\Documents and Settings\Petrovic Tomica\Application Data\PC-Cleaner C:\Documents and Settings\Petrovic Tomica\Application Data\PC-Cleaner\log.dat C:\Documents and Settings\Petrovic Tomica\Application Data\PC-Cleaner\settings.dat C:\WINDOWS\lgmxvpatwxm.dll C:\WINDOWS\omlbpkaw.dll C:\WINDOWS\pmsoarbf.dll C:\WINDOWS\rtqmekwg.exe C:\WINDOWS\system32\fkzelypw.exe C:\WINDOWS\system32\hchgbgdm.exe C:\WINDOWS\system32\kvudwrqn.exe C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\ypmhyhwd.exe . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-18 10:42 . 2008-04-18 10:18 106,496 --a------ C:\WINDOWS\npqtsrak.exe 2008-04-17 12:47 . 2008-04-17 12:47 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-04-16 23:06 . 2008-04-20 13:42 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-04-16 13:31 . 2008-04-16 13:31 <DIR> d-------- C:\Program Files\Microsoft 2008-04-15 17:34 . 2008-04-15 17:34 19,968 --a------ C:\tanja nemacki.doc 2008-04-14 00:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-14 00:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-14 00:05 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-13 22:20 . 2008-04-14 00:39 2,756 --a------ C:\configuration.php 2008-04-13 22:05 . 2008-04-13 22:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-13 22:04 . 2008-04-13 22:04 <DIR> d-------- C:\Program Files\Windows Live 2008-04-13 22:04 . 2008-04-13 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-12 14:12 . 2008-04-12 14:12 <DIR> d-------- C:\Program Files\Opsenarijum 2008-04-12 03:03 . 2008-04-12 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-04-11 14:25 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-04-09 19:42 . 2008-04-09 20:36 51,576,832 --a------ C:\dump_dvd.vob 2008-04-06 17:48 . 2008-04-06 17:47 762,348 --a------ C:\SWScan00038.jpg 2008-04-06 10:52 . 2008-04-06 10:52 268 --ah----- C:\sqmdata07.sqm 2008-04-06 10:52 . 2008-04-06 10:52 244 --ah----- C:\sqmnoopt07.sqm 2008-04-06 00:24 . 2008-04-06 00:24 268 --ah----- C:\sqmdata06.sqm 2008-04-06 00:24 . 2008-04-06 00:24 244 --ah----- C:\sqmnoopt06.sqm 2008-04-04 22:57 . 2008-04-04 22:57 268 --ah----- C:\sqmdata05.sqm 2008-04-04 22:57 . 2008-04-04 22:57 244 --ah----- C:\sqmnoopt05.sqm 2008-04-04 11:29 . 2008-04-04 11:29 268 --ah----- C:\sqmdata04.sqm 2008-04-04 11:29 . 2008-04-04 11:29 244 --ah----- C:\sqmnoopt04.sqm 2008-04-03 22:56 . 2008-04-03 22:56 268 --ah----- C:\sqmdata03.sqm 2008-04-03 22:56 . 2008-04-03 22:56 244 --ah----- C:\sqmnoopt03.sqm 2008-04-03 11:08 . 2008-04-03 11:08 268 --ah----- C:\sqmdata02.sqm 2008-04-03 11:08 . 2008-04-03 11:08 244 --ah----- C:\sqmnoopt02.sqm 2008-04-02 16:10 . 2008-04-02 16:10 268 --ah----- C:\sqmdata01.sqm 2008-04-02 16:10 . 2008-04-02 16:10 244 --ah----- C:\sqmnoopt01.sqm 2008-04-02 11:15 . 2008-04-02 11:15 268 --ah----- C:\sqmdata00.sqm 2008-04-02 11:15 . 2008-04-02 11:15 244 --ah----- C:\sqmnoopt00.sqm 2008-03-29 18:17 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2008-03-29 18:17 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax 2008-03-29 18:17 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2008-03-29 18:16 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2008-03-29 18:16 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2008-03-29 18:16 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv 2008-03-29 18:16 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2008-03-29 18:16 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd 2008-03-29 18:16 . 2008-03-29 18:16 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2008-03-29 18:16 . 2008-03-29 18:16 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2008-03-29 18:11 . 2008-03-29 18:11 <DIR> d-------- C:\Program Files\JoWooD 2008-03-29 18:11 . 2008-04-09 15:35 144 --a------ C:\htsetup.err 2008-03-28 07:49 . 2003-09-24 10:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-03-28 07:49 . 2003-09-24 10:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-03-28 07:49 . 2003-09-24 10:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-03-27 18:48 . 2008-03-27 18:48 <DIR> d-------- C:\Program Files\HP 2008-03-27 18:48 . 2008-03-27 18:48 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-03-27 18:47 . 2008-03-27 18:52 220,285 --a------ C:\WINDOWS\hpdj3500.his 2008-03-27 18:47 . 2008-03-27 18:52 10,390 --a------ C:\WINDOWS\hpdj3500.ini 2008-03-27 18:45 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-03-27 18:45 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-03-27 17:25 . 2005-05-31 15:06 44,163 --a------ C:\WINDOWS\system32\drivers\btwhid.sys 2008-03-27 17:25 . 2005-05-31 15:10 17,516 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys 2008-03-22 14:57 . 2008-03-22 14:57 <DIR> d-------- C:\Program Files\Corel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 13:23 --------- d-----w C:\Documents and Settings\Petrovic Tomica\Application Data\uTorrent 2008-04-20 13:22 1,010,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-20 12:15 --------- d-----w C:\Program Files\Red Devils Script 2008-04-20 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-20 11:49 98,456 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-20 11:49 250,052 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-20 11:49 19,613,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-19 01:03 --------- d-----w C:\Program Files\ArtIcons Pro 2008-04-19 00:30 --------- d-----w C:\Program Files\123 Flash Menu 2008-04-17 10:48 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-04-11 14:57 --------- d-----w C:\Program Files\Total Commander 7.01 2008-03-29 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 16:09 --------- d-----w C:\Program Files\Total Video Converter 2008-03-22 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cabela's Trophy Bucks Saves 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-15 18:05 --------- d-----w C:\Program Files\IconUtils 2008-03-12 18:41 --------- d-----w C:\Program Files\Java 2008-03-12 18:40 --------- d-----w C:\Program Files\Common Files\Java 2008-03-12 18:09 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-03-11 14:47 --------- d-----w C:\Program Files\Activision Value 2008-03-11 14:43 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2008-03-11 14:42 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-11 14:40 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1853.sys 2008-03-11 14:40 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-08 12:48 348,160 --sh--w C:\msvcr71.dll 2008-03-08 12:48 3,514,318 --sh--w C:\AdobeR.exe 2008-03-04 20:54 --------- d-----w C:\Program Files\Eltima Software 2008-03-04 20:54 --------- d-----w C:\Program Files\Common Files\Eltima Shared 2008-03-04 20:54 --------- d-----w C:\Documents and Settings\Petrovic Tomica\Application Data\Eltima Software 2008-02-21 13:33 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-02-21 13:33 --------- d-----w C:\Program Files\Flash4D v5 - Home Edition Trial 2008-02-21 13:30 --------- d-----w C:\Program Files\ImTOO 2008-02-20 10:47 --------- d-----w C:\Documents and Settings\Petrovic Tomica\Application Data\Ahead 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-06 12:04 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe 2008-02-06 12:04 33,533 ----a-w C:\WINDOWS\system32\CoreVorbis-uninstall.exe 2008-02-06 12:02 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-04 09:23 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-03 19:55 104,688 ----a-w C:\WINDOWS\~GLC0001.TMP 2008-02-03 19:53 86,400 ----a-w C:\WINDOWS\~GLC0000.TMP . ------- Sigcheck ------- 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2004-08-04 03:07 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys 2008-04-17 12:48 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-04-17 12:48 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-04-16_23.15.21,75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-16 10:46:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-20 11:51:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-02-03 09:51:21 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll + 2008-04-19 00:44:08 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2004-03-12 10:23 159744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 14:19 7626752] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42 176128] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 23:36 218640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a------ 2007-05-19 23:36 218640 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 03:07 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVCLOCK] -ra------ 2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-07-12 14:19 7626752 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-07-12 14:19 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-07-12 14:19 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-11-12 16:48 21760296 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "16107:TCP"= 16107:TCP:NortonAV "13693:TCP"= 13693:TCP:NortonAV "14142:TCP"= 14142:TCP:NortonAV "17976:TCP"= 17976:TCP:NortonAV "17113:TCP"= 17113:TCP:NortonAV "12948:TCP"= 12948:TCP:NortonAV "12079:TCP"= 12079:TCP:NortonAV "12561:TCP"= 12561:TCP:NortonAV "15249:TCP"= 15249:TCP:NortonAV "16953:TCP"= 16953:TCP:NortonAV "13498:TCP"= 13498:TCP:NortonAV "16002:TCP"= 16002:TCP:NortonAV "15359:TCP"= 15359:TCP:NortonAV "12015:TCP"= 12015:TCP:NortonAV "17385:TCP"= 17385:TCP:NortonAV "17599:TCP"= 17599:TCP:NortonAV "18340:TCP"= 18340:TCP:NortonAV "14947:TCP"= 14947:TCP:NortonAV "13805:TCP"= 13805:TCP:NortonAV "15394:TCP"= 15394:TCP:NortonAV "13368:TCP"= 13368:TCP:NortonAV "13133:TCP"= 13133:TCP:NortonAV "12595:TCP"= 12595:TCP:NortonAV "15015:TCP"= 15015:TCP:NortonAV R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-03-12 13:34] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-03-12 13:34] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-03-12 13:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 13:54] S3 VGAUTI;VGAUTI;C:\WINDOWS\system32\DRIVERS\VGAUTI.sys [2003-10-22 11:37] S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 10:53] . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 15:22:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 3 ************************************************************************ . Completion time: 2008-04-20 15:25:50 ComboFix-quarantined-files.txt 2008-04-20 13:25:45 ComboFix2.txt 2008-04-20 11:59:33 ComboFix3.txt 2008-04-16 21:15:56 Pre-Run: 17,463,775,232 bytes free Post-Run: 17,454,592,000 bytes free 272 --- E O F --- 2008-04-14 11:02:20

Profil

DEMIAN Poslao: 20 Apr 2008 15:52 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova... Uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

Profil

Boske_KG Poslao: 20 Apr 2008 17:33 Idi na vrh
offline Boske_KG Ugledni građanin Tomica Komitet za bezbednost saobraćaja Pridružio: 22 Jun 2006 Poruke: 430 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

DEMIAN Poslao: 20 Apr 2008 17:55 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Proverim ti ovo pa ti se javim večeras.. Pozz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Gadna infekcija...

Ko je trenutno na forumu

Ukupno su 1116 korisnika na forumu :: 53 registrovanih, 6 sakrivenih i 1057 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Atomski čoban, babaroga, Bobrock1, bojank, croato, Denaya, Dimitrije Paunovic, Dimitrise93, doklevise, DonRumataEstorski, Dorcolac, dragoljub11987, FOX, Frunze, Gargantua, goxin, ivica976, jaeger, Karla, kikisp, Koridor, kunktator, Leonov, Lošmi, MaksicZoran, mercedesamg, Metanoja, MikeHammer, milenko crazy north, Milometer, mkukoleca, mrav pesadinac, MrNo, naki011, nuke92, Oscar, Panter, Parker, pein, procesor, raptorsi, robert1979, ruger357, S2M, sasa76, slonic_tonic, Srle993, stegonosa, Tvrtko I, vathra, VP6919, zodiac94

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by