Hijack this javlja error

2

Hijack this javlja error

offline
  • Pridružio: 17 Apr 2006
  • Poruke: 215
  • Gde živiš: Novi Sad

ComboFix 09-07-02.02 - Slavica 07/02/2009 23:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.511.136 [GMT 2:00]
Running from: c:\documents and settings\Slavica\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\161f16.msp
c:\windows\Installer\1c974f2.msp
c:\windows\Installer\213bc15.msp
c:\windows\Installer\213bc85.msp
c:\windows\Installer\3299d89.msp
c:\windows\system32\mlfcache.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 20:33 . 2009-06-29 13:28 106496 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-02 20:33 . 2009-06-29 13:28 106496 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\npcoolirisplugin.dll
2009-07-02 20:33 . 2009-06-29 13:28 103424 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-02 20:33 . 2009-06-29 13:28 937984 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-02 20:33 . 2009-06-29 13:28 65536 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-02 20:33 . 2009-06-29 13:28 4734976 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-02 20:33 . 2009-06-29 13:28 344064 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-02 20:20 . 2009-07-02 20:20 -------- d-----w- C:\_OTM
2009-06-26 22:34 . 2009-06-26 22:08 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 22:07 . 2009-06-26 22:07 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-26 22:07 . 2009-06-26 22:07 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 22:07 . 2009-06-26 22:07 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-26 22:07 . 2009-06-26 22:07 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-26 22:07 . 2009-06-26 22:07 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 22:02 . 2009-06-26 22:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 22:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 22:02 . 2009-06-26 22:02 -------- d-----w- c:\program files\Lavasoft
2009-06-26 22:02 . 2009-06-26 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-24 22:47 . 2009-06-24 22:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-06-24 22:28 . 2009-06-24 22:28 -------- d-----w- c:\documents and settings\Slavica\Local Settings\Application Data\Symantec
2009-06-24 22:26 . 2005-09-16 22:20 87768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-24 22:26 . 2005-09-16 22:20 108168 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 22:26 . 2009-06-24 22:27 -------- d-----w- c:\program files\Symantec
2009-06-24 22:26 . 2009-07-02 21:19 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-24 22:26 . 2009-06-24 22:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-24 22:26 . 2009-06-24 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-15 11:27 . 2009-06-15 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-06-15 11:04 . 2009-06-15 11:27 -------- d-----w- c:\documents and settings\Slavica\Application Data\Ashtons. Family Resort
2009-06-15 11:04 . 2009-06-15 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashtons. Family Resort
2009-06-15 11:01 . 2009-06-15 11:01 -------- d-----w- c:\program files\Games
2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\program files\Farm Frenzy Pizza Party
2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\windows\Farm Frenzy Pizza Party
2009-06-15 10:58 . 2009-06-15 10:59 -------- d-----w- c:\program files\Ashtons Family Resort
2009-06-15 10:58 . 2009-06-15 10:58 -------- d-----w- c:\windows\Ashtons Family Resort
2009-06-10 06:21 . 2009-06-10 06:21 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 21:16 . 2008-06-28 08:15 -------- d-----w- c:\program files\Common Files\Akamai
2009-07-02 08:25 . 2006-05-03 20:12 -------- d-----w- c:\documents and settings\Slavica\Application Data\AdobeUM
2009-07-02 06:49 . 2007-09-20 09:05 -------- d-----w- c:\program files\File Seeker
2009-07-01 21:02 . 2006-05-03 21:39 27 ----a-w- c:\windows\popcinfo.dat
2009-06-23 08:17 . 2008-11-17 11:55 -------- d-----w- c:\documents and settings\Slavica\Application Data\Playrix Entertainment
2009-06-15 14:59 . 2007-12-10 13:50 -------- d-----w- c:\documents and settings\Slavica\Application Data\BitTorrent
2009-06-15 11:05 . 2007-12-09 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 06:22 . 2007-12-08 18:10 -------- d-----w- c:\program files\Java
2009-05-21 09:33 . 2009-04-14 16:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 14:06 . 2006-08-17 07:47 -------- d-----w- c:\program files\Optimik
2009-04-14 16:31 . 2009-04-14 16:31 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2007-12-09 10:07 . 2007-12-27 22:27 241664 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-27_21.07.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-27 20:48 . 2009-06-27 20:48 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
+ 2009-07-02 20:16 . 2009-07-02 20:16 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
+ 2007-12-16 23:33 . 2007-12-16 23:33 29696 c:\windows\Installer\2acf1d5.msi
+ 2008-12-12 19:23 . 2007-04-02 23:04 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-12-12 19:23 . 2007-04-02 23:04 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2006-10-30 02:04 . 2006-10-30 02:04 557056 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.msi
+ 2008-12-09 12:09 . 2008-12-09 12:09 338944 c:\windows\Installer\f508ba.msi
+ 2008-11-18 10:24 . 2008-11-18 10:24 576512 c:\windows\Installer\c42062.msi
+ 2009-03-06 10:11 . 2009-03-06 10:11 824832 c:\windows\Installer\a678a6.msi
+ 2008-03-14 07:03 . 2008-03-14 07:03 289792 c:\windows\Installer\a66ef.msi
+ 2008-11-19 12:30 . 2008-11-19 12:30 343040 c:\windows\Installer\9eb4d1.msi
+ 2008-12-08 10:50 . 2008-12-08 10:50 330240 c:\windows\Installer\861654.msi
+ 2008-05-03 07:39 . 2008-05-03 07:39 208384 c:\windows\Installer\7ce0329.msi
+ 2008-08-02 06:50 . 2008-08-02 06:50 289792 c:\windows\Installer\7380d.msi
+ 2009-06-26 22:02 . 2009-06-26 22:02 236032 c:\windows\Installer\69aa7e.msi
+ 2006-11-21 00:59 . 2006-11-21 00:59 428544 c:\windows\Installer\649dd8.msi
+ 2008-09-03 06:00 . 2008-09-03 06:00 464896 c:\windows\Installer\53a62f0.msi
+ 2008-09-03 05:59 . 2008-09-03 05:59 335360 c:\windows\Installer\53a62b3.msi
+ 2008-12-05 10:51 . 2008-12-05 10:51 328192 c:\windows\Installer\4eb2e1.msi
+ 2007-10-16 18:27 . 2007-10-16 18:27 193024 c:\windows\Installer\37e9e7.msi
+ 2007-12-27 22:18 . 2007-12-27 22:18 532992 c:\windows\Installer\3039444.msi
+ 2007-12-16 23:35 . 2007-12-16 23:35 213504 c:\windows\Installer\2acf1df.msi
+ 2006-05-03 19:28 . 2006-05-03 19:28 264704 c:\windows\Installer\25d2e.msi
+ 2007-12-08 18:10 . 2007-12-08 18:10 282624 c:\windows\Installer\25876d1.msi
+ 2008-05-04 16:30 . 2008-05-04 16:30 454144 c:\windows\Installer\256789.msi
+ 2008-05-04 16:28 . 2008-05-04 16:28 472576 c:\windows\Installer\256780.msi
+ 2008-05-04 16:21 . 2008-05-04 16:21 525824 c:\windows\Installer\25676e.msi
+ 2008-05-04 16:19 . 2008-05-04 16:19 867840 c:\windows\Installer\256765.msi
+ 2008-05-04 15:18 . 2008-05-04 15:18 163840 c:\windows\Installer\1c3dc7b.msi
+ 2009-02-04 08:30 . 2009-02-04 08:30 697856 c:\windows\Installer\187a6.msi
+ 2009-04-14 16:44 . 2009-04-14 16:44 598016 c:\windows\Installer\126725.msi
+ 2006-05-03 22:23 . 2007-10-16 18:26 829952 c:\windows\Downloaded Installations\DAEMON Tools 3.47\daemon.msi
+ 2002-07-01 21:38 . 2004-07-17 09:35 1326080 c:\windows\system32\webfldrs.msi
+ 2006-05-03 19:44 . 2004-07-17 09:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-12-12 19:20 . 2007-04-02 23:12 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2006-10-30 02:05 . 2006-10-30 02:05 2723840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\WF_3.0_x86.msi
+ 2008-05-04 16:21 . 2008-05-04 16:21 8044544 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\wcf.msi
+ 2009-06-24 22:27 . 2009-06-24 22:27 5965824 c:\windows\Installer\d222ef.msi
+ 2006-05-04 08:56 . 2006-05-04 08:56 3459072 c:\windows\Installer\8b3653.msi
+ 2009-06-26 22:02 . 2009-06-26 22:02 1802240 c:\windows\Installer\69aa84.msi
+ 2008-09-03 06:06 . 2008-09-03 06:06 2212864 c:\windows\Installer\53a638c.msi
+ 2006-05-03 19:55 . 2006-05-03 19:55 3443712 c:\windows\Installer\3ba1f.msi
+ 2006-06-12 12:19 . 2009-07-02 08:25 3817984 c:\windows\Installer\3b385.msi
+ 2008-03-10 20:48 . 2008-03-10 20:48 8776704 c:\windows\Installer\33ac9d9.msi
+ 2008-03-18 15:25 . 2008-03-18 15:25 4364800 c:\windows\Installer\309ca7.msi
+ 2006-05-03 22:40 . 2006-05-03 22:40 2446848 c:\windows\Installer\2bcb3.msi
+ 2006-05-03 22:36 . 2006-05-03 22:36 5986304 c:\windows\Installer\2bca7.msi
+ 2008-05-04 16:22 . 2008-05-04 16:22 1142784 c:\windows\Installer\256777.msi
+ 2006-05-03 22:10 . 2006-05-03 22:10 3485184 c:\windows\Installer\1bd08c.msi
+ 2006-05-03 22:01 . 2006-05-03 22:01 9943552 c:\windows\Installer\1bd084.msi
+ 2006-05-03 20:50 . 2006-05-03 20:50 1726976 c:\windows\Installer\183ecc.msi
+ 2007-01-05 21:11 . 2007-01-05 21:11 2109440 c:\windows\Installer\13bd09.msi
+ 2006-05-03 21:26 . 2006-05-03 21:26 6120448 c:\windows\Downloaded Installations\{78CB0701-6520-4FAE-99CE-20DE50BEF25C}\Microsoft AntiSpyware.msi
+ 2006-10-30 02:05 . 2006-10-30 02:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi
+ 2005-09-23 06:48 . 2005-09-23 06:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2007-12-16 23:32 . 2007-01-19 12:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2008-05-04 15:58 . 2008-05-04 15:58 19210240 c:\windows\Installer\16e7df.msp
+ 2006-05-03 20:49 . 2006-05-03 20:49 15794176 c:\windows\Downloaded Installations\{B0CC1A89-E31E-455D-85F9-E168107BAC9F}\ACDSee 6.0 PowerPack.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2005-10-31 503808]
"FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\Symantec AntiVirus\VPTray.exe" [2005-11-15 85744]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-26 518488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Slavica\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-11-1 256000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"PolicyAgent"=2 (0x2)
"helpsvc"=2 (0x2)
"TrkWks"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\explorĺr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1055:TCP"= 1055:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1197:TCP"= 1197:TCP:Akamai NetSession Interface
"1205:TCP"= 1205:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"1243:TCP"= 1243:TCP:Akamai NetSession Interface
"1253:TCP"= 1253:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1221:TCP"= 1221:TCP:Akamai NetSession Interface
"1639:TCP"= 1639:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"1706:TCP"= 1706:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1825:TCP"= 1825:TCP:Akamai NetSession Interface
"1068:TCP"= 1068:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"1517:TCP"= 1517:TCP:Akamai NetSession Interface
"1336:TCP"= 1336:TCP:Akamai NetSession Interface
"1354:TCP"= 1354:TCP:Akamai NetSession Interface
"1193:TCP"= 1193:TCP:Akamai NetSession Interface
"1228:TCP"= 1228:TCP:Akamai NetSession Interface
"1258:TCP"= 1258:TCP:Akamai NetSession Interface
"1099:TCP"= 1099:TCP:Akamai NetSession Interface
"1133:TCP"= 1133:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/27/2009 12:08 AM 64160]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 2:00 PM 14336]
R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/25/1998 10:55 AM 52800]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/19/2009 11:03 PM 1519168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2009 12:43 AM 101936]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 9:06 PM 1003344]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
Trusted Zone: deltabanka.rs\online
Trusted Zone: lhb.rs\www.ebank
Trusted Zone: ppbank.com\www.ebank
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.ebank.lhb.rs/DLL/FSINT.dll
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.ebank.ppbank.com/DLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.ebank.ppbank.com/DLL/EbankingWWW.dll
DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://www.ebank.ppbank.com/DLL/EBCSCC2B.dll
DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://www.ebank.ppbank.com/DLL/EBCCDC2.dll
FF - ProfilePath - c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pimpmysearch.com/home.html?gname=Stolica
FF - component: c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Slavica\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://www.travian.org http://www.travian.at http://welt1.travian.de http://welt2.travian.de http://welt3.travian.de http://welt4.travian.de http://welt5.travian.de http://welt6.travian.de http://welt7.travian.de http://welt8.travian.de http://welt9.travian.de http://welt10.travian.de http://speed.travian.de rs1.travian.com
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-02 23:32
ComboFix-quarantined-files.txt 2009-07-02 21:32
ComboFix2.txt 2009-06-27 21:10
ComboFix3.txt 2009-06-26 21:00

Pre-Run: 20,442,234,880 bytes free
Post-Run: 20,426,575,872 bytes free

366

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...

Kolega je trenutno zauzet pa ću ti ja dati dalja uputstva.

Skini sledeći file na Desktop: https://www.mycity.rs/must-login.png


Dvoklikni na njega - crni prozor će se nakratko otvoriti.

Na Desktop-u (ili u istom folderu gde si sačuvao gornji file) će biti kreiran file list.txt - iskoristi opciju Prikači fajl kako bi priložio list.txt uz poruku.

offline
  • Pridružio: 17 Apr 2006
  • Poruke: 215
  • Gde živiš: Novi Sad

Napisano: 04 Jul 2009 13:39

Prikachavam kreirani txt.
https://www.mycity.rs/must-login.png

Dopuna: 04 Jul 2009 13:55

Ko shto se vidi s'pochetka teme ne razumem se bash u PC al primecujem da je Helen1 trazio da pomocu OTMa obrisem explorl.exe a on ga nije nashao a sada u ovom "list.txt" poslednja linija kaze da on postoji u registry bazi ali da je "disabled".
Rachunar radi solidno ali mi je bitno da se reshim zlonamernih programa jer sa njega pristupam "backend-u" sajta koji se uporno zarazava "infrejmom".
Daklem ne koristim FTP pristup niti znam kako ali postoji logovanje za administratora backendu CMSa sajta koji koristim pa je sasvim sigurno da neki zlonamerni program salje shifre svom kreatoru (ili bot-u) shto mi je i potvrdjeno od strane kompanije koja hostuje sajt koja kaze da neko iz USA ubacuje infrejm u sajt.
Sve ovo pishem da se zna koliko mi znachi vasha pomoc oko tamanjenja ovih napasti.
Uzdravlje i chekam instrukcije za dalje.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skini da Desktop (desni klik pa Save As...): https://www.mycity.rs/must-login.png

Dvoklikni na taj file i kada se pojavi upit, klikni Yes.



Nakon toga skini novi ComboFix sa ranije datih linkova, pokreni ga i postavi log koji dobiješ.

offline
  • Pridružio: 17 Apr 2006
  • Poruke: 215
  • Gde živiš: Novi Sad

ComboFix 09-07-03.03 - Slavica 07/04/2009 14:07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.511.124 [GMT 2:00]
Running from: c:\documents and settings\Slavica\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-02 20:33 . 2009-06-29 13:28 106496 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-02 20:33 . 2009-06-29 13:28 106496 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\npcoolirisplugin.dll
2009-07-02 20:33 . 2009-06-29 13:28 103424 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-02 20:33 . 2009-06-29 13:28 937984 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-02 20:33 . 2009-06-29 13:28 65536 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-02 20:33 . 2009-06-29 13:28 4734976 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-02 20:33 . 2009-06-29 13:28 344064 ----a-w- c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-02 20:20 . 2009-07-02 20:20 -------- d-----w- C:\_OTM
2009-06-26 22:34 . 2009-06-26 22:08 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 22:07 . 2009-06-26 22:07 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-26 22:07 . 2009-06-26 22:07 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 22:07 . 2009-06-26 22:07 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-26 22:07 . 2009-06-26 22:07 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-26 22:07 . 2009-06-26 22:07 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 22:02 . 2009-06-26 22:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 22:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 22:02 . 2009-06-26 22:02 -------- d-----w- c:\program files\Lavasoft
2009-06-26 22:02 . 2009-06-26 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-24 22:47 . 2009-06-24 22:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-06-24 22:28 . 2009-06-24 22:28 -------- d-----w- c:\documents and settings\Slavica\Local Settings\Application Data\Symantec
2009-06-24 22:26 . 2005-09-16 22:20 87768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-24 22:26 . 2005-09-16 22:20 108168 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 22:26 . 2009-06-24 22:27 -------- d-----w- c:\program files\Symantec
2009-06-24 22:26 . 2009-07-04 12:05 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-24 22:26 . 2009-06-24 22:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-24 22:26 . 2009-06-24 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-15 11:27 . 2009-06-15 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-06-15 11:04 . 2009-06-15 11:27 -------- d-----w- c:\documents and settings\Slavica\Application Data\Ashtons. Family Resort
2009-06-15 11:04 . 2009-06-15 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashtons. Family Resort
2009-06-15 11:01 . 2009-06-15 11:01 -------- d-----w- c:\program files\Games
2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\program files\Farm Frenzy Pizza Party
2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\windows\Farm Frenzy Pizza Party
2009-06-15 10:58 . 2009-06-15 10:59 -------- d-----w- c:\program files\Ashtons Family Resort
2009-06-15 10:58 . 2009-06-15 10:58 -------- d-----w- c:\windows\Ashtons Family Resort
2009-06-10 06:21 . 2009-06-10 06:21 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 11:44 . 2007-09-20 09:05 -------- d-----w- c:\program files\File Seeker
2009-07-04 11:32 . 2008-06-28 08:15 -------- d-----w- c:\program files\Common Files\Akamai
2009-07-03 19:59 . 2006-05-03 21:39 27 ----a-w- c:\windows\popcinfo.dat
2009-07-03 12:28 . 2006-05-03 20:12 -------- d-----w- c:\documents and settings\Slavica\Application Data\AdobeUM
2009-07-02 21:44 . 2009-02-06 10:09 -------- d-----w- c:\program files\Puzzle Hero
2009-07-02 21:42 . 2008-04-07 19:34 -------- d-----w- c:\program files\Yahoo! Games
2009-07-02 21:40 . 2007-12-14 07:37 -------- d-----w- c:\documents and settings\Slavica\Application Data\PlayFirst
2009-06-23 08:17 . 2008-11-17 11:55 -------- d-----w- c:\documents and settings\Slavica\Application Data\Playrix Entertainment
2009-06-15 14:59 . 2007-12-10 13:50 -------- d-----w- c:\documents and settings\Slavica\Application Data\BitTorrent
2009-06-15 11:05 . 2007-12-09 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 06:22 . 2007-12-08 18:10 -------- d-----w- c:\program files\Java
2009-05-21 09:33 . 2009-04-14 16:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 14:06 . 2006-08-17 07:47 -------- d-----w- c:\program files\Optimik
2009-04-14 16:31 . 2009-04-14 16:31 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2007-12-09 10:07 . 2007-12-27 22:27 241664 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-02_21.30.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-02 20:16 . 2009-07-02 20:16 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
+ 2009-07-04 11:31 . 2009-07-04 11:31 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
+ 2006-06-12 12:19 . 2009-07-03 15:15 3817984 c:\windows\Installer\3b385.msi
- 2006-06-12 12:19 . 2009-07-02 08:25 3817984 c:\windows\Installer\3b385.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2005-10-31 503808]
"FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\Symantec AntiVirus\VPTray.exe" [2005-11-15 85744]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-26 518488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Slavica\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-11-1 256000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"PolicyAgent"=2 (0x2)
"helpsvc"=2 (0x2)
"TrkWks"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1055:TCP"= 1055:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1197:TCP"= 1197:TCP:Akamai NetSession Interface
"1205:TCP"= 1205:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"1243:TCP"= 1243:TCP:Akamai NetSession Interface
"1253:TCP"= 1253:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1221:TCP"= 1221:TCP:Akamai NetSession Interface
"1639:TCP"= 1639:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1113:TCP"= 1113:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"1706:TCP"= 1706:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1825:TCP"= 1825:TCP:Akamai NetSession Interface
"1068:TCP"= 1068:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"1517:TCP"= 1517:TCP:Akamai NetSession Interface
"1336:TCP"= 1336:TCP:Akamai NetSession Interface
"1354:TCP"= 1354:TCP:Akamai NetSession Interface
"1193:TCP"= 1193:TCP:Akamai NetSession Interface
"1228:TCP"= 1228:TCP:Akamai NetSession Interface
"1258:TCP"= 1258:TCP:Akamai NetSession Interface
"1099:TCP"= 1099:TCP:Akamai NetSession Interface
"1133:TCP"= 1133:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/27/2009 12:08 AM 64160]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 2:00 PM 14336]
R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/25/1998 10:55 AM 52800]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/19/2009 11:03 PM 1519168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2009 12:43 AM 101936]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 9:06 PM 1003344]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
Trusted Zone: deltabanka.rs\online
Trusted Zone: lhb.rs\www.ebank
Trusted Zone: ppbank.com\www.ebank
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.ebank.lhb.rs/DLL/FSINT.dll
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.ebank.ppbank.com/DLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.ebank.ppbank.com/DLL/EbankingWWW.dll
DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://www.ebank.ppbank.com/DLL/EBCSCC2B.dll
DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://www.ebank.ppbank.com/DLL/EBCCDC2.dll
FF - ProfilePath - c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pimpmysearch.com/home.html?gname=Stolica
FF - component: c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Slavica\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://www.travian.org http://www.travian.at http://welt1.travian.de http://welt2.travian.de http://welt3.travian.de http://welt4.travian.de http://welt5.travian.de http://welt6.travian.de http://welt7.travian.de http://welt8.travian.de http://welt9.travian.de http://welt10.travian.de http://speed.travian.de rs1.travian.com
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 14:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-04 14:18
ComboFix-quarantined-files.txt 2009-07-04 12:18
ComboFix2.txt 2009-07-02 21:33
ComboFix3.txt 2009-06-27 21:10
ComboFix4.txt 2009-06-26 21:00

Pre-Run: 20,926,771,200 bytes free
Post-Run: 20,910,624,768 bytes free

304

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok, ovo je čisto.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Što se tiče sajta koji pominješ... Uzrok verovatno nije nešto što je bilo na tvom kompjuteru.

Raspitaj se o tome u: http://www.mycity.rs/Pretrazivaci-Web-mail-Web-portali/

offline
  • Pridružio: 17 Apr 2006
  • Poruke: 215
  • Gde živiš: Novi Sad

Hvala puno na pomoci !

Ko je trenutno na forumu
 

Ukupno su 409 korisnika na forumu :: 7 registrovanih, 0 sakrivenih i 402 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, Djole, Oscar2, panzerwaffe, pein, samsung, shaja1