MyCity » Ambulanta -> Arhiva Ambulante » Hijack this log

Hijack this log

Napisano na dan: 28.8.2008

Hijack this log
Sledeća strana Pagination

Idi na vrh

Poslao: 28 Avg 2008 20:46
Idi na vrh
offline
  • Katjic 
  • Novi MyCity građanin
  • Pridružio: 28 Avg 2008
  • Poruke: 5

Pozdrav,

Moze li mi netko provjeriti ovaj log?

Hvala unaprijed Smile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:21 PM, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.ca/0SEENCA/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MAXadsl - Provjera prometa] C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5403 bytes

Poslao: 28 Avg 2008 20:56
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Log je čist. Postoji li neki konkretan problem?

Poslao: 28 Avg 2008 21:22
Idi na vrh
offline
  • Katjic 
  • Novi MyCity građanin
  • Pridružio: 28 Avg 2008
  • Poruke: 5

Bio je...stalno sam imala nekakvi win32.pz - tako nesto, kad sam skenirala sa spybot search and destroy. Sada ga vise ne nalazim....Ocistila sam ga sa dr web u safe modu. Ali.... cini mi se da mi comp nekako sporije radi od onda. Danas mi je samo iskocio nekakav prozorcic ( to je trajalo sek pa nisam ni skuzila sta je bilo) i nakon toga mi je nestalo sve sa ekrana. Vratilo se nakon nekoliko sek doduse... Pa reko da vidim sa hijak this -om Smile

Hvala puno na odgovoru SmileSmile

Poslao: 28 Avg 2008 21:36
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Možemo odraditi još jednu proveru, ako želiš...


Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Poslao: 28 Avg 2008 22:00
Idi na vrh
offline
  • Katjic 
  • Novi MyCity građanin
  • Pridružio: 28 Avg 2008
  • Poruke: 5

Oh shit!
Upravo sam startala scan kad...blue screen i comp se restartirao sam!!

Evo sto sam dobila pri restartovanju :



Dopuna: 28 Avg 2008 22:00

o.O

Opet ista stvar.....kliknem scan Rootkit/Malware, scan dodje do pola i p00f...blue screen. Sve kao i zadnji puta Sad

Poslao: 28 Avg 2008 22:03
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa strašno, događa se to sa Gmerom.


Hajde uradi ovo...


* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 28 Avg 2008 22:17
Idi na vrh
offline
  • Katjic 
  • Novi MyCity građanin
  • Pridružio: 28 Avg 2008
  • Poruke: 5

ComboFix 08-08-28.04 - Administrator 2008-08-28 22:08:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.658 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\HAAB2L8H\bin.clearspring.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-23 15:31 . 2008-08-23 15:33 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-23 15:31 . 2008-08-23 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-23 15:31 . 2008-08-23 15:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-08-23 15:31 . 2008-08-23 15:33 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-23 15:31 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-23 15:30 . 2008-08-23 15:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 21:21 . 2008-08-22 21:33 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-20 23:39 . 2008-08-20 23:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-08-20 17:03 . 2008-08-20 17:03 494 --a------ C:\WINDOWS\wininit.ini
2008-08-20 16:08 . 2008-08-20 16:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-20 16:01 . 2008-08-20 16:21 <DIR> d-------- C:\SDFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 13:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-26 16:29 --------- d-----w C:\Program Files\Soulseek
2008-08-20 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 14:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 14:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-20 14:31 --------- d-----w C:\Program Files\mobile PhoneTools
2008-07-28 05:35 --------- d-----w C:\Program Files\Java
2008-07-25 22:08 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-24 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-23 13:11 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-20 18:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC
2008-07-20 17:08 --------- d-----w C:\Program Files\mIRC
2008-07-19 18:17 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-21 07:34 45,568 ----a-w C:\WINDOWS\system32\avgfwdx.dll
2003-07-15 21:19 150,192 ----a-w C:\Program Files\TweakUiPowertoySetup.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-17_20.58.35.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-20 14:08:34 5,713,920 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-20 14:08:35 184,320 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-20 14:08:22 5,713,920 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-20 14:08:22 184,320 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-08-28 19:40:34 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-02-27 18:26:13 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-08-19 11:19:15 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-06-02 16:58:11 10,134 ----a-r C:\WINDOWS\Installer\{7BCC87A5-5865-4593-9A85-4B7EF2642357}\SystemFolder_msiexec.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2008-08-20 14:07:04 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-20 14:07:04 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-20 14:07:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-24 09:07:38 22,528 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys
+ 2008-06-21 07:34:43 23,296 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys
- 2008-03-24 11:47:25 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
+ 2008-06-21 07:34:45 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
+ 2008-08-28 19:40:35 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2005-11-10 09:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 09:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 11:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-05-21 13:59:25 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-09 02:59:46 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-06-21 10:48:07 50,596 ---ha-w C:\WINDOWS\system32\mlfcache.dat
- 2007-10-18 10:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-10-18 09:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
- 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
- 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 12:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"MAXadsl - Provjera prometa"="C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe" [2006-09-09 01:48 726016]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-07-19 14:51 3686400]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-16 09:59 154368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-04-17 18:03 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-09-13 02:13 163840 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-20 15:10:04 649024]
REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe [2008-03-24 11:44:09 770048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Aware.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-26 00:08]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 00:08]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-26 00:08]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 09:34]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 17:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2002-12-31 14:00]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 09:34]
S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys []
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 09:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-23 15:33]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rk7x2bqj.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-28 22:10:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
Completion time: 2008-08-28 22:12:52
ComboFix-quarantined-files.txt 2008-08-28 20:12:33
ComboFix2.txt 2008-04-17 18:59:00

Pre-Run: 942,637,056 bytes free
Post-Run: 977,334,272 bytes free

168 --- E O F --- 2008-01-16 21:19:07

Poslao: 28 Avg 2008 22:51
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa maliciozno u logu... Čist PC.


Uradi sledeće:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve...

Poslao: 28 Avg 2008 23:01
Idi na vrh
offline
  • Katjic 
  • Novi MyCity građanin
  • Pridružio: 28 Avg 2008
  • Poruke: 5

Hvala na pomoci Smile

MyCity » Ambulanta -> Arhiva Ambulante » Hijack this log

Ko je trenutno na forumu
 

Ukupno su 833 korisnika na forumu :: 33 registrovanih, 9 sakrivenih i 791 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, bigfoot, bobomicek, Boris BM, Brana01, cavatina, CikaKURE, Dimitrije Paunovic, Dimitrise93, doktor1964, dushan, galerija, Georgius, Ivica1102, kybonacci, Litostroton, maiden6657, Marko Marković, mercedesamg, MiroslavD, Mlav, mnn2, nebkv, NikolaGTR, Panter, ruger357, Stoilkovic, vathra, voja64, YugoSlav, ZetaMan, zlaya011