MyCity » Ambulanta -> Arhiva Ambulante » Imali pomoci ili format...

Imali pomoci ili format...

Napisano na dan: 6.5.2008

Strana:
1
2

Imali pomoci ili format...

Pagination

Prethodna strana

Odgovori

Strana:
1
2

canke Poslao: 07 Maj 2008 18:37 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-01.3 - stamenko 2008-05-07 18:14:24.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.226 [GMT 2:00] Running from: C:\Documents and Settings\stamenko\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll C:\Program Files\ShoppingReport\Uninst.exe C:\WINDOWS\BM39412636.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system\msvbvm60.dll C:\WINDOWS\system32\acqikptc.ini C:\WINDOWS\system32\alxjcrkb.ini C:\WINDOWS\system32\apqpnald.dll C:\WINDOWS\system32\bgppxilk.dll C:\WINDOWS\system32\bleoeyag.ini C:\WINDOWS\system32\bwpldcea.ini C:\WINDOWS\system32\bxmgfhhx.ini C:\WINDOWS\system32\Cache C:\WINDOWS\system32\caisviil.ini C:\WINDOWS\system32\chmnmhkc.dll C:\WINDOWS\system32\cnhhxniv.dll C:\WINDOWS\system32\cpnxsfnv.dll C:\WINDOWS\system32\crnikckt.dll C:\WINDOWS\system32\dbwjrfna.dll C:\WINDOWS\system32\dqpnrtyw.dll C:\WINDOWS\system32\dtgtqaxi.ini C:\WINDOWS\system32\egxnhwlc.dll C:\WINDOWS\system32\emfljagt.ini C:\WINDOWS\system32\essbbdku.dll C:\WINDOWS\system32\etmpobit.ini C:\WINDOWS\system32\etmpobit.tmp C:\WINDOWS\system32\etmpobit.tmp2 C:\WINDOWS\system32\fdabjuas.ini C:\WINDOWS\system32\fiqehfmx.ini C:\WINDOWS\system32\fqfmienj.ini C:\WINDOWS\system32\fyeixmrw.ini C:\WINDOWS\system32\fyqkynif.dll C:\WINDOWS\system32\gvtrumnb.ini C:\WINDOWS\system32\hjhmgsrm.ini C:\WINDOWS\system32\hjtflvdu.dll C:\WINDOWS\system32\hjveoetx.dll C:\WINDOWS\system32\hlqpjptn.dll C:\WINDOWS\system32\hlwchbdp.dll C:\WINDOWS\system32\hmvdxkls.dll C:\WINDOWS\system32\hrkylrkt.ini C:\WINDOWS\system32\hwglndje.ini C:\WINDOWS\system32\hxupepox.ini C:\WINDOWS\system32\ichbkxif.ini C:\WINDOWS\system32\irrrygcj.dll C:\WINDOWS\system32\ivqhkprt.dll C:\WINDOWS\system32\jabqckpl.ini C:\WINDOWS\system32\jdgxeumt.ini C:\WINDOWS\system32\jdmsyjqh.ini C:\WINDOWS\system32\jevtjsei.dll C:\WINDOWS\system32\jqtcdpih.ini C:\WINDOWS\system32\jsoucskh.dll C:\WINDOWS\system32\kjutyalm.dll C:\WINDOWS\system32\knwyreot.ini C:\WINDOWS\system32\kovsjwfx.dll C:\WINDOWS\system32\ktwumyxi.dll C:\WINDOWS\system32\kueyttjx.dll C:\WINDOWS\system32\lbsntbtm.ini C:\WINDOWS\system32\liivsiac.dll C:\WINDOWS\system32\lspsdeep.ini C:\WINDOWS\system32\lupcjiwd.dll C:\WINDOWS\system32\lxdmkfpp.ini C:\WINDOWS\system32\lyvmqdut.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\megkqhjg.ini C:\WINDOWS\system32\mfvjasgq.ini C:\WINDOWS\system32\mgtwnkxh.ini C:\WINDOWS\system32\mktkwywo.ini C:\WINDOWS\system32\mlaytujk.ini C:\WINDOWS\system32\mnigtmbj.ini C:\WINDOWS\system32\mtvqtcvi.ini C:\WINDOWS\system32\npykgwqa.dll C:\WINDOWS\system32\nualqgty.dll C:\WINDOWS\system32\oextnpcy.dll C:\WINDOWS\system32\ogjpxkdd.ini C:\WINDOWS\system32\onnvgnts.dll C:\WINDOWS\system32\orqru.ini C:\WINDOWS\system32\orqru.ini2 C:\WINDOWS\system32\oxmsrhxj.dll C:\WINDOWS\system32\phpjvbwh.dll C:\WINDOWS\system32\qcrjfqll.ini C:\WINDOWS\system32\qmnwcxru.ini C:\WINDOWS\system32\qnifjowp.dll C:\WINDOWS\system32\qxtqabeh.dll C:\WINDOWS\system32\ranexgff.dll C:\WINDOWS\system32\rcqqkglv.ini C:\WINDOWS\system32\rjeqqsky.ini C:\WINDOWS\system32\rjusgkuv.ini C:\WINDOWS\system32\ruefqryv.dll C:\WINDOWS\system32\sduxrsec.dll C:\WINDOWS\system32\sqhcfiqw.ini C:\WINDOWS\system32\svaanrtg.ini C:\WINDOWS\system32\tailcgna.ini C:\WINDOWS\system32\tkckinrc.ini C:\WINDOWS\system32\tkfeyuab.ini C:\WINDOWS\system32\tlqwyqth.dll C:\WINDOWS\system32\tnncrcwh.ini C:\WINDOWS\system32\tohwdpss.ini C:\WINDOWS\system32\tovmtwoj.ini C:\WINDOWS\system32\tpaklyjq.ini C:\WINDOWS\system32\tqvbjuhr.ini C:\WINDOWS\system32\tsffexgl.ini C:\WINDOWS\system32\ttptinwi.ini C:\WINDOWS\system32\tudqmvyl.ini C:\WINDOWS\system32\uhdxhxta.dll C:\WINDOWS\system32\uxikgssc.ini C:\WINDOWS\system32\vlgkqqcr.dll C:\WINDOWS\system32\vyrqfeur.ini C:\WINDOWS\system32\wejahspc.ini C:\WINDOWS\system32\wghcwwvd.dll C:\WINDOWS\system32\wrmxieyf.dll C:\WINDOWS\system32\wxnicqtu.dll C:\WINDOWS\system32\xesyfvej.ini C:\WINDOWS\system32\xfwjsvok.ini C:\WINDOWS\system32\xjmygwbi.ini C:\WINDOWS\system32\xjttyeuk.ini C:\WINDOWS\system32\xsdvxcdo.ini C:\WINDOWS\system32\yceeg.ini C:\WINDOWS\system32\yceeg.ini2 C:\WINDOWS\system32\yjktmynt.ini C:\WINDOWS\system32\ypyhdgok.dll C:\WINDOWS\system32\yqhlwjnv.ini C:\WINDOWS\system32\yrgiloty.ini C:\WINDOWS\system32\yuukgigj.ini C:\WINDOWS\system32\yyfrabsu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))) . 2008-05-07 18:13 . 2008-05-07 18:13 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-07 16:54 . 2008-05-07 16:54 <DIR> d-------- C:\_OTMoveIt 2008-05-07 15:54 . 2008-05-07 15:54 2,112 --a------ C:\WINDOWS\system32\ksxiteqd.exe 2008-05-07 15:29 . 2008-05-07 15:29 36,352 --a------ C:\WINDOWS\system32\wvuvust.V00dll 2008-05-07 15:28 . 2008-05-07 15:29 36,352 --a------ C:\WINDOWS\system32\wvuvust.Vdll 2008-04-18 23:59 . 2008-04-18 23:59 <DIR> d--hs---- C:\FOUND.012 2008-04-15 08:15 . 2008-04-15 08:15 863,111 ---hs---- C:\WINDOWS\system32\jabqckpl.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-05 19:50 --------- d-----w C:\Program Files\VectorArt3dViewer 2008-04-02 22:16 265,728 ----a-w C:\WINDOWS\system32\urqro.dll 2008-03-29 20:14 --------- d-----w C:\Program Files\Cut2D Trial 2008-03-29 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno 2008-03-28 21:05 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2008-03-28 21:00 --------- d-----w C:\Program Files\Freeze.com 2008-03-27 21:48 --------- d-----w C:\Program Files\translator 2008-03-27 20:36 --------- d-----w C:\Program Files\Recnik20 2008-03-26 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-03-26 20:08 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-03-25 13:28 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4679.exe 2008-03-25 13:28 --------- d-----w C:\Program Files\PDFCreator Toolbar 2008-03-25 13:27 --------- d-----w C:\Program Files\PDFCreator 2008-03-15 22:30 2,449 ----a-w C:\Program Files\Microsoft FrontPage.lnk 2008-03-15 19:37 7,381,946 ----a-w C:\WINDOWS\WindowsXP-KB835935-SP2-ENU.exe 2008-03-13 20:55 --------- d-----r C:\Documents and Settings\All Users\Application Data\systemerrorfixer 2008-03-11 20:12 --------- d-----w C:\Documents and Settings\stamenko\Application Data\JLC's Software 2008-03-11 19:47 --------- d-----w C:\Program Files\JLC's Software 2008-03-10 20:26 --------- d-----w C:\Documents and Settings\stamenko\Application Data\FDRLab 2008-03-08 23:09 --------- d-----w C:\Program Files\AlgolabPtVector 2008-03-08 22:23 --------- d-----w C:\Program Files\uTorrent 2008-03-08 22:23 --------- d-----w C:\Documents and Settings\stamenko\Application Data\uTorrent 2008-03-08 21:34 --------- d-----w C:\Program Files\Pixologic 2008-03-01 18:00 1,263,243 --sh--w C:\WINDOWS\system32\nhuiwqwm.tmp 2008-02-15 19:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2008-02-14 20:23 518,888 ----a-w C:\WINDOWS\Media\WindowsXP-KB884020-x86-enu.exe 2007-12-09 05:24 2,492 ----a-w C:\Documents and Settings\stamenko\Application Data\ViewerApp.dat 2005-12-08 13:53 979 ----a-w C:\Program Files\ReadMe.txt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42571543-36ec-4e02-b892-c3deb4ca1f88}] C:\WINDOWS\system32\rxqqbdrp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}] 2008-02-02 21:43 36352 --------- C:\WINDOWS\system32\wvuvust.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC076D80-B659-417F-A351-B3001BC72DA8}] C:\WINDOWS\System32\geecy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F72C4DDD-321F-4D9B-9A76-068B5A03FE24}] 2008-04-03 00:16 265728 --a------ C:\WINDOWS\system32\urqro.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-28 20:49 171448] "BM39412636"="C:\WINDOWS\System32\xniqcqjx.dll" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 11:07 65536] "ATIModeChange"="Ati2mdxx.exe" [2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-28 16:50 917504] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 21:28 185896] "BM39412636"="C:\WINDOWS\System32\xniqcqjx.dll" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}"= C:\WINDOWS\system32\wvuvust.dll [2008-02-02 21:43 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvust] wvuvust.dll 2008-02-02 21:43 36352 C:\WINDOWS\system32\wvuvust.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "SENTINEL"= snti386.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^stamenko^Start Menu^Programs^Startup^ubisoft register.lnk] path=C:\Documents and Settings\stamenko\Start Menu\Programs\Startup\ubisoft register.lnk backup=C:\WINDOWS\pss\ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3a7215aa] C:\WINDOWS\System32\kjutyalm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-08-25 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM39412636] C:\WINDOWS\System32\xniqcqjx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 22:56 15360 C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 10:29 2007088 C:\Program Files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol] --------- 2004-01-19 11:07 65536 C:\WINDOWS\ATK0100\Hcontrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean] C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 19:42 32768 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-28 20:49 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2003-10-24 09:23 618496 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2003-10-24 09:23 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-28 21:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] --a------ 2005-07-14 11:40 413696 C:\Program Files\TP-LINK\TWCU\TWCU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FreezeScreenSaver"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= "C:\\Program Files\\ASUS\\AP Utilities\\Wireless.exe"= R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2005-10-31 17:50] R2 CNCIO;CNCIO;C:\WINDOWS\system32\drivers\CNCIO.sys [2004-07-06 18:51] R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2006-06-02 22:48] R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 19:00] R2 io.sys;IO.DLL Driver;C:\WINDOWS\System32\drivers\io.sys [2006-01-25 03:27] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36] R3 Mach2;Mach2 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach2.sys [2003-11-08 02:44] R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2006-08-17 04:03] R3 Pulser;CNC Pulseing Service;C:\WINDOWS\system32\Drivers\Pulser.sys [2002-05-02 23:49] S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28] S3 zlportio;zlportio;C:\Program Files\cp09632\temp\zlportio.sys [] S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\System32\FreezeScreenSaver.exe [2005-09-29 14:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f240481-072b-11dd-91ea-00112fde9b0a}] \Shell\AutoRun\command - E:\AutoRun.exe . Contents of the 'Scheduled Tasks' folder "2008-05-06 19:29:02 C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-05-07 07:00:04 C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-05-07 14:00:02 C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-03-07 14:00:02 C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-03-28 20:48:32 C:\WINDOWS\Tasks\rpc.job" - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-05-07 18:29:45 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\wvuvust.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\ACS.EXE C:\WINDOWS\SYSTEM32\MSDTC.EXE C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE C:\PROGRAM FILES\ESET\NOD32KRN.EXE C:\WINDOWS\SYSTEM32\TCPSVCS.EXE C:\WINDOWS\SYSTEM32\SNMP.EXE C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\WINDOWS\ATK0100\ATKOSD.EXE C:\WINDOWS\SYSTEM32\IMAPI.EXE . ************************************************************************ . Completion time: 2008-05-07 18:33:07 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-07 16:32:56 Pre-Run: 39,055,622,144 bytes free Post-Run: 39,068,172,288 bytes free 347 --- E O F --- 2008-05-02 20:03:52 evo logo

Profil

dr_Bora Poslao: 07 Maj 2008 19:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\ksxiteqd.exe C:\WINDOWS\system32\wvuvust.V00dll C:\WINDOWS\system32\wvuvust.Vdll C:\WINDOWS\system32\jabqckpl.tmp C:\WINDOWS\system32\urqro.dll C:\WINDOWS\system32\nhuiwqwm.tmp C:\WINDOWS\system32\drivers\CNCIO.sys C:\WINDOWS\System32\FreezeScreenSaver.exe C:\WINDOWS\Tasks\rpc.job Folder:: C:\Program Files\Freeze.com C:\Documents and Settings\All Users\Application Data\systemerrorfixer C:\Program Files\Winferno Driver:: CNCIO FreezeScreenSaver Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42571543-36ec-4e02-b892-c3deb4ca1f88}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC076D80-B659-417F-A351-B3001BC72DA8}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F72C4DDD-321F-4D9B-9A76-068B5A03FE24}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BM39412636"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BM39412636"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvust] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3a7215aa] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM39412636] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

canke Poslao: 07 Maj 2008 19:32 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-01.3 - stamenko 2008-05-07 19:16:44.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.251 [GMT 2:00] Running from: C:\Documents and Settings\stamenko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\stamenko\Desktop\CFScript * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\drivers\CNCIO.sys C:\WINDOWS\System32\FreezeScreenSaver.exe C:\WINDOWS\system32\jabqckpl.tmp C:\WINDOWS\system32\ksxiteqd.exe C:\WINDOWS\system32\nhuiwqwm.tmp C:\WINDOWS\system32\urqro.dll C:\WINDOWS\system32\wvuvust.V00dll C:\WINDOWS\system32\wvuvust.Vdll C:\WINDOWS\Tasks\rpc.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1.exe C:\Documents and Settings\All Users\Application Data\systemerrorfixer C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\ac C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\em C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\oid C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\SystemErrorFixer.exe.cer C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\user C:\Program Files\Freeze.com C:\Program Files\Freeze.com\Moonlight Lake\dticon.url C:\Program Files\Freeze.com\Moonlight Lake\freeze.ico C:\Program Files\Freeze.com\Moonlight Lake\freeze.url C:\Program Files\Freeze.com\Moonlight Lake\INSTALL.LOG C:\Program Files\Freeze.com\Moonlight Lake\license.txt C:\Program Files\Freeze.com\Moonlight Lake\moonlight.ico C:\Program Files\Freeze.com\Moonlight Lake\PTest.exe C:\Program Files\Freeze.com\Moonlight Lake\remove.exe C:\Program Files\Freeze.com\Moonlight Lake\resources C:\Program Files\Freeze.com\Moonlight Lake\Settings.dat C:\Program Files\Freeze.com\Moonlight Lake\settings.xml C:\Program Files\Freeze.com\Moonlight Lake\smenu.url C:\Program Files\Freeze.com\Moonlight Lake\Test Moonlight Lake.lnk C:\Program Files\Freeze.com\Moonlight Lake\undata.exe C:\Program Files\Freeze.com\Moonlight Lake\undata.ini C:\Program Files\Freeze.com\Moonlight Lake\UNINSTAL.EXE C:\WINDOWS\system32\drivers\CNCIO.sys C:\WINDOWS\System32\FreezeScreenSaver.exe C:\WINDOWS\system32\jabqckpl.tmp C:\WINDOWS\system32\ksxiteqd.exe C:\WINDOWS\system32\nhuiwqwm.tmp C:\WINDOWS\system32\urqro.dll C:\WINDOWS\system32\wvuvust.V00dll C:\WINDOWS\system32\wvuvust.Vdll C:\WINDOWS\Tasks\rpc.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CNCIO -------\Legacy_FREEZESCREENSAVER -------\Service_CNCIO -------\Service_FreezeScreenSaver ((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))) . 2008-05-07 18:13 . 2008-05-07 18:13 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-07 16:54 . 2008-05-07 16:54 <DIR> d-------- C:\_OTMoveIt 2008-04-18 23:59 . 2008-04-18 23:59 <DIR> d--hs---- C:\FOUND.012 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-05 19:50 --------- d-----w C:\Program Files\VectorArt3dViewer 2008-03-29 20:14 --------- d-----w C:\Program Files\Cut2D Trial 2008-03-29 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno 2008-03-28 21:05 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2008-03-27 21:48 --------- d-----w C:\Program Files\translator 2008-03-27 20:36 --------- d-----w C:\Program Files\Recnik20 2008-03-26 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-03-26 20:08 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-03-25 13:28 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4679.exe 2008-03-25 13:28 --------- d-----w C:\Program Files\PDFCreator Toolbar 2008-03-25 13:27 --------- d-----w C:\Program Files\PDFCreator 2008-03-15 22:30 2,449 ----a-w C:\Program Files\Microsoft FrontPage.lnk 2008-03-15 19:37 7,381,946 ----a-w C:\WINDOWS\WindowsXP-KB835935-SP2-ENU.exe 2008-03-11 20:12 --------- d-----w C:\Documents and Settings\stamenko\Application Data\JLC's Software 2008-03-11 19:47 --------- d-----w C:\Program Files\JLC's Software 2008-03-10 20:26 --------- d-----w C:\Documents and Settings\stamenko\Application Data\FDRLab 2008-03-08 23:09 --------- d-----w C:\Program Files\AlgolabPtVector 2008-03-08 22:23 --------- d-----w C:\Program Files\uTorrent 2008-03-08 22:23 --------- d-----w C:\Documents and Settings\stamenko\Application Data\uTorrent 2008-03-08 21:34 --------- d-----w C:\Program Files\Pixologic 2008-02-15 19:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2008-02-14 20:23 518,888 ----a-w C:\WINDOWS\Media\WindowsXP-KB884020-x86-enu.exe 2007-12-09 05:24 2,492 ----a-w C:\Documents and Settings\stamenko\Application Data\ViewerApp.dat 2005-12-08 13:53 979 ----a-w C:\Program Files\ReadMe.txt . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-07 16:28:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-07 17:23:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-07 16:29:06 217,389 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-05-07 17:24:02 217,392 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-05-07 17:24:04 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_3d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}] 2008-02-02 21:43 36352 --------- C:\WINDOWS\system32\wvuvust.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-28 20:49 171448] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 11:07 65536] "ATIModeChange"="Ati2mdxx.exe" [2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-28 16:50 917504] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 21:28 185896] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}"= C:\WINDOWS\system32\wvuvust.dll [2008-02-02 21:43 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvust] wvuvust.dll 2008-02-02 21:43 36352 C:\WINDOWS\system32\wvuvust.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "SENTINEL"= snti386.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^stamenko^Start Menu^Programs^Startup^ubisoft register.lnk] path=C:\Documents and Settings\stamenko\Start Menu\Programs\Startup\ubisoft register.lnk backup=C:\WINDOWS\pss\ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-08-25 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 22:56 15360 C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 10:29 2007088 C:\Program Files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol] --------- 2004-01-19 11:07 65536 C:\WINDOWS\ATK0100\Hcontrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 19:42 32768 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-28 20:49 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2003-10-24 09:23 618496 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2003-10-24 09:23 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-28 21:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] --a------ 2005-07-14 11:40 413696 C:\Program Files\TP-LINK\TWCU\TWCU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FreezeScreenSaver"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= "C:\\Program Files\\ASUS\\AP Utilities\\Wireless.exe"= R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2005-10-31 17:50] R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2006-06-02 22:48] R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 19:00] R2 io.sys;IO.DLL Driver;C:\WINDOWS\System32\drivers\io.sys [2006-01-25 03:27] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36] R3 Mach2;Mach2 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach2.sys [2003-11-08 02:44] R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2006-08-17 04:03] R3 Pulser;CNC Pulseing Service;C:\WINDOWS\system32\Drivers\Pulser.sys [2002-05-02 23:49] S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28] S3 zlportio;zlportio;C:\Program Files\cp09632\temp\zlportio.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f240481-072b-11dd-91ea-00112fde9b0a}] \Shell\AutoRun\command - E:\AutoRun.exe . Contents of the 'Scheduled Tasks' folder "2008-05-06 19:29:02 C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-05-07 07:00:04 C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-05-07 14:00:02 C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-03-07 14:00:02 C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-05-07 19:24:39 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\wvuvust.dll PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\urlmon.dll -> ?:\WINDOWS\system32\urlmon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\ACS.EXE C:\WINDOWS\SYSTEM32\MSDTC.EXE C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE C:\PROGRAM FILES\ESET\NOD32KRN.EXE C:\WINDOWS\SYSTEM32\TCPSVCS.EXE C:\WINDOWS\SYSTEM32\SNMP.EXE C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\WINDOWS\ATK0100\ATKOSD.EXE . ************************************************************************ . Completion time: 2008-05-07 19:27:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-07 17:27:34 ComboFix2.txt 2008-05-07 16:33:10 Pre-Run: 39,027,179,520 bytes free Post-Run: 39,015,088,128 bytes free 251 --- E O F --- 2008-05-02 20:03:52 Evo opet log

Profil

dr_Bora Poslao: 07 Maj 2008 19:40 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Još malo... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\wvuvust.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76460D80-480D-40BF-AF0D-3A2D3B8DEF61}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvust]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

canke Poslao: 07 Maj 2008 20:25 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-01.3 - stamenko 2008-05-07 20:12:40.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.233 [GMT 2:00] Running from: C:\Documents and Settings\stamenko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\stamenko\Desktop\CFScript * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\wvuvust.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\wvuvust.dll . ((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))) . 2008-05-07 18:13 . 2008-05-07 18:13 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-07 16:54 . 2008-05-07 16:54 <DIR> d-------- C:\_OTMoveIt 2008-04-18 23:59 . 2008-04-18 23:59 <DIR> d--hs---- C:\FOUND.012 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-05 19:50 --------- d-----w C:\Program Files\VectorArt3dViewer 2008-03-29 20:14 --------- d-----w C:\Program Files\Cut2D Trial 2008-03-29 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno 2008-03-28 21:05 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2008-03-27 21:48 --------- d-----w C:\Program Files\translator 2008-03-27 20:36 --------- d-----w C:\Program Files\Recnik20 2008-03-26 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-03-26 20:08 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-03-25 13:28 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4679.exe 2008-03-25 13:28 --------- d-----w C:\Program Files\PDFCreator Toolbar 2008-03-25 13:27 --------- d-----w C:\Program Files\PDFCreator 2008-03-15 22:30 2,449 ----a-w C:\Program Files\Microsoft FrontPage.lnk 2008-03-15 19:37 7,381,946 ----a-w C:\WINDOWS\WindowsXP-KB835935-SP2-ENU.exe 2008-03-11 20:12 --------- d-----w C:\Documents and Settings\stamenko\Application Data\JLC's Software 2008-03-11 19:47 --------- d-----w C:\Program Files\JLC's Software 2008-03-10 20:26 --------- d-----w C:\Documents and Settings\stamenko\Application Data\FDRLab 2008-03-08 23:09 --------- d-----w C:\Program Files\AlgolabPtVector 2008-03-08 22:23 --------- d-----w C:\Program Files\uTorrent 2008-03-08 22:23 --------- d-----w C:\Documents and Settings\stamenko\Application Data\uTorrent 2008-03-08 21:34 --------- d-----w C:\Program Files\Pixologic 2008-02-15 19:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2007-12-09 05:24 2,492 ----a-w C:\Documents and Settings\stamenko\Application Data\ViewerApp.dat 2005-12-08 13:53 979 ----a-w C:\Program Files\ReadMe.txt . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-07 16:28:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-07 18:18:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-07 16:29:06 217,389 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-05-07 18:19:08 217,391 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-05-07 18:19:08 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_2f8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-28 20:49 171448] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 11:07 65536] "ATIModeChange"="Ati2mdxx.exe" [2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-28 16:50 917504] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 21:28 185896] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "SENTINEL"= snti386.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^stamenko^Start Menu^Programs^Startup^ubisoft register.lnk] path=C:\Documents and Settings\stamenko\Start Menu\Programs\Startup\ubisoft register.lnk backup=C:\WINDOWS\pss\ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-08-25 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 22:56 15360 C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 10:29 2007088 C:\Program Files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol] --------- 2004-01-19 11:07 65536 C:\WINDOWS\ATK0100\Hcontrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 19:42 32768 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-28 20:49 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2003-10-24 09:23 618496 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2003-10-24 09:23 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-28 21:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] --a------ 2005-07-14 11:40 413696 C:\Program Files\TP-LINK\TWCU\TWCU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FreezeScreenSaver"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= "C:\\Program Files\\ASUS\\AP Utilities\\Wireless.exe"= R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2005-10-31 17:50] R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2006-06-02 22:48] R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 19:00] R2 io.sys;IO.DLL Driver;C:\WINDOWS\System32\drivers\io.sys [2006-01-25 03:27] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36] R3 Mach2;Mach2 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach2.sys [2003-11-08 02:44] R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2006-08-17 04:03] R3 Pulser;CNC Pulseing Service;C:\WINDOWS\system32\Drivers\Pulser.sys [2002-05-02 23:49] S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28] S3 zlportio;zlportio;C:\Program Files\cp09632\temp\zlportio.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f240481-072b-11dd-91ea-00112fde9b0a}] \Shell\AutoRun\command - E:\AutoRun.exe . Contents of the 'Scheduled Tasks' folder "2008-05-06 19:29:02 C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-05-07 07:00:04 C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-05-07 14:00:02 C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-03-07 14:00:02 C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-05-07 20:19:23 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\ACS.EXE C:\WINDOWS\SYSTEM32\MSDTC.EXE C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE C:\PROGRAM FILES\ESET\NOD32KRN.EXE C:\WINDOWS\SYSTEM32\TCPSVCS.EXE C:\WINDOWS\SYSTEM32\SNMP.EXE C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\WINDOWS\ATK0100\ATKOSD.EXE . ************************************************************************ . Completion time: 2008-05-07 20:21:13 - machine was rebooted [stamenko] ComboFix-quarantined-files.txt 2008-05-07 18:21:08 ComboFix3.txt 2008-05-07 16:33:10 ComboFix2.txt 2008-05-07 17:27:48 Pre-Run: 38,967,115,776 bytes free Post-Run: 38,957,023,232 bytes free 192 --- E O F --- 2008-05-02 20:03:52 I ovaj log je odradjen

Profil

dr_Bora Poslao: 07 Maj 2008 20:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

canke Poslao: 07 Maj 2008 21:15 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada na kraju posle ovoliko Vaseg truda puno Vam se zahvaljujem i akomi bude potrebno jacu Vam se opet obratiti za pomoc

Profil

dr_Bora Poslao: 07 Maj 2008 21:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim. Poštovanje...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Imali pomoci ili format...

Ko je trenutno na forumu

Ukupno su 966 korisnika na forumu :: 39 registrovanih, 3 sakrivenih i 924 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, alek_bre, blek_crni, bozzo27, Bubimir, darkkran, DJUNTA, Dogma21, draganl, Fulcrum-A, Great White, HawX, hologram, Kaponi, kljift, littlebunny, Malahit, MilosKop, Mldo, Novakomp, Ognjen D., PC_Liu94, radionica1, rambod, robert90, sap, Sase, Shilok, shiro, Slingshot, Solunac na steroidima, starlights, veljko82, vespa nikola, Vlado82, vrlenija, wizzardone, wolf1, zzapNDjuric99

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by