Imam problem sa antihristom

Imam problem sa antihristom

offline
  • nesa87 
  • Novi MyCity građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 4

moze neko da mi pogogne oko ovoga

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Možda...

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • nesa87 
  • Novi MyCity građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 4

Logfile of HijackThis v1.99.1
Scan saved at 3:20:06 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\sys.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dimitrije\Desktop\Bla\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = mycity.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment]
F2 - REG:system.ini: Shell=Explorer.exe shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\media\wma.exe
F2 - REG:system.ini: UserInit=userinit.exe,sys.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [blank] C:\WINDOWS\system32\blank.htm
O4 - HKLM\..\Run: [vxds] C:\WINDOWS\vxds.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm
O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2081FB9B-6A91-425A-AB5B-13BEBDF3B098}: NameServer = 77.105.0.19 77.105.0.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{2081FB9B-6A91-425A-AB5B-13BEBDF3B098}: NameServer = 77.105.0.19 77.105.0.18
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Pokreni HijackThis, klikni Do a system scan only i štikliraj sledeće linije:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mycity.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment]
F2 - REG:system.ini: Shell=Explorer.exe shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\media\wma.exe
F2 - REG:system.ini: UserInit=userinit.exe,sys.exe
O4 - HKLM\..\Run: [blank] C:\WINDOWS\system32\blank.htm
O4 - HKLM\..\Run: [vxds] C:\WINDOWS\vxds.exe
O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm
O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe


Zatvori Internet Explorer i klikni Fix checked.


-------------------------------------------------------------------------------------


Restartuj kompjuter a zatim skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • nesa87 
  • Novi MyCity građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 4

ComboFix 08-06-20.4 - Dimitrije 2008-06-22 20:26:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.288 [GMT 2:00]
Running from: C:\Documents and Settings\Dimitrije\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 20:12 . 2008-06-22 20:12 <DIR> d-------- C:\Program Files\Conexant
2008-06-22 20:12 . 2005-09-06 17:10 173,494 --a------ C:\WINDOWS\system32\drivers\mon_ac_w.bin
2008-06-22 20:12 . 2005-09-21 19:31 158,592 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2008-06-22 20:12 . 2006-12-17 20:05 12,288 --------- C:\WINDOWS\system32\CplEng.dll
2008-06-17 16:12 . 2008-06-17 16:12 <DIR> d-------- C:\Documents and Settings\Dimitrije\Application Data\ACD Systems
2008-06-17 14:56 . 2008-06-17 14:56 <DIR> d-------- C:\Documents and Settings\Dimitrije\Application Data\Media Player Classic
2008-06-15 01:13 . 2008-02-18 20:08 17,886 --------- C:\WINDOWS\wwdslcfg.ini
2008-06-11 21:24 . 2008-06-13 23:59 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-06-11 21:21 . 2008-06-22 20:25 3,375,239 --a------ C:\WINDOWS\{00000000-00000000-00000013-00001102-00000002-80661102}.BAK
2008-06-11 21:21 . 2008-06-22 20:22 16,376 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 21:21 . 2008-06-22 20:22 16,376 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 21:21 . 2008-06-22 20:22 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-06-11 21:21 . 2008-06-22 20:22 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-06-11 21:21 . 2008-06-22 20:22 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000013-00001102-00000002-80661102}.dat
2008-06-11 21:21 . 2008-06-22 20:22 288 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000013-00001102-00000002-80661102}.dat
2008-06-11 21:20 . 2008-06-11 21:20 <DIR> d-------- C:\Program Files\WinASO
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Program Files\ACD Systems
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-11 21:18 . 2008-06-11 21:18 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-06-11 21:17 . 2008-06-11 21:17 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-11 21:15 . 2008-06-11 21:15 <DIR> d-------- C:\Program Files\Webteh
2008-06-11 21:13 . 2008-06-11 21:13 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-11 21:13 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-06-11 21:13 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-06-11 21:12 . 2008-06-11 21:12 <DIR> d-------- C:\Program Files\NO1 CD Ripper
2008-06-11 21:11 . 2005-03-12 00:48 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 21:11 . 2005-03-12 00:28 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 21:10 . 2008-06-11 21:12 <DIR> d-------- C:\Program Files\Winamp
2008-06-11 21:06 . 2008-06-12 15:53 <DIR> d-------- C:\Program Files\ESET
2008-06-11 21:06 . 2008-06-11 21:06 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-11 21:06 . 2008-06-11 21:06 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-06-11 21:06 . 2008-06-11 21:06 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-11 21:05 . 2008-06-17 14:57 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-11 21:03 . 2008-06-13 23:59 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP
2008-06-11 21:03 . 2008-06-13 23:59 392 --ahs---- C:\WINDOWS\system32\OEMINFO.INI
2008-06-11 21:02 . 2008-06-11 21:02 <DIR> d-------- C:\Program Files\The KMPlayer
2008-06-11 21:01 . 2008-06-11 21:01 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-11 21:00 . 2008-06-11 21:00 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-11 19:13 . 2008-06-11 19:13 <DIR> d-------- C:\Documents and Settings\Dimitrije\Application Data\Creative
2008-06-11 19:13 . 2008-06-22 20:25 3,375,239 --a------ C:\WINDOWS\{00000000-00000000-00000013-00001102-00000002-80661102}.CDF
2008-06-11 19:12 . 2008-06-22 20:22 24,144 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 19:12 . 2008-06-22 20:22 24,144 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 19:07 . 2008-06-11 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-11 19:06 . 2008-06-11 19:06 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-11 19:05 . 2008-06-11 19:05 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-11 19:04 . 2008-06-11 19:04 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-11 19:04 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-11 19:04 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-11 19:04 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-11 19:04 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-11 19:04 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-11 19:04 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-11 19:02 . 2008-06-11 19:06 <DIR> d-------- C:\Program Files\HP
2008-06-11 19:02 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-11 19:02 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-11 19:02 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-11 19:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-11 19:02 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-11 19:01 . 2008-06-11 19:09 117,582 --a------ C:\WINDOWS\hpoins11.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 19:07 --------- d-----w C:\Documents and Settings\Dimitrije\Application Data\Ahead
2008-06-11 18:58 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-11 18:58 --------- d-----w C:\Documents and Settings\Dimitrije\Application Data\Microsoft Web Folders
2008-06-11 18:54 --------- d-----w C:\Program Files\Nero
2008-06-11 18:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-11 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 17:13 --------- d-----w C:\Program Files\Creative
2008-06-11 16:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-11 16:59 --------- d-----w C:\Documents and Settings\Dimitrije\Application Data\InterTrust
2008-06-11 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-06-11 16:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-11 16:53 --------- d-----w C:\Program Files\VIA
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-11 21:06 949376]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [2006-12-17 20:05 376832]
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [2006-12-17 19:50 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"="[Antichrist]"
"LegalNoticeText"="[Day of judgment]"
"LogonPrompt"="[Day of judgment]"
"Welcome"="[Antichrist]"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blank]
C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
--a------ 2003-09-17 17:39 212992 C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlps]
C:\WINDOWS\Help\hlps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-22 20:28:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 20:29:07
ComboFix-quarantined-files.txt 2008-06-22 18:29:00

Pre-Run: 34,198,757,376 bytes free
Post-Run: 34,770,956,288 bytes free

165

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\WINDOWS\system32\OEMLOGO.BMP
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\blank.htm

DirLook::
C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"=-
"LegalNoticeText"=-
"LogonPrompt"=-
"Welcome"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blank]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlps]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • nesa87 
  • Novi MyCity građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 4

ComboFix 08-06-20.4 - Dimitrije 2008-06-22 23:36:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.284 [GMT 2:00]
Running from: C:\Documents and Settings\Dimitrije\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dimitrije\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 21:51 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-22 21:51 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-22 20:12 . 2008-06-22 20:12 <DIR> d-------- C:\Program Files\Conexant
2008-06-22 20:12 . 2005-09-06 17:10 173,494 --a------ C:\WINDOWS\system32\drivers\mon_ac_w.bin
2008-06-22 20:12 . 2005-09-21 19:31 158,592 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2008-06-22 20:12 . 2006-12-17 20:05 12,288 --------- C:\WINDOWS\system32\CplEng.dll
2008-06-17 16:12 . 2008-06-17 16:12 <DIR> d-------- C:\Documents and Settings\Dimitrije\Application Data\ACD Systems
2008-06-17 14:56 . 2008-06-17 14:56 <DIR> d-------- C:\Documents and Settings\Dimitrije\Application Data\Media Player Classic
2008-06-15 01:13 . 2008-02-18 20:08 17,886 --------- C:\WINDOWS\wwdslcfg.ini
2008-06-11 21:24 . 2008-06-13 23:59 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-06-11 21:21 . 2008-06-22 23:36 3,375,239 --a------ C:\WINDOWS\{00000000-00000000-00000013-00001102-00000002-80661102}.BAK
2008-06-11 21:21 . 2008-06-22 23:30 16,376 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 21:21 . 2008-06-22 23:30 16,376 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 21:21 . 2008-06-22 23:30 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-06-11 21:21 . 2008-06-22 23:30 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-06-11 21:21 . 2008-06-22 23:30 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000013-00001102-00000002-80661102}.dat
2008-06-11 21:21 . 2008-06-22 23:30 288 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000013-00001102-00000002-80661102}.dat
2008-06-11 21:20 . 2008-06-11 21:20 <DIR> d-------- C:\Program Files\WinASO
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Program Files\ACD Systems
2008-06-11 21:18 . 2008-06-11 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-11 21:18 . 2008-06-11 21:18 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-06-11 21:17 . 2008-06-11 21:17 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-11 21:15 . 2008-06-11 21:15 <DIR> d-------- C:\Program Files\Webteh
2008-06-11 21:13 . 2008-06-11 21:13 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-11 21:13 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-06-11 21:13 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-06-11 21:12 . 2008-06-11 21:12 <DIR> d-------- C:\Program Files\NO1 CD Ripper
2008-06-11 21:11 . 2005-03-12 00:48 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 21:11 . 2005-03-12 00:28 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 21:10 . 2008-06-11 21:12 <DIR> d-------- C:\Program Files\Winamp
2008-06-11 21:06 . 2008-06-12 15:53 <DIR> d-------- C:\Program Files\ESET
2008-06-11 21:06 . 2008-06-11 21:06 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-11 21:06 . 2008-06-11 21:06 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-06-11 21:06 . 2008-06-11 21:06 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-11 21:05 . 2008-06-17 14:57 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-11 21:02 . 2008-06-11 21:02 <DIR> d-------- C:\Program Files\The KMPlayer
2008-06-11 21:01 . 2008-06-11 21:01 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-11 21:00 . 2008-06-11 21:00 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-11 19:13 . 2008-06-11 19:13 <DIR> d-------- C:\Documents and Settings\Dimitrije\Application Data\Creative
2008-06-11 19:13 . 2008-06-22 23:36 3,375,239 --a------ C:\WINDOWS\{00000000-00000000-00000013-00001102-00000002-80661102}.CDF
2008-06-11 19:12 . 2008-06-22 23:30 24,144 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 19:12 . 2008-06-22 23:30 24,144 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-00000013-00001102-00000002-80661102}.rfx
2008-06-11 19:07 . 2008-06-11 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-11 19:06 . 2008-06-11 19:06 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-11 19:05 . 2008-06-11 19:05 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-11 19:04 . 2008-06-11 19:04 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-11 19:04 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-11 19:04 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-11 19:04 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-11 19:04 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-11 19:04 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-11 19:04 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-11 19:02 . 2008-06-11 19:06 <DIR> d-------- C:\Program Files\HP
2008-06-11 19:02 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-11 19:02 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-11 19:02 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-11 19:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-11 19:02 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-11 19:01 . 2008-06-11 19:09 117,582 --a------ C:\WINDOWS\hpoins11.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 19:07 --------- d-----w C:\Documents and Settings\Dimitrije\Application Data\Ahead
2008-06-11 18:58 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-11 18:58 --------- d-----w C:\Documents and Settings\Dimitrije\Application Data\Microsoft Web Folders
2008-06-11 18:54 --------- d-----w C:\Program Files\Nero
2008-06-11 18:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-11 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 17:13 --------- d-----w C:\Program Files\Creative
2008-06-11 16:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-11 16:59 --------- d-----w C:\Documents and Settings\Dimitrije\Application Data\InterTrust
2008-06-11 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-06-11 16:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-11 16:53 --------- d-----w C:\Program Files\VIA
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} ----



((((((((((((((((((((((((((((( snapshot@2008-06-22_20.28.54.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 18:23:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 21:34:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-11 21:06 949376]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [2006-12-17 20:05 376832]
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [2006-12-17 19:50 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
--a------ 2003-09-17 17:39 212992 C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-22 23:38:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 23:39:25
ComboFix-quarantined-files.txt 2008-06-22 21:39:17
ComboFix2.txt 2008-06-22 18:29:08

Pre-Run: 34,727,378,944 bytes free
Post-Run: 34,752,069,632 bytes free

174

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ko je trenutno na forumu
 

Ukupno su 939 korisnika na forumu :: 45 registrovanih, 5 sakrivenih i 889 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Asparagus, babaroga, bokisha253, Boris Bosiljčić, BORUTUS, Brana01, comi_pfc, croato, cvrle312, darcaud, DENIRO, Dimitrise93, DPera, dragoljub11987, dragon986, dule10savic, FileFinder, GenZee, Georgius, goxin, h8propaganda, ikan, JOntra, Kubovac, Lieutenant, mercedesamg, mile23, milenko crazy north, Miroljub1979, novator, opt1, pein, pera bager, prle122, repac, Ripanjac, stegonosa, suponik, vathra, VJ, vladulns, VP6919, wolverined4, 125