Infekcija

Infekcija

offline
  • Pridružio: 26 Dec 2008
  • Poruke: 440

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:02 PM, on 4/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\internet\zarko92.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5243 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...
Juice_93fu ::Infekcija

Kako znaš da je infekcija; koja je; gde je?

offline
  • Pridružio: 26 Dec 2008
  • Poruke: 440

Otvara po 20 puta my computer ili mozilu, ne radi refresh itd.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Proverićemo, mada se ne bih kladio da malware ima veze sa time...




Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 26 Dec 2008
  • Poruke: 440

ComboFix 09-04-04.01 - Windows User 2009-04-08 12:43:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.324 [GMT 2:00]
Running from: d:\internet\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 16:21 . 2009-04-07 16:21 <DIR> d-------- c:\windows\Downloaded Installations
2009-04-07 16:21 . 2009-04-07 16:21 <DIR> d-------- c:\program files\GiPo@Utilities
2009-04-07 16:21 . 2009-04-07 16:21 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2009-04-07 15:57 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-07 15:57 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-07 15:57 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-07 15:57 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-07 15:57 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-07 15:57 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-07 15:57 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-04-07 15:57 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-07 14:20 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-04-07 14:15 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-04-07 14:15 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-04-07 13:50 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-07 13:50 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-07 13:50 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-07 13:50 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-07 13:50 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-07 13:45 . 2009-04-07 13:45 <DIR> d-------- c:\program files\MSXML 4.0
2009-04-07 13:42 . 2008-06-26 03:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2009-04-07 13:42 . 2008-06-26 03:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2009-04-07 13:42 . 2008-06-26 05:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2009-04-07 13:38 . 2009-04-07 13:38 <DIR> d-------- c:\users\All Users\ESET
2009-04-07 13:38 . 2009-04-07 13:38 <DIR> d-------- c:\programdata\ESET
2009-04-07 13:38 . 2009-04-07 13:38 <DIR> d-------- c:\program files\ESET
2009-04-07 13:38 . 2008-11-01 03:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-04-07 13:38 . 2008-03-08 06:21 1,695,744 --a------ c:\windows\System32\gameux.dll
2009-04-07 13:38 . 2008-11-01 05:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-04-07 13:36 . 2008-02-29 09:11 988,216 --a------ c:\windows\System32\winload.exe
2009-04-07 13:36 . 2008-02-29 09:11 927,288 --a------ c:\windows\System32\winresume.exe
2009-04-07 13:36 . 2008-02-22 07:05 615,992 --a------ c:\windows\System32\ci.dll
2009-04-07 13:36 . 2008-02-29 08:53 378,368 --a------ c:\windows\System32\srcore.dll
2009-04-07 13:36 . 2008-02-29 06:12 318,464 --a------ c:\windows\System32\rstrui.exe
2009-04-07 13:36 . 2008-02-29 08:53 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2009-04-07 13:36 . 2008-02-29 08:53 40,960 --a------ c:\windows\System32\srclient.dll
2009-04-07 13:36 . 2008-02-29 09:14 19,000 --a------ c:\windows\System32\kd1394.dll
2009-04-07 13:36 . 2008-02-29 06:12 14,848 --a------ c:\windows\System32\srdelayed.exe
2009-04-07 13:36 . 2008-02-29 08:35 6,656 --a------ c:\windows\System32\kbd106n.dll
2009-04-07 13:34 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-04-07 13:34 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-04-07 13:34 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-04-07 13:34 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-04-07 13:33 . 2008-09-18 07:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-04-07 13:33 . 2008-09-18 07:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-04-07 13:33 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-04-07 13:33 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-04-07 13:33 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-04-07 13:33 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-04-07 13:33 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
2009-04-07 13:33 . 2008-08-27 03:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-04-07 13:33 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-04-07 13:33 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-04-07 13:33 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-04-07 13:32 . 2008-09-05 07:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-04-07 13:32 . 2008-06-19 05:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-04-07 13:32 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-04-07 13:32 . 2008-04-18 07:48 269,312 --a------ c:\windows\System32\es.dll
2009-04-07 13:30 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe
2009-04-07 13:30 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-04-07 13:30 . 2008-04-26 10:08 1,314,816 --a------ c:\windows\System32\quartz.dll
2009-04-07 13:30 . 2008-04-10 07:12 738,304 --a------ c:\windows\System32\inetcomm.dll
2009-04-07 13:30 . 2008-08-12 05:39 443,392 --a------ c:\windows\System32\win32spl.dll
2009-04-07 13:23 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-04-07 13:23 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-04-07 13:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2009-04-07 13:23 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-04-07 13:23 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
2009-04-07 13:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2009-04-07 12:58 . 2009-04-07 12:58 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-04-07 12:58 . 2009-04-07 12:58 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-04-07 12:57 . 2009-04-07 12:57 <DIR> d-------- c:\users\Windows User\AppData\Roaming\SUPERAntiSpyware.com
2009-04-07 12:57 . 2009-04-07 12:57 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-07 12:51 . 2009-04-07 12:51 <DIR> d-------- c:\users\Windows User\AppData\Roaming\TuneUp Software
2009-04-07 12:51 . 2009-04-07 12:51 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-04-07 12:51 . 2009-04-07 12:51 <DIR> d-------- c:\programdata\TuneUp Software
2009-04-07 12:51 . 2009-04-07 12:51 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-04-07 12:51 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll
2009-04-07 12:51 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll
2009-04-07 12:50 . 2009-04-07 12:51 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2009-04-07 12:50 . 2009-04-07 12:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-04-07 12:44 . 2009-04-07 12:44 <DIR> d-------- c:\users\Windows User\AppData\Roaming\Thinstall
2009-04-07 12:31 . 2009-04-07 12:31 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 14:14 --------- d-----w c:\users\Windows User\AppData\Roaming\skypePM
2009-04-07 14:14 --------- d-----w c:\users\Windows User\AppData\Roaming\Skype
2009-04-07 14:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 11:26 --------- d-----w c:\users\Windows User\AppData\Roaming\Winamp
2009-04-07 11:26 --------- d-----w c:\program files\Winamp
2009-04-07 11:17 --------- d-----w c:\program files\Google
2009-04-07 11:13 --------- d-----w c:\program files\Triptych
2009-04-07 11:13 --------- d-----w c:\program files\Passage 3
2009-04-07 11:12 --------- d-----w c:\program files\Varmintz Deluxe
2009-04-07 11:11 --------- d-----w c:\program files\Spin & Win
2009-04-07 11:07 --------- d-----w c:\program files\Incadia
2009-04-07 11:02 --------- d-----w c:\program files\Playtonium Jigsaw Atlantic Lighthouses
2009-04-07 10:38 --------- d-----w c:\programdata\WinZip
2009-03-25 21:48 --------- d-----w c:\program files\Java
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-06 10:38 --------- d-----w c:\program files\Live Billiards
2009-02-09 12:42 --------- d-----w c:\program files\Common Files\Adobe
2009-02-09 12:41 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-09 12:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 12:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-05 05:55 1,579 ----a-w C:\ma477.bin
2009-01-24 18:03 1,073 ----a-w c:\program files\Play.lnk
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-11-10 1980200]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4145006369-1702334277-2870752167-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AA0E8BF6-4420-42E7-90BA-A787C20D7B3F}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{ED99674F-F676-44D1-804C-5DFDA933BFDB}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008 (2).exe:Pro Evolution Soccer 2008
"{41D81DB0-B3CF-416C-B19B-6D9A088D8118}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008 (2).exe:Pro Evolution Soccer 2008
"{1997A3F0-9837-447F-9BCF-9E6AE271CE3D}"= UDP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008
"{F8946384-7EE3-4E8B-AA5C-55D254DFE643}"= TCP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008
"{7A72C1DB-048E-447A-8FE0-5780B44F24A2}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{AA12A242-6A23-4881-A810-92976D363E9E}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{0F4BEFF6-E4A9-423B-B676-78E913002000}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{6762885C-0A4E-43BB-88AA-747272A2AEA3}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{0631E7EC-B9DE-494C-8C73-B48D16FEE1D9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CDB218E1-70D1-495C-A131-F801E4AD2609}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C1ED44DD-F44B-4A41-AB1D-F5110AACC91C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{73B51B5C-5FBD-455D-93FE-C426AF0DD8DD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2580947A-D35F-4DC3-BB57-B58C7C52F592}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E0F4B766-6FD8-4BA6-87BD-BC7E723D38E3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{71901D3A-BE0D-4481-9064-C9EA3B61438F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5B552B50-4F74-4961-B6C9-684D19845A43}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{053A3748-982A-43B8-AB25-47BFCAA44E67}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{600EF7C9-3CE6-4E68-920E-3D6AA1AEAB26}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A95B6172-05B3-4DA9-8842-1880353BE560}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E77F3474-5AC8-4941-A391-7083A73A3890}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{340CC0CA-8B82-41A6-9955-0B0EAD4E7341}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{559A1B64-CE3B-4CEB-A528-08BC6E797E81}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77C7A9B1-6ABC-4222-99D0-361B2E8AC950}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C89D60B-8A18-4C5E-A05C-C560C2789656}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{474FF471-6DFF-4775-AD4B-1C92AAC86605}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E603A68-5E20-4675-BDC8-E7A0568F2974}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F42BAF74-2C51-4D59-BFFF-1D297110789B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A72D9C2D-FF3A-41AC-B1F9-2086E200CC9E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EA21243B-3E21-4CAF-921A-F176B7F333FD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0457A15-937D-449F-8026-FE46F1CAC2BE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6F0F1592-5314-431D-A170-080674A7A227}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0CE1454C-8B43-4EBE-A1A9-7B9C22EDE9BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E300E162-1167-4BFE-B022-434AD7B25D14}"= UDP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008
"{CFA6C564-24ED-4B6D-9F9A-1358CC020E32}"= TCP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008
"{7399FD95-B3E0-4FA7-90ED-B0AD980027C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{913711AB-ED4F-4E42-BE5F-752B48B2C237}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DE47812D-5615-46DF-A8FA-D97DBF5287FF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C45AC876-DCA2-46FF-AC68-438FFB1778B1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1F16ACCD-B352-4F66-A70E-E1938648AAD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{863387B5-CAF7-47B2-8A86-AC2459A5A126}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{94057244-5BCB-4004-B4F7-AFCBE9E00F11}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C01DD949-04E2-4AA7-94FA-211FDD0F62F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6034B49C-2B9B-4CDD-88DD-921E707AEC0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5AC6ECDF-DDDB-446A-A396-D4693EFAD0DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CC404065-482A-4541-A340-1C7785D6CF59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F0B7935C-C7D8-4B83-AE35-E7CCFF3890D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{64C0DFE6-AF59-424B-B926-861A32F5A1F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FBD5EFA1-D30C-4333-BF86-E4430976B224}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CAE243D4-852D-4EA0-9F72-F19A202DB82C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{269A26D8-857B-4EA0-A1A1-DF260EC260DD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BFA9AC5E-8957-4934-AB12-C51074DD652B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FC10D1E0-D05B-4458-A7DA-2F6115C39CE1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B5CD0CA-4794-4F06-B86B-1A68300E14DE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{38F83AEB-B47C-4E89-B192-5053CAA9AF3D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F933D2D4-53EA-4F4F-B6F4-CEC30F4AF4A0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{347DCA05-E962-478C-8889-5C3F9BEC05CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FDD16D52-7181-4606-9117-E258EBE96B55}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{347E43F7-9CD8-4980-8EE1-4A57AD6BB534}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EED3671F-AF31-4766-B2DE-4CE3F8A1BCEC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D3C6C2B6-D434-4246-9FC4-6F52ECECA4EB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{323E2E17-D92A-44BC-A4BE-DB250ED35D69}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4306F34B-3567-455E-B596-2BA98B1299AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{709CBEA1-DB68-4A99-BCAE-C6E717A7622C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BDC43DF2-1DAB-4022-99E8-D25C37FC5158}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6F4B4647-F290-4FDA-9B3A-5C3500E55648}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5B4A07DB-0FF2-48F1-A68A-A2ACEA6E5379}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{93C13AEB-397C-49C3-AE0E-1C3BFAEAE630}"= c:\program files\Skype\Phone\Skype.exe:Skype

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2008-11-10 104456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-08-19 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-08-19 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-11-10 711240]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2008-11-10 90632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-09 1125208]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50623409-d8c7-11dd-a0b5-001d92472b1c}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Windows User\AppData\Roaming\Mozilla\Firefox\Profiles\h48sd0a2.default\
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 12:44:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-08 12:46:58
ComboFix-quarantined-files.txt 2009-04-08 10:46:56

Pre-Run: 8,139,403,264 bytes free
Post-Run: 8,638,025,728 bytes free

267 --- E O F --- 2009-04-07 12:23:52

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovde nema aktivnog malware-a. Samo jedna stavka u registru od neke ranije infekcije.

Da bi to uklonio, skini na Desktop: https://www.mycity.rs/must-login.png

Dvoklikni na taj file i kada se pojavi upit, klikni Yes.


Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.





Za savete oko preostalih problema se obrati u odgovarajući forum.

Ko je trenutno na forumu
 

Ukupno su 505 korisnika na forumu :: 3 registrovanih, 2 sakrivenih i 500 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, Hektor, VJ