MyCity » Ambulanta -> Arhiva Ambulante » Maja_pomoć

Maja_pomoć

Napisano na dan: 22.12.2008

Maja_pomoć
Sledeća strana Pagination

Idi na vrh

Poslao: 22 Dec 2008 19:11
Idi na vrh
offline
  • Pridružio: 22 Dec 2008
  • Poruke: 2

molim drBoru da mi pomogne da proverim komp od virusa
Smile

Dopuna: 22 Dec 2008 19:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:03, on 22.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Admin\Desktop\drBora\drBoraIsBest.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [63173251197908607810135111761583] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] D:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZUfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 9114 bytes

Poslao: 22 Dec 2008 20:16
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Samo jedan mali detalj pre no što počnemo: savete u ovom delu foruma mogu davati samo članovi AMF tima. U ovom trenutku, uz mene, to uključuje i još nekoliko ljudi, za koje mogu da garantujem da bi dali kvalitetne savete.
Stoga, nije baš poželjno direktno se obraćati nekome od nas sa molbom za pomoć.

Ne da mi ne laska naziv file-a Razz , već... Bolje je za tebe (veća šansa da pre dobiješ pomoć) i ispravnije je prema kolegama.


Anyway... U logu postoje tragovi malware-a; da li postoji nešto aktivno, to ćemo tek videti.



Privremeno ćemo isključiti TeaTimer:

Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.



* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 28 Dec 2008 23:42
Idi na vrh
offline
  • Pridružio: 22 Dec 2008
  • Poruke: 2

ComboFix 08-12-28.01 - Admin 2008-12-28 23:29:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.592 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\017AA8F3.swf
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-25 18:43 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-25 18:43 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-25 18:43 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-22 19:19 . 2008-12-22 19:19 306,432 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-12-22 19:19 . 2007-12-20 10:41 29,440 --a------ c:\windows\system32\uxtuneup.dll
2008-12-22 19:17 . 2008-12-22 19:19 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2008-12-22 19:17 . 2008-12-22 19:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-22 19:17 . 2008-12-22 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-22 19:17 . 2008-12-22 19:17 <DIR> d-------- c:\documents and settings\Admin\Application Data\TuneUp Software
2008-12-20 01:10 . 2007-08-13 18:52 66,048 --a------ c:\windows\ieResetIcons.exe
2008-12-20 01:10 . 2008-12-20 01:10 230 --a------ c:\windows\system32\spupdsvc.inf
2008-12-14 22:29 . 2008-12-14 22:29 <DIR> d-------- c:\documents and settings\Admin\Application Data\Ahead
2008-12-14 00:31 . 2008-04-14 02:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-14 00:31 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-14 00:31 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-14 00:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-14 00:25 . 2008-12-14 00:26 <DIR> d-------- c:\program files\Canon
2008-12-14 00:25 . 2008-12-14 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-14 00:23 . 2008-12-24 21:53 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-14 00:23 . 2008-12-14 00:23 1,409 --a------ c:\windows\QTFont.for
2008-12-14 00:22 . 2008-12-14 00:23 <DIR> d-------- c:\program files\QuickTime
2008-12-14 00:21 . 2008-12-14 00:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-14 00:19 . 2008-12-14 00:19 <DIR> d-------- c:\program files\Common Files\Canon
2008-12-13 23:29 . 2008-12-13 23:29 <DIR> d-------- c:\documents and settings\Admin\Application Data\AdobeAUM
2008-12-11 21:29 . 2008-12-11 21:29 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-07 01:20 . 2008-12-07 01:20 268 --ah----- C:\sqmdata00.sqm
2008-12-07 01:20 . 2008-12-07 01:20 244 --ah----- C:\sqmnoopt00.sqm
2008-12-07 01:17 . 2008-12-07 12:17 <DIR> d-------- c:\documents and settings\Admin\Contacts
2008-12-07 01:14 . 2008-12-07 01:14 <DIR> d-------- c:\program files\MSN Messenger
2008-12-06 10:11 . 2008-12-06 10:13 <DIR> d-------- c:\documents and settings\Admin\Application Data\SecretIslandEng
2008-12-04 19:03 . 2008-12-04 19:03 <DIR> d-------- c:\program files\Mattel Media
2008-12-01 18:19 . 2008-12-01 18:19 <DIR> d-------- c:\documents and settings\Admin\Application Data\ITTNord
2008-11-30 18:18 . 2008-11-30 18:18 <DIR> d-------- c:\windows\Fashion Apprentice

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 15:05 --------- d-----w c:\documents and settings\Admin\Application Data\AVG7
2008-12-25 17:45 --------- d-----w c:\program files\Winamp
2008-12-20 00:09 --------- d-----w c:\program files\Shockwave.com
2008-12-20 00:08 --------- d-----w c:\program files\EA Games
2008-12-19 23:57 --------- d-----w c:\program files\CheboMan
2008-12-19 23:16 --------- d-----w c:\documents and settings\Admin\Application Data\uTorrent
2008-12-16 21:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-13 22:47 --------- d-----w c:\documents and settings\Admin\Application Data\AdobeUM
2008-12-12 22:29 --------- d-----w c:\documents and settings\Admin\Application Data\skypePM
2008-12-10 00:08 --------- d-----w c:\documents and settings\Admin\Application Data\Skype
2008-12-06 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 23:17 --------- d-----w c:\program files\Activision
2008-12-06 19:42 --------- d-----w c:\program files\Cuvari Prirode
2008-12-05 12:36 --------- d-----w c:\program files\THQ
2008-11-13 07:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 13:15 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-09 13:15 --------- d-----w c:\documents and settings\Admin\Application Data\PlayFirst
2008-11-09 13:10 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-11-09 13:09 --------- d-----w c:\program files\Common Files\Sandlot Shared
2008-11-09 13:04 --------- d-----w c:\documents and settings\Admin\Application Data\Gamelab
2008-11-09 11:15 --------- d-----w c:\program files\MSVideoPlugin
2008-11-02 20:29 --------- d-----w c:\program files\Strategy First
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-26 185872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-05-10 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-09-17 219136]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"My Web Search Bar"=rundll32 c:\progra~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"d:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\DRIVERS\K320bus.sys [2008-08-02 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\DRIVERS\K320mdfl.sys [2008-08-02 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\DRIVERS\K320mdm.sys [2008-08-02 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\K320mgmt.sys [2008-08-02 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\K320obex.sys [2008-08-02 86368]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\c8freq3i.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-28 23:32:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-12-28 23:33:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 22:33:46

Pre-Run: 39.542.915.072 bytes free
Post-Run: 39,872,794,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

196 --- E O F --- 2008-12-27 18:59:26

Poslao: 29 Dec 2008 14:56
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

Folder::
c:\program files\MSVideoPlugin

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"My Web Search Bar"=-
"MyWebSearch Plugin"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Maja_pomoć

Ko je trenutno na forumu
 

Ukupno su 774 korisnika na forumu :: 3 registrovanih, 1 sakriven i 770 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bladesu, Milos82, scimitar19