MyCity » Ambulanta -> Arhiva Ambulante » Malware ili sta drugo???

Malware ili sta drugo???

Napisano na dan: 1.10.2008

Strana:
1
2

Malware ili sta drugo???

Sledeća strana

Pagination

Odgovori

Strana:
1
2

stefannn Poslao: 01 Okt 2008 22:13 Idi na vrh
offline stefannn Građanin Pridružio: 21 Sep 2008 Poruke: 238 Gde živiš: Bačka Palanka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Treba mi pomoc.Sta mi se desava sa particijama.Svaki put kad hocu da otvorim neku particiju u Windows Explorer-u pojavi mi se ovakav prozor(na slici).Dok npr. u TC-ju mi normalno otvara. Thnks!

Profil

dr_Bora Poslao: 01 Okt 2008 22:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Isprati uputstvo za otvaranje teme: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

stefannn Poslao: 02 Okt 2008 22:18 Idi na vrh
offline stefannn Građanin Pridružio: 21 Sep 2008 Poruke: 238 Gde živiš: Bačka Palanka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! stefannn ::Treba mi pomoc.Sta mi se desava sa particijama.Svaki put kad hocu da otvorim neku particiju u Windows Explorer-u pojavi mi se ovakav prozor(na slici).Dok npr. u TC-ju mi normalno otvara. Thnks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:14:57, on 2.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Documents and Settings\Stefan\Desktop\My City Folder\TR3.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [MMTrayLSI] C:\WINDOWS\system32\MMTrayLSI.exe O4 - HKLM\..\Run: [MMTray2K] C:\WINDOWS\system32\MMTray2k.exe O4 - HKLM\..\Run: [MMTray] C:\WINDOWS\system32\MMTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdfkb.exe] C:\WINDOWS\system32\kdfkb.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4F6198DD-FBC9-4ECF-9259-B28F52C27765}: NameServer = 85.255.114.44,85.255.112.237 O17 - HKLM\System\CCS\Services\Tcpip\..\{97AEFD99-BE41-420A-8762-D66809A15379}: NameServer = 85.255.114.44,85.255.112.237 O17 - HKLM\System\CCS\Services\Tcpip\..\{BB1E1F62-F0A8-4A55-B2F3-DDB50197BA0B}: NameServer = 85.255.114.44,85.255.112.237 O17 - HKLM\System\CS1\Services\Tcpip\..\{4F6198DD-FBC9-4ECF-9259-B28F52C27765}: NameServer = 85.255.114.44,85.255.112.237 O17 - HKLM\System\CS2\Services\Tcpip\..\{4F6198DD-FBC9-4ECF-9259-B28F52C27765}: NameServer = 85.255.114.44,85.255.112.237 O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) -- End of file - 7436 bytes

Profil

dr_Bora Poslao: 02 Okt 2008 22:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Redom isprati sledeća uputstva. 1) Preuzmi FixWareOut. Dvoklikom pokreni Fixwareout.exe U prozoru koji se otvori, klikni Next >, a nakon toga Install Kada instalacija bude gotova, klikni Finish Otvoriće se prozor - pritisni bilo koji taster za nastavak Kada se pojavi upit o restartovanju kompjutera, klikni OK Kompjuter će se restartovati, nakon čega će biti nastavljen proces čišćenja Kada se pojavi obaveštenje o započinjanju čišćenja, klikni OK Kada proces bude završen, pojaviće se obaveštenje koje treba zatvoriti klikom na OK i otvoriće se logfile u Notepad-u (C:\fixwareout\report.txt) koji je potrebno iskopirati u temu na forumu. ------------------------------------------------------------------------------------- 2) Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

stefannn Poslao: 04 Okt 2008 20:04 Idi na vrh
offline stefannn Građanin Pridružio: 21 Sep 2008 Poruke: 238 Gde živiš: Bačka Palanka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Report iz Combofix-a: ComboFix 08-10-04.01 - Stefan 2008-10-04 19:51:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT 2:00] Running from: C:\Documents and Settings\Stefan\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Stefan\LOCALS~1\Temp\install_flash_player.exe D:\Autorun.inf F:\Autorun.inf J:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 ))))))))))))))))))))))))))))))) . 2008-10-04 19:45 . 2008-10-04 19:49 <DIR> d-------- C:\fixwareout 2008-10-04 15:55 . 2008-10-04 16:13 14 --a------ C:\WINDOWS\popcinfot.dat 2008-10-04 15:54 . 2008-10-04 16:21 <DIR> d-------- C:\Program Files\PopCap Games 2008-10-04 15:54 . 2008-10-04 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap Games 2008-10-04 15:41 . 2008-10-04 15:44 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-10-04 15:41 . 2008-10-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-10-04 15:41 . 2008-10-04 15:41 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-10-04 15:41 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-10-04 15:40 . 2008-10-04 15:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-04 15:12 . 2008-10-04 15:12 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\vlc 2008-10-04 15:00 . 2008-10-04 15:15 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-02 22:37 . 2008-10-03 20:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-02 22:37 . 2008-10-02 22:37 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\Malwarebytes 2008-10-02 22:37 . 2008-10-02 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-02 22:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-02 22:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-02 10:51 . 2008-10-02 10:51 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-09-27 19:34 . 2008-09-29 22:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-27 19:34 . 2008-09-29 22:18 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-27 13:29 . 2006-05-15 15:35 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys 2008-09-27 13:29 . 2006-05-15 15:35 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys 2008-09-27 13:29 . 2006-05-15 15:35 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys 2008-09-27 13:29 . 2006-05-15 15:35 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys 2008-09-23 21:12 . 2007-05-03 17:42 364,629 --a------ C:\WINDOWS\system32\acs.exe 2008-09-23 21:12 . 2007-05-03 17:44 73,801 --a------ C:\WINDOWS\system32\athgina.dll 2008-09-23 21:11 . 2008-09-23 21:11 <DIR> d-------- C:\Program Files\Atheros 2008-09-18 14:35 . 2008-09-18 14:35 <DIR> d-------- C:\Program Files\Common Files\Windows Live 2008-09-13 22:22 . 2008-09-13 22:22 <DIR> d-------- C:\Program Files\DivXCodec 2008-09-12 16:50 . 2008-09-24 15:31 <DIR> d-------- C:\Program Files\Ahead 2008-09-11 14:55 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-09-08 21:55 . 2008-09-08 21:55 <DIR> d-------- C:\Program Files\AngelPotion Video Codec V1 2008-09-08 21:55 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-09-08 21:55 . 2000-08-09 21:26 177,241 --a------ C:\WINDOWS\system32\APmpg4v1.apl 2008-09-08 21:55 . 2000-08-23 07:26 106,496 --a------ C:\WINDOWS\system32\APmpg4v1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-04 14:21 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Free Download Manager 2008-10-04 12:23 --------- d-----w C:\Program Files\ESET 2008-10-02 19:52 --------- d-----w C:\Program Files\ICQToolbar 2008-09-27 14:30 --------- d-----w C:\Program Files\Nero 2008-09-24 13:39 --------- d-----w C:\Program Files\Common Files\Nero 2008-09-23 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-19 14:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-09-19 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-09-18 13:48 --------- d-----w C:\Program Files\VirtualDJ 2008-09-18 13:47 --------- d-----w C:\Program Files\MSN Messenger 2008-09-11 12:55 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-09-02 18:51 --------- d-----w C:\Program Files\Maxima-5.16.3 2008-08-30 16:03 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Ahead 2008-08-30 14:22 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-08-28 18:16 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-28 12:20 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-28 12:20 --------- d-----w C:\Program Files\Microsoft Works 2008-08-27 12:34 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Hamachi 2008-08-25 12:52 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Corel 2008-08-25 12:49 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-25 12:49 --------- d-----w C:\Program Files\Common Files\Corel 2008-08-25 12:48 --------- d-----w C:\Program Files\Corel 2008-08-24 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM 2008-08-24 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-20 15:58 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-08-19 17:58 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2008-08-17 12:27 --------- d-----w C:\Program Files\Webteh 2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Stefan\Application Data\ICQ 2008-08-16 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-08-16 10:26 --------- d-----w C:\Documents and Settings\Stefan\Application Data\skypePM 2008-08-13 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-08-08 22:12 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-07 12:56 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Nero 2008-08-04 12:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-08-04 12:33 --------- d-----w C:\Documents and Settings\Stefan\Application Data\ICQ Toolbar 2008-07-14 16:01 81,920 ----a-w C:\Documents and Settings\Stefan\Application Data\ezpinst.exe 2008-07-14 16:01 47,360 ----a-w C:\Documents and Settings\Stefan\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "MMTrayLSI"="C:\WINDOWS\system32\MMTrayLSI.exe" [2003-03-25 53248] "MMTray2K"="C:\WINDOWS\system32\MMTray2k.exe" [2003-03-25 57344] "MMTray"="C:\WINDOWS\system32\MMTray.exe" [2003-03-25 53248] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-11-30 C:\WINDOWS\RTHDCPL.exe] "Tweak UI"="TWEAKUI.CPL" [2003-03-25 C:\WINDOWS\system32\tweakui.cpl] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll "msacm.l3acm"= L3codecp.acm "msacm.divxa32"= DivXa32.acm "vidc.asv2"= asusasv2.dll "vidc.div3"= DivXc32.dll "vidc.div4"= DivXc32f.dll "vidc.ap41"= APmpg4v1.dll "vidc.mjpg"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll "vidc.rud0"= rududu.dll "vidc.mj2c"= M3JP2K32.dll "vidc.mmes"= DigiVCap.dll "vidc.vixl"= Miroxl32.dll "vidc.sony"= sonydv.dll "vidc.dv25"= DigiVCap.dll "vidc.dv50"= DigiVCap.dll "vidc.msmc"= DigiVCap.dll "vidc.mmjp"= DigiVCap.dll "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.vssv"= vsscodec.dll "vidc.pim1"= pclepim1.dll "vidc.advs"= Dvc.dll "vidc.asv1"= asusasv1.dll "vidc.vcr1"= ativcr1.dll "vidc.vcr2"= ativcr2.dll "vidc.aflc"= flccodec32.dll "vidc.aasc"= Aasc32.dll "vidc.avrn"= AvidAVICodec.dll "VIDC.mszh"= avimszh.dll "vidc.zlib"= avizlib.dll "vidc.mwv1"= icmw_32.dll "vidc.bt20"= btvvc32.drv "vidc.y41p"= btvvc32.drv "vidc.cscd"= camcodec.dll "vidc.cdvc"= CSCCDVC.DLL "vidc.ddvc"= CSCdvsd.DLL "vidc.dps0"= DpsAviCC.dll "vidc.dvx4"= divx4.dll "vidc.em2v"= EtxCodec.dll "vidc.frwd"= frwd.dll "vidc.frwt"= frwt.dll "vidc.frwu"= frwu.dll "vidc.glzw"= GLZW.dll "vidc.gpeg"= GPEG.dll "vidc.hfyu"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.ir21"= IR21_R.DLL "vidc.rt21"= IR21_R.DLL "vidc.dcmj"= MCMJPG32.DLL "vidc.tvmj"= MMTVMJ.dll "vidc.fljp"= MMTVMJ.dll "vidc.nt00"= NTCodec.dll "vidc.vp31"= vp31vfw.dll "vidc.pdvc"= idvcodec.dll "vidc.ipdv"= idvcodec.dll "vidc.sjpg"= pmjpeg32.dll "vidc.pvw2"= pvwv220.dll "vidc.pimj"= pvljpg20.dll "vidc.mjpx"= pvmjpg21.dll "vidc.miro"= mirodv2avi.dll "vidc.mjpa"= rtmjpgcdc.dll "msacm.qmpeg"= qmpeg.acm "vidc.qpeg"= Qpeg32.dll "vidc.rmp4"= rmp4.dll "vidc.s422"= tekyuv.dll "vidc.wnv1"= WNVPLAY1.DLL "msacm.pcdv"= pcdv.acm "msacm.imc"= IMC32.ACM "msacm.wrpr"= aviwrap.dll "vidc.wrpr"= aviwrap.dll "vidc.png1"= CorePNG_vfw.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --a------ 2008-09-09 15:06 2465839 C:\Program Files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-09 15:06 133104 C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [ ] S3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [ ] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-04 306432] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd6e20e-8cba-11dd-b83a-0015af99d8cd}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i: \Shell\Open\command - I:\resycled\boot.com i: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98fbfdef-51f7-11dd-b7bc-0015af99d8cd}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h: \Shell\Open\command - K:\resycled\boot.com h: . Contents of the 'Scheduled Tasks' folder 2008-10-04 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31] 2008-10-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 15:06] . - - - - ORPHANS REMOVED - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-C:\WINDOWS\system32\kdfkb.exe - C:\WINDOWS\system32\kdfkb.exe MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe MSConfigStartUp-LClock - C:\Program Files\LClock\LClock.exe MSConfigStartUp-LogMeIn GUI - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe MSConfigStartUp-SweetIM - C:\Program Files\SweetIM\Messenger\SweetIM.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Stefan\Application Data\Mozilla\Firefox\Profiles\6797vdyr.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.rs FF -: plugin - C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 19:55:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASPI32] "ImagePath"="hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,73,00,70,00,69,00,33,00,32,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASPI32] "ImagePath"="hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,73,00,70,00,69,00,33,00,32,00,2e,00,73,00,79,00,73,00,00,00" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ComboFix\pv.cfexe . ************************************************************************ . Completion time: 2008-10-04 19:57:51 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-04 17:57:48 Pre-Run: 22.345.007.104 bytes free Post-Run: 23,658,688,512 bytes free 283 --- E O F --- 2008-09-25 13:03:00 --- Report iz Fixwareout-a: Username "Stefan" - 04.10.2008 19:45:46 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\"" "MMTrayLSI"="C:\\WINDOWS\\system32\\MMTrayLSI.exe" "MMTray2K"="C:\\WINDOWS\\system32\\MMTray2k.exe" "MMTray"="C:\\WINDOWS\\system32\\MMTray.exe" "AGRSMMSG"="AGRSMMSG.exe" "egui"="\"C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe\" /hide /waitservice" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "C:\\WINDOWS\\system32\\kdfkb.exe"="C:\\WINDOWS\\system32\\kdfkb.exe" "Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~

Profil

dr_Bora Poslao: 04 Okt 2008 20:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ukoliko imaš USB flash drive, priključi ga pre narednog postupka (samo ga priključi - nemoj da ga otvaraš). Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\resycled D:\resycled E:\resycled F:\resycled H:\resycled Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd6e20e-8cba-11dd-b83a-0015af99d8cd}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98fbfdef-51f7-11dd-b7bc-0015af99d8cd}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

stefannn Poslao: 05 Okt 2008 13:28 Idi na vrh
offline stefannn Građanin Pridružio: 21 Sep 2008 Poruke: 238 Gde živiš: Bačka Palanka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-04.07 - Stefan 2008-10-05 13:15:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.518 [GMT 2:00] Running from: C:\Documents and Settings\Stefan\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Stefan\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\resycled D:\resycled\boot.com E:\resycled E:\resycled\boot.com F:\resycled F:\resycled\boot.com H:\autorun.inf H:\resycled H:\resycled\boot.com . ((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 ))))))))))))))))))))))))))))))) . 2008-10-04 19:45 . 2008-10-04 19:59 <DIR> d-------- C:\fixwareout 2008-10-04 15:55 . 2008-10-04 16:13 14 --a------ C:\WINDOWS\popcinfot.dat 2008-10-04 15:54 . 2008-10-04 16:21 <DIR> d-------- C:\Program Files\PopCap Games 2008-10-04 15:54 . 2008-10-04 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap Games 2008-10-04 15:41 . 2008-10-04 15:44 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-10-04 15:41 . 2008-10-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-10-04 15:41 . 2008-10-04 15:41 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-10-04 15:41 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-10-04 15:40 . 2008-10-04 15:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-04 15:12 . 2008-10-04 15:12 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\vlc 2008-10-04 15:00 . 2008-10-04 15:15 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-02 22:37 . 2008-10-03 20:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-02 22:37 . 2008-10-02 22:37 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\Malwarebytes 2008-10-02 22:37 . 2008-10-02 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-02 22:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-02 22:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-02 10:51 . 2008-10-02 10:51 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-09-27 19:34 . 2008-09-29 22:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-27 19:34 . 2008-09-29 22:18 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-27 13:29 . 2006-05-15 15:35 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys 2008-09-27 13:29 . 2006-05-15 15:35 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys 2008-09-27 13:29 . 2006-05-15 15:35 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys 2008-09-27 13:29 . 2006-05-15 15:35 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys 2008-09-23 21:12 . 2007-05-03 17:42 364,629 --a------ C:\WINDOWS\system32\acs.exe 2008-09-23 21:12 . 2007-05-03 17:44 73,801 --a------ C:\WINDOWS\system32\athgina.dll 2008-09-23 21:11 . 2008-09-23 21:11 <DIR> d-------- C:\Program Files\Atheros 2008-09-18 14:35 . 2008-09-18 14:35 <DIR> d-------- C:\Program Files\Common Files\Windows Live 2008-09-13 22:22 . 2008-09-13 22:22 <DIR> d-------- C:\Program Files\DivXCodec 2008-09-12 16:50 . 2008-09-24 15:31 <DIR> d-------- C:\Program Files\Ahead 2008-09-11 14:55 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-09-08 21:55 . 2008-09-08 21:55 <DIR> d-------- C:\Program Files\AngelPotion Video Codec V1 2008-09-08 21:55 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-09-08 21:55 . 2000-08-09 21:26 177,241 --a------ C:\WINDOWS\system32\APmpg4v1.apl 2008-09-08 21:55 . 2000-08-23 07:26 106,496 --a------ C:\WINDOWS\system32\APmpg4v1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-04 14:21 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Free Download Manager 2008-10-04 12:23 --------- d-----w C:\Program Files\ESET 2008-10-02 19:52 --------- d-----w C:\Program Files\ICQToolbar 2008-09-27 14:30 --------- d-----w C:\Program Files\Nero 2008-09-24 13:39 --------- d-----w C:\Program Files\Common Files\Nero 2008-09-23 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-19 14:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-09-19 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-09-18 13:48 --------- d-----w C:\Program Files\VirtualDJ 2008-09-18 13:47 --------- d-----w C:\Program Files\MSN Messenger 2008-09-11 12:55 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-09-02 18:51 --------- d-----w C:\Program Files\Maxima-5.16.3 2008-08-30 16:03 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Ahead 2008-08-30 14:22 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-08-28 18:16 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-28 12:20 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-28 12:20 --------- d-----w C:\Program Files\Microsoft Works 2008-08-27 12:34 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Hamachi 2008-08-25 12:52 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Corel 2008-08-25 12:49 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-25 12:49 --------- d-----w C:\Program Files\Common Files\Corel 2008-08-25 12:48 --------- d-----w C:\Program Files\Corel 2008-08-24 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM 2008-08-24 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-20 15:58 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-08-19 17:58 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2008-08-17 12:27 --------- d-----w C:\Program Files\Webteh 2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Stefan\Application Data\ICQ 2008-08-16 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-08-16 10:26 --------- d-----w C:\Documents and Settings\Stefan\Application Data\skypePM 2008-08-13 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-08-08 22:12 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-07 12:56 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Nero 2008-08-04 12:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-07-14 16:01 81,920 ----a-w C:\Documents and Settings\Stefan\Application Data\ezpinst.exe 2008-07-14 16:01 47,360 ----a-w C:\Documents and Settings\Stefan\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "MMTrayLSI"="C:\WINDOWS\system32\MMTrayLSI.exe" [2003-03-25 53248] "MMTray2K"="C:\WINDOWS\system32\MMTray2k.exe" [2003-03-25 57344] "MMTray"="C:\WINDOWS\system32\MMTray.exe" [2003-03-25 53248] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-11-30 C:\WINDOWS\RTHDCPL.exe] "Tweak UI"="TWEAKUI.CPL" [2003-03-25 C:\WINDOWS\system32\tweakui.cpl] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll "msacm.l3acm"= L3codecp.acm "msacm.divxa32"= DivXa32.acm "vidc.asv2"= asusasv2.dll "vidc.div3"= DivXc32.dll "vidc.div4"= DivXc32f.dll "vidc.ap41"= APmpg4v1.dll "vidc.mjpg"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll "vidc.rud0"= rududu.dll "vidc.mj2c"= M3JP2K32.dll "vidc.mmes"= DigiVCap.dll "vidc.vixl"= Miroxl32.dll "vidc.sony"= sonydv.dll "vidc.dv25"= DigiVCap.dll "vidc.dv50"= DigiVCap.dll "vidc.msmc"= DigiVCap.dll "vidc.mmjp"= DigiVCap.dll "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.vssv"= vsscodec.dll "vidc.pim1"= pclepim1.dll "vidc.advs"= Dvc.dll "vidc.asv1"= asusasv1.dll "vidc.vcr1"= ativcr1.dll "vidc.vcr2"= ativcr2.dll "vidc.aflc"= flccodec32.dll "vidc.aasc"= Aasc32.dll "vidc.avrn"= AvidAVICodec.dll "VIDC.mszh"= avimszh.dll "vidc.zlib"= avizlib.dll "vidc.mwv1"= icmw_32.dll "vidc.bt20"= btvvc32.drv "vidc.y41p"= btvvc32.drv "vidc.cscd"= camcodec.dll "vidc.cdvc"= CSCCDVC.DLL "vidc.ddvc"= CSCdvsd.DLL "vidc.dps0"= DpsAviCC.dll "vidc.dvx4"= divx4.dll "vidc.em2v"= EtxCodec.dll "vidc.frwd"= frwd.dll "vidc.frwt"= frwt.dll "vidc.frwu"= frwu.dll "vidc.glzw"= GLZW.dll "vidc.gpeg"= GPEG.dll "vidc.hfyu"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.ir21"= IR21_R.DLL "vidc.rt21"= IR21_R.DLL "vidc.dcmj"= MCMJPG32.DLL "vidc.tvmj"= MMTVMJ.dll "vidc.fljp"= MMTVMJ.dll "vidc.nt00"= NTCodec.dll "vidc.vp31"= vp31vfw.dll "vidc.pdvc"= idvcodec.dll "vidc.ipdv"= idvcodec.dll "vidc.sjpg"= pmjpeg32.dll "vidc.pvw2"= pvwv220.dll "vidc.pimj"= pvljpg20.dll "vidc.mjpx"= pvmjpg21.dll "vidc.miro"= mirodv2avi.dll "vidc.mjpa"= rtmjpgcdc.dll "msacm.qmpeg"= qmpeg.acm "vidc.qpeg"= Qpeg32.dll "vidc.rmp4"= rmp4.dll "vidc.s422"= tekyuv.dll "vidc.wnv1"= WNVPLAY1.DLL "msacm.pcdv"= pcdv.acm "msacm.imc"= IMC32.ACM "msacm.wrpr"= aviwrap.dll "vidc.wrpr"= aviwrap.dll "vidc.png1"= CorePNG_vfw.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --a------ 2008-09-09 15:06 2465839 C:\Program Files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-09 15:06 133104 C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [ ] S3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [ ] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-04 306432] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-10-04 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31] 2008-10-05 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Stefan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 15:06] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-05 13:19:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASPI32] "ImagePath"="hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,73,00,70,00,69,00,33,00,32,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASPI32] "ImagePath"="hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,73,00,70,00,69,00,33,00,32,00,2e,00,73,00,79,00,73,00,00,00" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ComboFix\pv.cfexe . ************************************************************************ . Completion time: 2008-10-05 13:21:56 - machine was rebooted [Stefan] ComboFix-quarantined-files.txt 2008-10-05 11:21:52 ComboFix2.txt 2008-10-04 17:57:53 Pre-Run: 23.631.761.408 bytes free Post-Run: 23,626,903,552 bytes free 265 --- E O F --- 2008-09-25 13:03:00

Profil

dr_Bora Poslao: 05 Okt 2008 20:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi svež HijackThis logfile.

Profil

stefannn Poslao: 05 Okt 2008 20:43 Idi na vrh
offline stefannn Građanin Pridružio: 21 Sep 2008 Poruke: 238 Gde živiš: Bačka Palanka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:43, on 5.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\MMTray2k.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Stefan\Desktop\-HijackThis-.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [MMTrayLSI] C:\WINDOWS\system32\MMTrayLSI.exe O4 - HKLM\..\Run: [MMTray2K] C:\WINDOWS\system32\MMTray2k.exe O4 - HKLM\..\Run: [MMTray] C:\WINDOWS\system32\MMTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{BB1E1F62-F0A8-4A55-B2F3-DDB50197BA0B}: NameServer = 194.247.192.33 194.247.192.1 O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 4255 bytes

Profil

dr_Bora Poslao: 05 Okt 2008 20:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ovo je čisto. Ukoliko sada nema nekih problema, uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Malware ili sta drugo???

Ko je trenutno na forumu

Ukupno su 1127 korisnika na forumu :: 39 registrovanih, 8 sakrivenih i 1080 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Bobrock1, bokisha253, Boris BM, cavatina, cenejac111, comi_pfc, dmdr, Još malo pa deda, Kibice, Kubovac, maiden6657, Metanoja, Mi lao shu, mikrimaus, Millennium, milutin134, miodrag, mnn2, moldway, muaddib, Nemanja.M, ObelixSRB, panzerwaffe, pein, raptorsi, RJ, Sale.S, Srki94, Srle993, stankolich, stegonosa, Toper, Tvrtko I, vandrej, virked, Vlada78, ZetaMan, zillbg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by