Možda tražite i:
Šta je Malwarebytes Anti-Malware

MyCity » Ambulanta -> Arhiva Ambulante » Malware sa usb-a

Malware sa usb-a

Napisano na dan: 28.1.2009

Strana:
1
2

Malware sa usb-a

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Mari_lu Poslao: 28 Jan 2009 10:48 Idi na vrh
offline Mari_lu Novi MyCity građanin Pridružio: 28 Jan 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posto sam stampala nesto sa usb-a u kopirnici i ponovo ga ubacila u komp, firewall je neprestano trazio dozvolu za neke aplikacije (tipa, 151.exe). Posle skeniranja i brisanja nekih fajlova, to je prestalo, ali spybot (koji sam, btw, jedva instalirala) iznova nalazi iste stvari + kada ubacim usb (koji sam formatirala) komp mi prijavljuje da nema CD-a (?) + kada surfujem, u nekom trenutku browser prestane da reaguje na kliktanje na linkove. U svakom slucaju, evo logfile-a: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:36, on 28/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\Ati2evxx.exe H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe H:\WINDOWS\Explorer.exe H:\Program Files\Alwil Software\Avast4\ashServ.exe H:\WINDOWS\RTHDCPL.EXE H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe H:\Program Files\Conexant\Adsl\dslstat.exe H:\Program Files\Conexant\Adsl\dslagent.exe H:\Program Files\Java\jre6\bin\jusched.exe H:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe H:\Program Files\Winamp\winampa.exe H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\COMODO\SafeSurf\cssurf.exe H:\Program Files\COMODO\COMODO Internet Security\cfp.exe H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe H:\Program Files\iTunes\iTunesHelper.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe H:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe H:\Program Files\MSN Messenger\MsnMsgr.Exe H:\Program Files\Java\jre6\bin\jqs.exe H:\WINDOWS\system32\drivers\SCtri.exe H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Alwil Software\Avast4\ashWebSv.exe H:\Program Files\iPod\bin\iPodService.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\Documents and Settings\Administrator\Desktop\New Folder\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\SCtri.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - H:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - H:\Program Files\Moyea\YouTube Converter\MoyeaCth.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [DSLSTATEXE] H:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] H:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO SafeSurf] "H:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Internet Security] "H:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Registration .LNK = J:\CSI-Hard Evidence\Register\RegistrationReminder.exe O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{80E5088A-6BE0-466E-A4CF-C6D2CCA6C638}: NameServer = 77.105.0.19 77.105.0.18 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: H:\WINDOWS\system32\guard32.dll H:\WINDOWS\system32\cssdll32.dll O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - H:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Service Controler Installer - Unknown owner - H:\WINDOWS\system32\drivers\SCtri.exe -- End of file - 9341 bytes

Profil

diarno Poslao: 28 Jan 2009 12:12 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Uradi sledece : Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Mari_lu Poslao: 28 Jan 2009 13:05 Idi na vrh
offline Mari_lu Novi MyCity građanin Pridružio: 28 Jan 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne uspevam da pokrenem program. Pojavljuje mi se prozor comoda koji trazi da disable-ujem protection on all applications ili make exceptions, posle cega se, sta god da odaberem, nista ne desava, a onda i poruka "You cannot rename ComboFix". Ista stvar se desava i ako iskljucim comodo. Dopuna: 28 Jan 2009 13:05 A da, jednom prilikom mi se samo ukljucio command promt, ali se nista nije desavalo.

Profil

diarno Poslao: 28 Jan 2009 13:08 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aj ponovo iskljuci Comodo i skini Combofix sa ovog linka : [Link mogu videti samo ulogovani korisnici] Kad ti se pojavi command prompt budi strpljiva jer proces ciscenja moze potrajati i do pola sata.... I ne radi nista na kompu od trenutka kad ti se poajvi command prompt...

Profil

Mari_lu Poslao: 28 Jan 2009 13:26 Idi na vrh
offline Mari_lu Novi MyCity građanin Pridružio: 28 Jan 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad je uspelo, evo loga: ComboFix 09-01-21.04 - Administrator 2009-01-28 13:17:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1522 [GMT 1:00] Running from: h:\documents and settings\Administrator\Desktop\C-F.exe AV: avast! antivirus 4.8.1296 [VPS 090127-0] On-access scanning disabled (Updated) AV: COMODO Antivirus On-access scanning enabled (Updated) FW: COMODO Firewall enabled . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 ))))))))))))))))))))))))))))))) . 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\windows\system32\xircom 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\windows\system32\restore 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\windows\srchasst 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\program files\microsoft frontpage 2009-01-28 12:33 . 2009-01-28 12:35 <DIR> d-------- H:\ComboFix 2009-01-26 20:34 . 2009-01-26 20:34 0 --a------ h:\windows\system32\drivers\imrih.sys 2009-01-26 19:49 . 2009-01-26 19:49 <DIR> d-------- h:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-26 19:49 . 2009-01-14 16:11 15,504 --a------ h:\windows\system32\drivers\mbam.sys 2009-01-26 19:47 . 2009-01-26 19:49 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware 2009-01-26 19:47 . 2009-01-26 19:47 <DIR> d-------- h:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-26 19:47 . 2009-01-14 16:11 38,496 --a------ h:\windows\system32\drivers\mbamswissarmy.sys 2009-01-26 19:41 . 2009-01-26 19:46 <DIR> d-------- h:\program files\Spybot - Search & Destroy 2009-01-26 19:41 . 2009-01-26 20:07 <DIR> d-------- h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-26 10:57 . 2009-01-26 10:55 735,232 -r-hs---- h:\windows\system32\drivers\SCtri.exe 2009-01-25 20:40 . 2009-01-25 20:40 <DIR> d-------- h:\documents and settings\Administrator\Application Data\Moyea 2009-01-25 20:38 . 2009-01-25 20:38 <DIR> d-------- h:\program files\Moyea 2009-01-25 20:34 . 2009-01-25 20:34 268 --ah----- H:\sqmdata15.sqm 2009-01-25 20:34 . 2009-01-25 20:34 244 --ah----- H:\sqmnoopt15.sqm 2009-01-25 15:14 . 2009-01-25 15:14 268 --ah----- H:\sqmdata14.sqm 2009-01-25 15:14 . 2009-01-25 15:14 244 --ah----- H:\sqmnoopt14.sqm 2009-01-25 00:45 . 2009-01-25 00:45 268 --ah----- H:\sqmdata13.sqm 2009-01-25 00:45 . 2009-01-25 00:45 244 --ah----- H:\sqmnoopt13.sqm 2009-01-24 18:32 . 2009-01-24 18:32 <DIR> d-------- H:\jdownloader_v0.4.233 2009-01-24 02:10 . 2009-01-24 02:10 268 --ah----- H:\sqmdata12.sqm 2009-01-24 02:10 . 2009-01-24 02:10 244 --ah----- H:\sqmnoopt12.sqm 2009-01-22 17:30 . 2009-01-22 17:30 268 --ah----- H:\sqmdata11.sqm 2009-01-22 17:30 . 2009-01-22 17:30 244 --ah----- H:\sqmnoopt11.sqm 2009-01-22 15:24 . 2009-01-22 15:24 268 --ah----- H:\sqmdata10.sqm 2009-01-22 15:24 . 2009-01-22 15:24 244 --ah----- H:\sqmnoopt10.sqm 2009-01-22 01:04 . 2009-01-22 01:04 268 --ah----- H:\sqmdata09.sqm 2009-01-22 01:04 . 2009-01-22 01:04 244 --ah----- H:\sqmnoopt09.sqm 2009-01-21 10:01 . 2009-01-21 10:01 268 --ah----- H:\sqmdata08.sqm 2009-01-21 10:01 . 2009-01-21 10:01 244 --ah----- H:\sqmnoopt08.sqm 2009-01-21 00:29 . 2009-01-21 00:29 268 --ah----- H:\sqmdata07.sqm 2009-01-21 00:29 . 2009-01-21 00:29 244 --ah----- H:\sqmnoopt07.sqm 2009-01-19 23:00 . 2009-01-19 23:00 268 --ah----- H:\sqmdata06.sqm 2009-01-19 23:00 . 2009-01-19 23:00 244 --ah----- H:\sqmnoopt06.sqm 2009-01-19 01:19 . 2009-01-19 01:19 268 --ah----- H:\sqmdata05.sqm 2009-01-19 01:19 . 2009-01-19 01:19 244 --ah----- H:\sqmnoopt05.sqm 2009-01-17 12:16 . 2009-01-17 12:16 268 --ah----- H:\sqmdata04.sqm 2009-01-17 12:16 . 2009-01-17 12:16 244 --ah----- H:\sqmnoopt04.sqm 2009-01-17 10:08 . 2009-01-17 10:08 268 --ah----- H:\sqmdata03.sqm 2009-01-17 10:08 . 2009-01-17 10:08 244 --ah----- H:\sqmnoopt03.sqm 2009-01-12 23:22 . 2009-01-12 23:22 <DIR> d-------- h:\program files\WinDjViewers98_XP 2009-01-07 01:27 . 2009-01-07 01:27 <DIR> d-------- h:\program files\Bonjour 2009-01-07 01:25 . 2009-01-07 01:25 <DIR> d-------- h:\program files\iTunes 2009-01-07 01:25 . 2009-01-07 01:25 <DIR> d-------- h:\program files\iPod 2009-01-07 01:25 . 2009-01-07 01:25 <DIR> d-------- h:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-07 01:23 . 2009-01-07 01:23 <DIR> d-------- h:\program files\QuickTime 2009-01-07 00:58 . 2009-01-07 00:58 <DIR> d-------- h:\program files\Safari 2009-01-03 02:46 . 2009-01-03 02:46 1,010,742 --a------ h:\windows\ACD Wallpaper.bmp 2008-12-31 13:37 . 2008-12-31 13:37 268 --ah----- H:\sqmdata02.sqm 2008-12-31 13:37 . 2008-12-31 13:37 244 --ah----- H:\sqmnoopt02.sqm 2008-12-31 13:06 . 2008-12-31 13:06 268 --ah----- H:\sqmdata01.sqm 2008-12-31 13:06 . 2008-12-31 13:06 244 --ah----- H:\sqmnoopt01.sqm 2008-12-30 19:40 . 2008-12-30 19:40 268 --ah----- H:\sqmdata00.sqm 2008-12-30 19:40 . 2008-12-30 19:40 244 --ah----- H:\sqmnoopt00.sqm 2008-12-30 13:56 . 2008-12-30 13:56 410,984 --a------ h:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 11:51 --------- d-----w h:\documents and settings\All Users\Application Data\_comodo_ 2009-01-25 21:57 --------- d-----w h:\documents and settings\Administrator\Application Data\uTorrent 2009-01-07 11:45 --------- d-----w h:\documents and settings\Administrator\Application Data\Apple Computer 2009-01-07 00:25 --------- d-----w h:\program files\Common Files\Apple 2008-12-30 12:56 --------- d-----w h:\program files\Java 2008-12-24 22:02 --------- d-----w h:\program files\Common Files\Adobe 2008-12-16 17:44 --------- d-----w h:\program files\Windows Live Toolbar 2008-12-16 17:44 --------- d-----w h:\program files\Real 2008-12-16 17:44 --------- d-----w h:\documents and settings\All Users\Application Data\Windows Live Toolbar 2008-12-16 17:43 --------- d-----w h:\program files\MSN Messenger 2008-12-11 12:44 101,776 ----a-w h:\windows\system32\drivers\cmdguard.sys 2008-11-29 18:25 --------- d--h--w h:\program files\InstallShield Installation Information . ------- Sigcheck ------- 2005-10-15 20:22 359936 fae3191f7d974b8bab37a0dedb7538f0 h:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="h:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "MsnMsgr"="h:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "DSLSTATEXE"="h:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064] "DSLAGENTEXE"="h:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536] "SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-12-30 136600] "WinampAgent"="h:\program files\Winamp\winampa.exe" [2007-10-10 36352] "NeroFilterCheck"="h:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "COMODO SafeSurf"="h:\program files\COMODO\SafeSurf\cssurf.exe" [2008-10-31 278264] "COMODO Internet Security"="h:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-07 1797880] "AppleSyncNotifier"="h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SkyTel"="SkyTel.EXE" [2007-08-03 h:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 h:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="h:\windows\system32\tscupgrd.exe" [2004-08-04 44544] h:\documents and settings\Administrator\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "h:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "h:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "h:\\Program Files\\uTorrent\\uTorrent.exe"= "h:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "h:\\Program Files\\MSN Messenger\\livecall.exe"= "h:\\Program Files\\iTunes\\iTunes.exe"= "h:\\Program Files\\Bonjour\\mDNSResponder.exe"= "h:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "h:\\WINDOWS\\system32\\java.exe"= R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2008-10-30 111184] R1 cmdGuard;COMODO Internet Security Sandbox Driver;h:\windows\system32\drivers\cmdguard.sys [2008-10-31 101776] R1 cmdHlp;COMODO Internet Security Helper Driver;h:\windows\system32\drivers\cmdhlp.sys [2008-10-31 31504] R3 AtiHdmiService;ATI Function Driver for HDMI Service;h:\windows\system32\drivers\AtiHdmi.sys [2008-10-27 93696] R4 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2008-10-30 20560] R4 Service Controler Installer;Service Controler Installer;h:\windows\system32\drivers\SCtri.exe [2009-01-26 735232] S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;h:\windows\system32\drivers\mbamswissarmy.sys [2009-01-26 38496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d4d67d-b726-11dd-beab-00064f300101}] \Shell\Auto\command - L:\Autorun.exe \Shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-01-20 h:\windows\Tasks\AppleSoftwareUpdate.job - h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-28 h:\windows\Tasks\Check Updates for Windows Live Toolbar.job - h:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Device Detector - DevDetect.exe . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Windows Live Search - h:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - h:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1g0s45m2.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-28 13:20:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) h:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . h:\windows\system32\ati2evxx.exe h:\windows\system32\ati2evxx.exe h:\program files\Alwil Software\Avast4\aswUpdSv.exe h:\program files\Alwil Software\Avast4\ashServ.exe h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe h:\program files\Bonjour\mDNSResponder.exe h:\program files\COMODO\COMODO Internet Security\cmdagent.exe h:\program files\Java\jre6\bin\jqs.exe h:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe h:\program files\Common Files\ACD Systems\EN\DevDetect.exe h:\program files\Alwil Software\Avast4\ashMaiSv.exe h:\program files\Alwil Software\Avast4\ashWebSv.exe h:\program files\iPod\bin\iPodService.exe h:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************ . Completion time: 2009-01-28 13:23:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-28 12:23:11 Pre-Run: 24 616 165 376 bytes free Post-Run: 24,686,518,272 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 218

Profil

diarno Poslao: 28 Jan 2009 18:59 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinuti SDFix na Desktop. Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakivanju. Restartovati kompjuter u Safe Mode Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat Stisnuti Y da bi se zapocelo skeniranje Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan Pritisnuti bilo koji taster da bi se kompjuter restartovao Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis

Profil

Mari_lu Poslao: 28 Jan 2009 19:28 Idi na vrh
offline Mari_lu Novi MyCity građanin Pridružio: 28 Jan 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Done - Report sa SDFixa: SDFix: Version 1.240 Run by Administrator on 28/01/2009 at 19:12 Microsoft Windows XP [Version 5.1.2600] Running From: H:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-28 19:18:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "H:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="H:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" "H:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="H:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE::Enabled:Microsoft Office Groove" "H:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="H:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE::Enabled:Microsoft Office OneNote" "H:\\Program Files\\uTorrent\\uTorrent.exe"="H:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:µTorrent" "H:\\Program Files\\MSN Messenger\\msnmsgr.exe"="H:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "H:\\Program Files\\MSN Messenger\\livecall.exe"="H:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "H:\\Program Files\\iTunes\\iTunes.exe"="H:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "H:\\Program Files\\Bonjour\\mDNSResponder.exe"="H:\\Program Files\\Bonjour\\mDNSResponder.exe::Enabled:Bonjour" "H:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="H:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe::Enabled:Java(TM) Platform SE binary" "H:\\WINDOWS\\system32\\java.exe"="H:\\WINDOWS\\system32\\java.exe::Enabled:Java(TM) Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "H:\\Program Files\\MSN Messenger\\msnmsgr.exe"="H:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "H:\\Program Files\\MSN Messenger\\livecall.exe"="H:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Mon 26 Jan 2009 1,740,632 A.SHR --- H:\PROGRA~1\SPYBOT~1\SDUPDATE.EXE Mon 26 Jan 2009 5,365,592 A.SHR --- H:\PROGRA~1\SPYBOT~1\SPYBOTSD.EXE Mon 26 Jan 2009 2,144,088 A.SHR --- H:\PROGRA~1\SPYBOT~1\TEATIMER.EXE Mon 26 Jan 2009 735,232 ..SHR --- H:\WINDOWS\SYSTEM32\DRIVERS\SCTRI.EXE Mon 27 Oct 2008 0 A.SH. --- H:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP Finished! Log sa HiJackThis-a: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:23:09, on 28/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\Ati2evxx.exe H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe H:\WINDOWS\Explorer.EXE H:\Program Files\Alwil Software\Avast4\ashServ.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe H:\Program Files\Java\jre6\bin\jqs.exe H:\WINDOWS\system32\drivers\SCtri.exe H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe H:\Program Files\Alwil Software\Avast4\ashWebSv.exe H:\WINDOWS\system32\notepad.exe H:\WINDOWS\RTHDCPL.EXE H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe H:\Program Files\Conexant\Adsl\dslstat.exe H:\Program Files\Conexant\Adsl\dslagent.exe H:\Program Files\Java\jre6\bin\jusched.exe H:\Program Files\Winamp\winampa.exe H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe H:\Program Files\COMODO\SafeSurf\cssurf.exe H:\Program Files\COMODO\COMODO Internet Security\cfp.exe H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe H:\Program Files\iTunes\iTunesHelper.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe H:\Program Files\MSN Messenger\MsnMsgr.Exe H:\Program Files\iPod\bin\iPodService.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe H:\Documents and Settings\Administrator\Desktop\New Folder\TR3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - H:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - H:\Program Files\Moyea\YouTube Converter\MoyeaCth.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [DSLSTATEXE] H:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] H:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO SafeSurf] "H:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Internet Security] "H:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Registration .LNK = J:\CSI-Hard Evidence\Register\RegistrationReminder.exe O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - H:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Service Controler Installer - Unknown owner - H:\WINDOWS\system32\drivers\SCtri.exe O23 - Service: UPS - Unknown owner - H:\WINDOWS\System32\ups.exe (file missing) -- End of file - 8796 bytes So, ima li spasa?

Profil

diarno Poslao: 28 Jan 2009 20:07 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Naravno da ima... Uradi sledece : Otvoriti Notepad i iskopirati sledeci tekst: `File:: h:\windows\system32\drivers\SCtri.exe Driver:: Service Controler Installer` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Mari_lu Poslao: 28 Jan 2009 20:29 Idi na vrh
offline Mari_lu Novi MyCity građanin Pridružio: 28 Jan 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Et voila ComboFix 09-01-21.04 - Administrator 2009-01-28 20:20:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1551 [GMT 1:00] Running from: h:\documents and settings\Administrator\Desktop\C-F.exe Command switches used :: h:\documents and settings\Administrator\Desktop\CFScript.txt AV: avast! antivirus 4.8.1296 [VPS 090128-0] On-access scanning enabled (Updated) AV: COMODO Antivirus On-access scanning enabled (Updated) FW: COMODO Firewall enabled FILE :: h:\windows\system32\drivers\SCtri.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . h:\windows\system32\drivers\SCtri.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SERVICE_CONTROLER_INSTALLER -------\Service_Service Controler Installer ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 ))))))))))))))))))))))))))))))) . 2009-01-28 19:12 . 2009-01-28 19:12 577,024 --a------ h:\windows\system32\DllCache\user32.dll 2009-01-28 19:10 . 2009-01-28 19:11 <DIR> d-------- h:\windows\ERUNT 2009-01-28 19:06 . 2009-01-28 19:20 <DIR> d-------- H:\SDFix 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\windows\system32\xircom 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\windows\system32\restore 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\windows\srchasst 2009-01-28 13:20 . 2009-01-28 13:20 <DIR> d-------- h:\program files\microsoft frontpage 2009-01-28 12:33 . 2009-01-28 12:35 <DIR> d-------- H:\ComboFix 2009-01-26 20:34 . 2009-01-26 20:34 0 --a------ h:\windows\system32\drivers\imrih.sys 2009-01-26 19:49 . 2009-01-26 19:49 <DIR> d-------- h:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-26 19:49 . 2009-01-14 16:11 15,504 --a------ h:\windows\system32\drivers\mbam.sys 2009-01-26 19:47 . 2009-01-26 19:49 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware 2009-01-26 19:47 . 2009-01-26 19:47 <DIR> d-------- h:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-26 19:47 . 2009-01-14 16:11 38,496 --a------ h:\windows\system32\drivers\mbamswissarmy.sys 2009-01-26 19:41 . 2009-01-26 19:46 <DIR> d-------- h:\program files\Spybot - Search & Destroy 2009-01-26 19:41 . 2009-01-26 20:07 <DIR> d-------- h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-25 20:40 . 2009-01-25 20:40 <DIR> d-------- h:\documents and settings\Administrator\Application Data\Moyea 2009-01-25 20:38 . 2009-01-25 20:38 <DIR> d-------- h:\program files\Moyea 2009-01-25 20:34 . 2009-01-25 20:34 268 --ah----- H:\sqmdata15.sqm 2009-01-25 20:34 . 2009-01-25 20:34 244 --ah----- H:\sqmnoopt15.sqm 2009-01-25 15:14 . 2009-01-25 15:14 268 --ah----- H:\sqmdata14.sqm 2009-01-25 15:14 . 2009-01-25 15:14 244 --ah----- H:\sqmnoopt14.sqm 2009-01-25 00:45 . 2009-01-25 00:45 268 --ah----- H:\sqmdata13.sqm 2009-01-25 00:45 . 2009-01-25 00:45 244 --ah----- H:\sqmnoopt13.sqm 2009-01-24 18:32 . 2009-01-24 18:32 <DIR> d-------- H:\jdownloader_v0.4.233 2009-01-24 02:10 . 2009-01-24 02:10 268 --ah----- H:\sqmdata12.sqm 2009-01-24 02:10 . 2009-01-24 02:10 244 --ah----- H:\sqmnoopt12.sqm 2009-01-22 17:30 . 2009-01-22 17:30 268 --ah----- H:\sqmdata11.sqm 2009-01-22 17:30 . 2009-01-22 17:30 244 --ah----- H:\sqmnoopt11.sqm 2009-01-22 15:24 . 2009-01-22 15:24 268 --ah----- H:\sqmdata10.sqm 2009-01-22 15:24 . 2009-01-22 15:24 244 --ah----- H:\sqmnoopt10.sqm 2009-01-22 01:04 . 2009-01-22 01:04 268 --ah----- H:\sqmdata09.sqm 2009-01-22 01:04 . 2009-01-22 01:04 244 --ah----- H:\sqmnoopt09.sqm 2009-01-21 10:01 . 2009-01-21 10:01 268 --ah----- H:\sqmdata08.sqm 2009-01-21 10:01 . 2009-01-21 10:01 244 --ah----- H:\sqmnoopt08.sqm 2009-01-21 00:29 . 2009-01-21 00:29 268 --ah----- H:\sqmdata07.sqm 2009-01-21 00:29 . 2009-01-21 00:29 244 --ah----- H:\sqmnoopt07.sqm 2009-01-19 23:00 . 2009-01-19 23:00 268 --ah----- H:\sqmdata06.sqm 2009-01-19 23:00 . 2009-01-19 23:00 244 --ah----- H:\sqmnoopt06.sqm 2009-01-19 01:19 . 2009-01-19 01:19 268 --ah----- H:\sqmdata05.sqm 2009-01-19 01:19 . 2009-01-19 01:19 244 --ah----- H:\sqmnoopt05.sqm 2009-01-17 12:16 . 2009-01-17 12:16 268 --ah----- H:\sqmdata04.sqm 2009-01-17 12:16 . 2009-01-17 12:16 244 --ah----- H:\sqmnoopt04.sqm 2009-01-17 10:08 . 2009-01-17 10:08 268 --ah----- H:\sqmdata03.sqm 2009-01-17 10:08 . 2009-01-17 10:08 244 --ah----- H:\sqmnoopt03.sqm 2009-01-12 23:22 . 2009-01-12 23:22 <DIR> d-------- h:\program files\WinDjViewers98_XP 2009-01-07 01:27 . 2009-01-07 01:27 <DIR> d-------- h:\program files\Bonjour 2009-01-07 01:25 . 2009-01-07 01:25 <DIR> d-------- h:\program files\iTunes 2009-01-07 01:25 . 2009-01-07 01:25 <DIR> d-------- h:\program files\iPod 2009-01-07 01:25 . 2009-01-07 01:25 <DIR> d-------- h:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-07 01:23 . 2009-01-07 01:23 <DIR> d-------- h:\program files\QuickTime 2009-01-07 00:58 . 2009-01-07 00:58 <DIR> d-------- h:\program files\Safari 2009-01-03 02:46 . 2009-01-03 02:46 1,010,742 --a------ h:\windows\ACD Wallpaper.bmp 2008-12-31 13:37 . 2008-12-31 13:37 268 --ah----- H:\sqmdata02.sqm 2008-12-31 13:37 . 2008-12-31 13:37 244 --ah----- H:\sqmnoopt02.sqm 2008-12-31 13:06 . 2008-12-31 13:06 268 --ah----- H:\sqmdata01.sqm 2008-12-31 13:06 . 2008-12-31 13:06 244 --ah----- H:\sqmnoopt01.sqm 2008-12-30 19:40 . 2008-12-30 19:40 268 --ah----- H:\sqmdata00.sqm 2008-12-30 19:40 . 2008-12-30 19:40 244 --ah----- H:\sqmnoopt00.sqm 2008-12-30 13:56 . 2008-12-30 13:56 410,984 --a------ h:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 18:28 --------- d-----w h:\documents and settings\All Users\Application Data\_comodo_ 2009-01-25 21:57 --------- d-----w h:\documents and settings\Administrator\Application Data\uTorrent 2009-01-07 11:45 --------- d-----w h:\documents and settings\Administrator\Application Data\Apple Computer 2009-01-07 00:25 --------- d-----w h:\program files\Common Files\Apple 2008-12-30 12:56 --------- d-----w h:\program files\Java 2008-12-24 22:02 --------- d-----w h:\program files\Common Files\Adobe 2008-12-16 17:44 --------- d-----w h:\program files\Windows Live Toolbar 2008-12-16 17:44 --------- d-----w h:\program files\Real 2008-12-16 17:44 --------- d-----w h:\documents and settings\All Users\Application Data\Windows Live Toolbar 2008-12-16 17:43 --------- d-----w h:\program files\MSN Messenger 2008-12-11 12:44 101,776 ----a-w h:\windows\system32\drivers\cmdguard.sys 2008-11-29 18:25 --------- d--h--w h:\program files\InstallShield Installation Information . ------- Sigcheck ------- 2005-10-15 20:22 359936 fae3191f7d974b8bab37a0dedb7538f0 h:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w h:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-01-28 18:11:42 7,356,416 ----a-w h:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2009-01-28 18:11:42 249,856 ----a-w h:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w h:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-01-28 18:11:13 7,356,416 ----a-w h:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2009-01-28 18:11:13 249,856 ----a-w h:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2009-01-28 19:22:36 16,384 ----atw h:\windows\Temp\Perflib_Perfdata_2d8.dat + 2009-01-28 19:22:28 16,384 ----atw h:\windows\Temp\Perflib_Perfdata_624.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-06 15:20 279944 --a------ h:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "h:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "h:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="h:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "MsnMsgr"="h:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "DSLSTATEXE"="h:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064] "DSLAGENTEXE"="h:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536] "SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-12-30 136600] "WinampAgent"="h:\program files\Winamp\winampa.exe" [2007-10-10 36352] "NeroFilterCheck"="h:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "COMODO SafeSurf"="h:\program files\COMODO\SafeSurf\cssurf.exe" [2008-10-31 278264] "COMODO Internet Security"="h:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-07 1797880] "AppleSyncNotifier"="h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SkyTel"="SkyTel.EXE" [2007-08-03 h:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 h:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="h:\windows\system32\tscupgrd.exe" [2004-08-04 44544] h:\documents and settings\Administrator\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "h:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "h:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "h:\\Program Files\\uTorrent\\uTorrent.exe"= "h:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "h:\\Program Files\\MSN Messenger\\livecall.exe"= "h:\\Program Files\\iTunes\\iTunes.exe"= "h:\\Program Files\\Bonjour\\mDNSResponder.exe"= "h:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "h:\\WINDOWS\\system32\\java.exe"= R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2008-10-30 111184] R1 cmdGuard;COMODO Internet Security Sandbox Driver;h:\windows\system32\drivers\cmdguard.sys [2008-10-31 101776] R1 cmdHlp;COMODO Internet Security Helper Driver;h:\windows\system32\drivers\cmdhlp.sys [2008-10-31 31504] R3 AtiHdmiService;ATI Function Driver for HDMI Service;h:\windows\system32\drivers\AtiHdmi.sys [2008-10-27 93696] R4 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2008-10-30 20560] S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;h:\windows\system32\drivers\mbamswissarmy.sys [2009-01-26 38496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d4d67d-b726-11dd-beab-00064f300101}] \Shell\Auto\command - L:\Autorun.exe \Shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-01-20 h:\windows\Tasks\AppleSoftwareUpdate.job - h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-28 h:\windows\Tasks\Check Updates for Windows Live Toolbar.job - h:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Windows Live Search - h:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - h:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1g0s45m2.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-28 20:22:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) h:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . h:\windows\system32\ati2evxx.exe h:\windows\system32\ati2evxx.exe h:\program files\Alwil Software\Avast4\aswUpdSv.exe h:\program files\Alwil Software\Avast4\ashServ.exe h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe h:\program files\Bonjour\mDNSResponder.exe h:\program files\COMODO\COMODO Internet Security\cmdagent.exe h:\program files\Java\jre6\bin\jqs.exe h:\program files\Alwil Software\Avast4\ashMaiSv.exe h:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe h:\program files\Alwil Software\Avast4\ashWebSv.exe h:\program files\iPod\bin\iPodService.exe h:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************ . Completion time: 2009-01-28 20:25:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-28 19:25:25 ComboFix2.txt 2009-01-28 12:23:16 Pre-Run: 24 578 699 264 bytes free Post-Run: 24,569,745,408 bytes free 242

Profil

diarno Poslao: 28 Jan 2009 20:36 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U sledecem postupku cemo ocistiti taj problematicni usb... - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Malware sa usb-a

Ko je trenutno na forumu

Ukupno su 1483 korisnika na forumu :: 118 registrovanih, 9 sakrivenih i 1356 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, 8u47, A.R.Chafee.Jr., Abebe Bikila, AleksandarFKS, ALEKSICMILE, aleph_one, Armadillo, armor, Banovo Brdo, Beardonitch, Ben Roj, Bo96, bojanM84, boris.zic, Branko Matić, Bubimir, Citalac, Clouseau, cvrle312, d.arsenal321, dekan.m, Deki Duga Devetka, Denaya, Despot Đurađ, Dexlex, DezurniOperativni, Dimitrije Paunovic, Dimitrise93, Djota1, Dolinc, DragoslavS, drimer, Electron, Ercomero, Futog 74, Geran136, Giskard, glados, Gradjanin, Hans Gajger, Hemi, ibssa, Ivan Campo, JK, Kalem, knutveliki, Koce, kybonacci, Lap720, Lazur_01, M74AB3, Marko Marković, MarkoW, matejman, mexo, Michellefromrezistance, Mickey12345, mikhailo, mikrimaus, Milan Miscevic, milan.forca, mir, MiroslavD, Moldovan, MR Z, mrgud2025, N.e.m.a.nj.a., Naj-Turs, Neutral-M, nixos, oldtimer, pein, Pero, predragc, probisic, Qvazimodo, raf87, Rebel Frank, Resnica, Rok A Bit, Roksi, ruma, sap, sasovsky, Sevetar, Singidunumac, Smiljkovich, Solunac na steroidima, sombrero, Srky Boy, Srle993, stegonosa, Str2022, StrahinjicOgnjen, suton, Szigetwar, Tafocus, TheDictator, travisrise, Tribal, UAV operator, uruk, vaci, VaRvArI 85, Vica1958, vija, Vladoj, voja64, Vrač, VX1, xAlex2, yiyi, YU-UKI, zastavnik, zodiac94, zokizemun, Zrcalo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by