Problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U zadnje vrijeme imam neki upload pa mi nije jasno šta se dešava.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:07, on 11.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\BITTOR~2\BitP.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\gtwatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AutoCAD 2007\acad.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\x\Desktop\HiJackThis\tr3.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\BITTOR~2\BitP.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\poll gram.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [EqEggs] C:\DOCUME~1\x\APPLIC~1\KEEPWA~1\64 safe support.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6723 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...


Da li ti je poznat ovaj program: C:\PROGRA~1\BITTOR~2\BitP.exe

(možda: C:\Program Files\Bit Torrent Fastest Tool\BitP.exe)



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

juče sam uradio uninstal neki nepotrebnih programa i bittorenta.

Sada prilikom pokretanja combofix-a nod mi je javio za neki virus ili šta već, nastavio sam sa procesom.

Hvala za pomoć i uloženi trud.


ComboFix 08-08-11.01 - x 2008-08-12 10:48:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT 2:00]
Running from: C:\Documents and Settings\x\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\x\LOCALS~1\Temp\svchost.exe
C:\Documents and Settings\x\Favorites\Error Cleaner.url
C:\Documents and Settings\x\Favorites\Privacy Protector.url
C:\Documents and Settings\x\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\recover.reg

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-11 14:13 . 2008-08-11 14:13 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-11 14:13 . 2008-08-11 14:13 <DIR> d-------- C:\Program Files\CCleaner
2008-08-11 13:08 . 2008-08-11 13:08 <DIR> d-------- C:\Program Files\AskSBar
2008-08-11 13:08 . 2008-08-11 13:08 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-08-11 13:07 . 2008-08-11 13:08 <DIR> d-------- C:\Program Files\COMODO
2008-08-11 13:07 . 2008-08-11 13:07 <DIR> d-------- C:\Documents and Settings\x\Application Data\Comodo
2008-08-11 13:07 . 2008-08-11 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-11 13:07 . 2008-08-11 13:07 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-11 13:07 . 2008-08-11 13:07 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-11 13:07 . 2008-08-11 13:07 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-11 10:55 . 2008-08-11 10:55 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-08-06 07:57 . 2008-08-11 10:55 <DIR> d-------- C:\trueSpace76
2008-08-01 13:54 . 2008-08-01 13:54 <DIR> d-------- C:\Program Files\NJ Soft
2008-07-31 17:49 . 2004-08-04 00:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-07-31 17:47 . 2008-07-31 17:47 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-31 17:47 . 2008-07-31 17:47 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-31 17:47 . 2008-07-31 17:47 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-31 17:47 . 2008-07-31 17:47 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-31 17:47 . 2008-07-31 17:47 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-31 17:47 . 2008-07-31 17:47 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-31 17:46 . 2004-08-04 01:01 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2008-07-31 17:46 . 2004-08-04 01:01 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2008-07-31 17:46 . 2004-08-04 01:01 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2008-07-31 07:13 . 2008-07-31 07:13 36 --a------ C:\WINDOWS\Windows.dat
2008-07-31 07:12 . 2008-07-31 07:12 <DIR> d-------- C:\CADdyBSC2007.1
2008-07-30 14:54 . 2008-07-30 14:54 <DIR> d-------- C:\Program Files\PerSoft
2008-07-30 14:54 . 2008-07-30 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer
2008-07-28 16:05 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-28 16:04 . 2008-07-28 16:04 <DIR> d-------- C:\Documents and Settings\x\Application Data\Simply Super Software
2008-07-22 09:09 . 2008-07-22 09:09 <DIR> d-------- C:\Program Files\Keep warn memo
2008-07-16 09:32 . 2004-08-04 01:57 1,086,058 -ra------ C:\WINDOWS\SET95.tmp
2008-07-16 09:32 . 2004-08-04 02:03 1,042,903 -ra------ C:\WINDOWS\SET92.tmp
2008-07-16 09:32 . 2004-08-04 01:58 13,753 -ra------ C:\WINDOWS\SETA1.tmp
2008-07-13 12:14 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-13 11:40 . 2004-08-04 01:57 1,086,058 -ra------ C:\WINDOWS\SET9D.tmp
2008-07-13 11:40 . 2004-08-04 01:58 13,753 -ra------ C:\WINDOWS\SETA9.tmp
2008-07-13 11:39 . 2004-08-04 02:03 1,042,903 -ra------ C:\WINDOWS\SET9A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 08:00 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-11 11:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 09:34 --------- d-----w C:\Program Files\BitDownload
2008-08-11 08:55 --------- d-----w C:\Program Files\Share_Accelerator_MM
2008-08-11 08:55 --------- d-----w C:\Documents and Settings\x\Application Data\BitTorrent
2008-08-06 11:01 --------- d-----w C:\Program Files\eMule
2008-08-04 12:17 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-22 07:10 --------- d-----w C:\Documents and Settings\x\Application Data\Keep warn memo
2008-07-22 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog
2008-07-11 12:07 --------- d-----w C:\Program Files\Eset
2008-07-09 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-04 09:30 --------- d-----w C:\Program Files\Pipe Flow Expert
2008-06-30 09:00 --------- d-----w C:\Program Files\SEE Electrical
2008-06-30 09:00 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-06-30 08:57 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-06-30 08:57 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-06-30 08:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 08:20 --------- d-----w C:\Program Files\DeadLine
2008-06-13 05:43 --------- d-----w C:\Program Files\Hrvatsko - Engleski Rjecnik
2008-06-13 05:42 --------- dc----w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-13 05:42 --------- d-----w C:\Documents and Settings\x\Application Data\DNA
2008-06-12 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-06-12 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-22 07:14 298,104 ----a-w C:\WINDOWS\system32\imon.dll
1997-06-23 20:06 287,504 --sha-w C:\WINDOWS\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-11 13:08 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-11 13:08 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-03-28 17:48 2582288]
"EqEggs"="C:\DOCUME~1\x\APPLIC~1\KEEPWA~1\64 safe support.exe" [2008-07-22 09:09 462336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-22 09:14 949376]
"Gtwatch"="C:\WINDOWS\gtwatch.exe" [2001-08-24 21:18 45056]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-12 02:30 249856]
"Anti Dog Beep Grid"="C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\poll gram.exe" [2008-08-12 10:53 609792]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-08-11 13:08 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-11 13:07 1655552]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^x^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\x\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 12:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-20 16:17 287040 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 10:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gtwatch]
--a------ 2001-08-24 21:18 45056 C:\WINDOWS\Gtwatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-12 02:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-12 02:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 20:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2008-05-22 09:14 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-04-24 12:49 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-12 03:11]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-11 13:07]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-11 13:07]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 15:22]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 17:32]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-03-28 17:48]
S3 GT681x;%GrandTechICNameNT%;C:\WINDOWS\system32\DRIVERS\GT681x.SYS [2001-08-27 20:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7df40ca9-ec1d-11dc-bd47-806d6172696f}]
\Shell\AutoRun\command - E:\AUTORUN\AUTORUN.EXE
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AC3EE33591859605.job
- c:\docume~1\x\applic~1\keepwa~1\Team bike remote.exe [2008-07-22 09:10]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AutoRun - E:\AUTORUN\AutoRun.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
MSConfigStartUp-WindowsServicesStartup - C:\DOCUME~1\x\LOCALS~1\Temp\svchost.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\19rwtfyv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-12 10:53:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\x\LOCALS~1\Temp\RGI1.tmp

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-12 10:57:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 08:57:40

Pre-Run: 3,156,639,744 bytes free
Post-Run: 3,877,900,288 bytes free

215 --- E O F --- 2008-08-11 09:39:32

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------------------------------------------------------


Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\Tasks\AC3EE33591859605.job

Folder::
C:\Program Files\Keep warn memo
C:\Documents and Settings\x\Application Data\Keep warn memo
C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EqEggs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti Dog Beep Grid"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

sistem mi je jutros pao, format sam morao raditi, hvala u svakom slu;aju