MyCity » Ambulanta -> Arhiva Ambulante » Problem!!!

Problem!!!

Napisano na dan: 10.3.2009

Problem!!!
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Mar 2009 23:11
Idi na vrh
offline
  • Pridružio: 03 Nov 2007
  • Poruke: 42

Logfile of HijackThis v1.99.1
Scan saved at 11:05:03 PM, on 3/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jo\Desktop\nesto\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SoundMan] " SOUNDMAN.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C544F9A2-EEFD-4CCF-ADCC-976E22189885}: NameServer = 77.105.0.19 77.105.0.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

Ni jedan od 2 anti virusa (symanitec i Super antispy ware )mi ne detektuju virus a racunar mi radi sve sporije..pomozite

Poslao: 10 Mar 2009 23:35
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 11 Mar 2009 02:24
Idi na vrh
offline
  • Pridružio: 03 Nov 2007
  • Poruke: 42

ComboFix 09-03-10.01 - Jo 2009-03-11 2:04:37.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.446.168 [GMT 1:00]
Running from: c:\documents and settings\Jo\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\str.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYNSEND
-------\Service_synsend


((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-10 19:21 . 2009-03-10 19:21 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-10 19:21 . 2009-03-10 19:21 <DIR> d-------- c:\documents and settings\Jo\Application Data\SUPERAntiSpyware.com
2009-03-10 19:21 . 2009-03-10 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-10 19:20 . 2009-03-10 19:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-10 18:51 . 2009-03-10 18:51 50,176 --a------ C:\eufkbhuc.exe
2009-03-10 18:50 . 2009-03-10 18:50 123,392 --a------ C:\ribws.exe
2009-03-10 18:50 . 2009-03-10 18:50 33,280 --a------ c:\documents and settings\Jo\Application Data\niljk.dll
2009-03-10 18:49 . 2009-03-10 18:49 8,704 --a------ C:\kgjxwvsy.exe
2009-03-10 18:49 . 2009-03-10 18:49 2 --a------ C:\-930678870
2009-02-22 23:14 . 2009-02-22 23:14 <DIR> d-------- c:\documents and settings\Jo\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 00:57 --------- d-----w c:\documents and settings\Jo\Application Data\Skype
2009-03-11 00:47 --------- d-----w c:\documents and settings\Jo\Application Data\skypePM
2009-03-10 19:10 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-10 17:48 --------- d-----w c:\documents and settings\Jo\Application Data\uTorrent
2009-02-23 10:26 --------- d-----w c:\program files\eMule
2009-02-22 22:16 --------- d-----w c:\documents and settings\Jo\Application Data\Ahead
2009-02-02 16:50 --------- d-----w c:\program files\vanBasco's Karaoke Player
2009-01-23 13:01 --------- d-----w c:\program files\Google
2008-03-14 16:48 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-10-28 19:54 893,537 ----a-w c:\program files\MV2Player_06[1].010.exe
.

------- Sigcheck -------

2007-12-25 20:18 16896 4e06f50f95357b8cfbc81f5699e754b7 c:\windows\system32\svchost.exe

2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll
2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\dllcache\ws2_32.dll

2007-12-25 14:43 505856 e853481fef64a5be3fc3732d9d3d926a c:\windows\system32\winlogon.exe

2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2007-12-25 14:43 110080 5812a3513734517f8c2c5eab6b269864 c:\windows\system32\services.exe

2007-12-25 14:43 14336 c3e6b717e7b284e1fa89ba9f7a1be1ed c:\windows\system32\lsass.exe

2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe
2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\dllcache\ctfmon.exe

2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe
2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\dllcache\userinit.exe

2004-08-04 13:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
2004-08-04 13:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll

2007-04-16 17:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2004-08-04 13:00 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB935839$\kernel32.dll
2007-04-16 16:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\kernel32.dll
2007-04-16 16:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\dllcache\kernel32.dll

2004-08-04 13:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll
2004-08-04 13:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\dllcache\powrprof.dll

2004-08-04 13:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\imm32.dll
2004-08-04 13:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\dllcache\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 12:17 1326104 --a------ c:\program files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-09-15 05:47 1784856 --a------ c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-09-11 79872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-12 49152]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2008-01-12 398944]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-12 132496]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 2005-10-31 21:15 163840 c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 2004-12-28 23:01 544768 c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 12:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [2009-03-06 101936]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-02-08 806400]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 leqow;leqow;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 16896]
S3 AVZ;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [2007-11-04 7168]
S3 AVZSG;AVZ-SG Kernel Driver;c:\windows\system32\drivers\uji3otqy.sys [2007-11-04 9216]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYNSEND

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ed9c1a0-00c9-11de-96d2-00064f300101}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.krstarica.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ImTranslator - c:\progra~1\SMARTL~1\IMTRAN~1\startup.html
FF - ProfilePath - c:\documents and settings\Jo\Application Data\Mozilla\Firefox\Profiles\nw6nxxe6.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-11 02:10:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\str.sys 0 bytes
c:\windows\system32\drivers\pssnk.sys 78976 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ydixpajoz]
"ImagePath"="\??\c:\windows\system32\drivers\pssnk.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568-)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\scardsvr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\WgaTray.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-03-11 2:18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-11 01:17:56
ComboFix2.txt 2009-01-10 21:33:55

Pre-Run: 9,036,849,152 bytes free
Post-Run: 9,090,260,992 bytes free

218 --- E O F --- 2009-03-06 18:14:42

Poslao: 13 Mar 2009 17:59
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\eufkbhuc.exe
C:\ribws.exe
c:\documents and settings\Jo\Application Data\niljk.dll
C:\kgjxwvsy.exe
C:\-930678870
c:\windows\system32\drivers\pssnk.sys
c:\windows\system32\drivers\str.sys

Driver::
ydixpajoz

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ed9c1a0-00c9-11de-96d2-00064f300101}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Problem!!!

Ko je trenutno na forumu
 

Ukupno su 1167 korisnika na forumu :: 58 registrovanih, 8 sakrivenih i 1101 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AC-DC, Andrija357, armor, babaroga, bankulen, bladesu, Bluper, bojcistv, BORUTUS, BRATORIII, bufanje, ccoogg123, dekan.m, Denaya, Fabius, FileFinder, Gosha101980, goxin, goxsys, ikan, Istman, ivica976, jaeger, Komentator, Kubovac, KUZMAR, kybonacci, ladro, laki_bb, Lucije Kvint, madza, mean_machine, milutin134, mrav pesadinac, nextyamb, ozzy, Panter, panzerwaffe, pedjolino76, RJ, samsung, simazr, slonic_tonic, SR-3m, Srle993, stalja, Stoilkovic, Torpedo964, Trpe Grozni, vasa.93, Volkhov-M, vukovi, W123, wizzardone, wolf431, zillbg, Zoca