Problem sa racunarom

1

Problem sa racunarom

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Da ne pisem ponovo, drug mi je ovo napisao, pa ja vama proslijedjujem:

Kad palim komp dodje mi do slike na desktopu i nista dalje, ni jedna ikonica, nista. Ctrl+Alt+Del i pokrenem task manager pa onda malo pokrecem neke procese vamo tamo... i posle jedno desetak minuta pojavi se normala desktop. Najzanimljivije je sto mi se procesi izvrsavaju ni pod system niti bilo kojim korisnikom :-| samo polje User Name bude prazno :-( Imam nekog trojanca AhnRpta.exe ne mogu ga se otarasiti nikako, kad god probam da udjem na C: on se pokrene i napravi mi fajl u %windows%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:32, on 16.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\dzona\Desktop\dzona.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\dse235rgd0.dll
O2 - BHO: IEHlprObj Class - {F171A450-7AF5-43E1-AFED-EDC826A1B0F5} - C:\WINDOWS\system32\bgdferw0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6887 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Zdravo,
Zasto ne koristis Antivirus?

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

ComboFix 09-01-15.01 - dzona 2009-01-16 14:07:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.326 [GMT 1:00]
Running from: c:\documents and settings\dzona\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\bvc0gyp.bat
c:\documents and settings\dzona\Application Data\EurekaLog
c:\documents and settings\dzona\Local Settings\Temporary Internet Files\MF12161ED.gif
c:\documents and settings\dzona\Local Settings\Temporary Internet Files\SF0ED.gif
c:\windows\system32\mdm.exe
D:\Autorun.inf
D:\bvc0gyp.bat
D:\resycled
d:\resycled\boot.com
E:\Autorun.inf
E:\bvc0gyp.bat
E:\resycled
e:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 01:09 . 2009-01-16 01:09 <DIR> d-------- c:\program files\Trend Micro
2009-01-16 01:05 . 2008-04-14 09:00 69,120 --a------ c:\windows\AhnRpta.exe
2009-01-16 00:25 . 2009-01-16 00:25 288 --a------ c:\windows\ODBC.INI
2009-01-16 00:25 . 2009-01-16 00:25 126 --a------ c:\windows\mdm.ini
2009-01-16 00:23 . 2009-01-16 00:23 <DIR> d-------- c:\program files\Web Publish
2009-01-15 22:01 . 2009-01-16 13:46 805 --a------ C:\rollback.ini
2009-01-15 21:16 . 2009-01-15 21:16 38,805 --a------ c:\windows\FontData.fdb
2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-15 19:31 . 2008-08-10 21:42 72,592 --a------ c:\windows\zllsputility.exe
2009-01-15 19:31 . 2009-01-16 00:51 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-15 19:30 . 2009-01-15 22:03 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-15 19:30 . 2009-01-15 19:30 <DIR> d-------- c:\program files\Zone Labs
2009-01-15 19:30 . 2008-08-10 21:42 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-15 19:30 . 2009-01-16 13:50 349,222 --a------ c:\windows\system32\vsconfig.xml
2009-01-15 19:29 . 2009-01-16 14:02 <DIR> d-------- c:\windows\Internet Logs
2009-01-15 17:53 . 2009-01-15 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-15 17:34 . 2009-01-15 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-01-15 16:13 . 2009-01-15 16:14 69,240 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-15 15:40 . 2009-01-15 15:40 <DIR> d-------- C:\totalcmd
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\UC.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\RAR.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKZIP.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\LHA.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\ARJ.PIF
2009-01-15 15:40 . 2009-01-16 01:09 300 --a------ c:\windows\wincmd.ini
2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-15 03:07 . 2009-01-15 03:07 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-15 03:06 . 2009-01-15 03:15 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-15 02:47 . 2009-01-15 02:50 <DIR> d-------- c:\program files\eMule
2009-01-15 02:11 . 2009-01-15 02:39 <DIR> d-------- c:\program files\MySQL-Front
2009-01-15 02:11 . 2009-01-15 02:13 <DIR> d-------- c:\documents and settings\dzona\Application Data\MySQL-Front
2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\program files\MySQL
2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\MySQL
2009-01-15 01:41 . 2009-01-15 01:41 <DIR> d-------- c:\program files\MSECache
2009-01-15 01:40 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\MSBuild
2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\Microsoft Works
2009-01-15 01:33 . 2009-01-15 01:37 <DIR> d-------- c:\windows\SHELLNEW
2009-01-15 01:32 . 2009-01-15 01:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-15 01:31 . 2009-01-15 01:31 <DIR> dr-h----- C:\MSOCache
2009-01-15 01:14 . 2009-01-15 12:57 <DIR> d-------- c:\documents and settings\dzona\Contacts
2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d-------- c:\program files\MSN Messenger
2009-01-15 01:06 . 2009-01-15 01:06 <DIR> d-------- c:\program files\Babylon
2009-01-15 01:06 . 2009-01-16 01:20 <DIR> d-------- c:\documents and settings\dzona\Application Data\Babylon
2009-01-15 01:06 . 2009-01-16 13:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon
2009-01-15 01:05 . 2009-01-15 01:05 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-15 00:16 . 2009-01-15 00:16 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-14 22:23 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2009-01-14 22:20 . 2009-01-14 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\dzona\Application Data\TuneUp Software
2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-14 21:46 . 2009-01-14 21:46 306,432 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-14 21:46 . 2007-12-20 10:41 29,440 --a------ c:\windows\system32\uxtuneup.dll
2009-01-14 21:45 . 2009-01-14 21:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2009-01-14 21:45 . 2009-01-14 21:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-14 21:43 . 2009-01-15 21:10 56 -r-hs---- c:\windows\system32\326CC3F28F.sys
2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Corel
2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-14 21:31 . 2009-01-14 21:31 <DIR> d-------- c:\documents and settings\dzona\Application Data\Corel
2009-01-14 21:31 . 2009-01-15 21:11 3,350 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-01-14 21:30 . 2009-01-14 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 21:28 . 2008-04-14 04:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Alcohol Soft
2009-01-14 21:21 . 2009-01-14 21:21 715,248 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-14 16:07 . 2009-01-14 16:07 <DIR> d-------- c:\program files\Google
2009-01-14 15:56 . 2009-01-14 15:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-14 13:21 . 2009-01-14 13:21 <DIR> d-------- c:\windows\system32\Lang
2009-01-14 13:21 . 2009-01-14 13:21 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-01-14 13:21 . 2009-01-14 13:21 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-01-14 13:15 . 2009-01-14 13:15 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-14 13:08 . 2009-01-14 13:08 <DIR> d-------- c:\program files\Webteh
2009-01-14 12:52 . 2009-01-15 00:15 <DIR> d-------- c:\documents and settings\dzona\Tracing
2009-01-14 12:47 . 2009-01-14 12:47 <DIR> d-------- c:\documents and settings\dzona\Application Data\Star-Tools
2009-01-14 12:42 . 2009-01-14 12:43 <DIR> d-------- C:\xampp
2009-01-14 07:25 . 2009-01-16 03:45 <DIR> d-------- c:\program files\FreeRapid-0.71
2009-01-14 07:25 . 2009-01-14 07:25 <DIR> d-------- c:\documents and settings\dzona\Application Data\VitySoft
2009-01-14 07:18 . 2009-01-14 07:18 <DIR> d-------- c:\program files\Winamp
2009-01-14 07:18 . 2009-01-14 13:15 <DIR> d-------- c:\documents and settings\dzona\Application Data\Winamp
2009-01-14 07:11 . 2009-01-15 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-14 07:10 . 2008-02-21 23:03 69,632 --a------ c:\windows\system32\javacpl.cpl
2009-01-14 07:09 . 2009-01-14 07:10 <DIR> d-------- c:\program files\Java
2009-01-14 07:09 . 2009-01-14 07:09 <DIR> d-------- c:\program files\Common Files\Java
2009-01-14 07:06 . 2009-01-14 21:22 175,087 -r-hs---- c:\windows\system32\oukdfgr.exe
2009-01-14 07:06 . 2009-01-14 21:23 109,056 -r-hs---- c:\windows\system32\hyrteas0.dll
2009-01-14 07:05 . 2009-01-14 07:05 0 --a------ c:\windows\nsreg.dat
2009-01-14 06:58 . 2009-01-14 06:58 <DIR> d-------- c:\windows\system32\RTCOM
2009-01-14 06:58 . 2006-03-16 06:24 4,249,088 -r------- c:\windows\system32\drivers\RtkHDAud.Sys
2009-01-14 06:58 . 2006-03-09 10:45 364,544 -r------- c:\windows\RtlUpd.exe
2009-01-14 06:58 . 2005-10-31 11:17 135,168 -r------- c:\windows\system32\RtlCPAPI.dll
2009-01-14 06:58 . 2006-02-20 10:00 86,016 -r------- c:\windows\SoundMan.exe
2009-01-14 06:58 . 2005-07-15 09:48 40,960 -r------- c:\windows\system32\ChCfg.exe
2009-01-14 06:57 . 2009-01-14 06:57 <DIR> d-------- c:\program files\Realtek
2009-01-14 06:57 . 2006-03-14 10:01 16,010,752 -r------- c:\windows\RTHDCPL.exe
2009-01-14 06:57 . 2006-03-14 08:49 9,711,104 -r------- c:\windows\RTLCPL.exe
2009-01-14 06:57 . 2006-03-14 08:45 2,809,344 -r------- c:\windows\alcwzrd.exe
2009-01-14 06:57 . 2006-03-10 12:32 2,158,592 -r------- c:\windows\MicCal.exe
2009-01-14 06:57 . 2005-04-16 15:20 487,424 -r------- c:\windows\RtlExUpd.dll
2009-01-14 06:57 . 2005-09-21 03:25 299,008 -r------- c:\windows\system32\ALSndMgr.Cpl
2009-01-14 06:57 . 2006-01-10 06:58 266,240 -r------- c:\windows\system32\RTSndMgr.Cpl
2009-01-14 06:57 . 2005-05-03 11:43 69,632 -r------- c:\windows\Alcmtr.exe
2009-01-14 06:56 . 2005-11-16 09:08 78,976 --a------ c:\windows\system32\drivers\Rtenicxp.sys
2009-01-14 06:52 . 2009-01-14 06:52 <DIR> d-------- c:\program files\IVT Corporation
2009-01-14 06:52 . 2008-04-14 00:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2009-01-14 06:49 . 2009-01-14 06:49 <DIR> d-------- c:\windows\Options
2009-01-14 06:49 . 2005-09-26 05:21 1,145,728 -ra------ c:\windows\system32\drivers\AGRSM.sys
2009-01-14 06:49 . 2005-09-09 04:20 88,203 -ra------ c:\windows\AGRSMMSG.exe
2009-01-14 06:49 . 2005-05-02 05:10 68,096 --------- c:\windows\system32\agrsmdel.exe
2009-01-14 06:49 . 2005-05-02 05:10 68,096 -ra------ c:\windows\agrsmdel.exe
2009-01-14 00:10 . 2009-01-14 00:10 4,444 --a------ c:\windows\system32\pid.PNF
2009-01-14 00:09 . 2001-08-17 18:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-14 00:08 . 2008-04-14 10:42 74,240 --a------ c:\windows\system32\usbui.dll
2009-01-14 00:08 . 2008-04-14 05:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-14 00:08 . 2008-04-14 05:06 14,208 --a------ c:\windows\system32\drivers\battc.sys
2009-01-14 00:08 . 2008-04-14 05:06 13,952 --a------ c:\windows\system32\drivers\CmBatt.sys
2009-01-14 00:08 . 2008-04-14 05:06 10,240 --a------ c:\windows\system32\drivers\compbatt.sys
2009-01-14 00:08 . 2001-08-17 18:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-14 00:06 . 2009-01-15 03:15 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-14 00:05 . 2009-01-15 17:59 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-14 00:05 . 2009-01-15 17:08 <DIR> d-------- c:\windows\system32\CatRoot
2009-01-14 00:05 . 2009-01-13 23:19 <DIR> d--h----- c:\documents and settings\Default User
2009-01-14 00:05 . 2009-01-13 23:17 <DIR> d-------- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 20:30 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 05:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 22:31 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-13 22:31 --------- d-----w c:\program files\RALINK
2009-01-13 22:30 --------- d-----w c:\program files\ATI Technologies
2009-01-13 22:27 --------- d-----w c:\program files\AMD
2009-01-13 22:19 --------- d-----w c:\program files\microsoft frontpage
2009-01-13 22:13 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-14 3960552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-10 981904]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-11-21 03:11 3289088 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-10 24636]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2519b0cc-e279-11dd-ac78-0016174fd288}]
\Shell\AutoRun\command - H:\ve.exe
\Shell\open\Command - H:\ve.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{F171A450-7AF5-43E1-AFED-EDC826A1B0F5} - (no file)
ShellExecuteHooks-{BB4C402F-882A-4526-8C08-51278EA437C1} - (no file)
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\dzona\Application Data\Mozilla\Firefox\Profiles\1gk3djcj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ba
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 14:09:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-16 14:10:20
ComboFix-quarantined-files.txt 2009-01-16 13:10:18

Pre-Run: 25.482.981.376 bytes free
Post-Run: 25,596,051,456 bytes free

274

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\AhnRpta.exe
c:\windows\system32\oukdfgr.exe
c:\windows\system32\hyrteas0.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2519b0cc-e279-11dd-ac78-0016174fd288}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Kako mislis ne koristim? Imam Zone Alarm Internet Security 2009 ali sam ga ga ugasio prije pokretanja Comba. Tek sam podigao sistem na racunaru i instalirao ZA. Mozes li mi preporuciti neki drugi antivirus ili sta vec? Da li je ZA ok?

ComboFix 09-01-15.01 - dzona 2009-01-16 21:01:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.346 [GMT 1:00]
Running from: c:\documents and settings\dzona\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dzona\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\AhnRpta.exe
c:\windows\system32\hyrteas0.dll
c:\windows\system32\oukdfgr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AhnRpta.exe
c:\windows\system32\hyrteas0.dll
c:\windows\system32\oukdfgr.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 14:26 . 2009-01-16 20:49 <DIR> d-------- c:\documents and settings\dzona\Application Data\uTorrent
2009-01-16 01:09 . 2009-01-16 01:09 <DIR> d-------- c:\program files\Trend Micro
2009-01-16 00:25 . 2009-01-16 00:25 288 --a------ c:\windows\ODBC.INI
2009-01-16 00:25 . 2009-01-16 00:25 126 --a------ c:\windows\mdm.ini
2009-01-16 00:23 . 2009-01-16 00:23 <DIR> d-------- c:\program files\Web Publish
2009-01-15 22:01 . 2009-01-16 20:55 959 --a------ C:\rollback.ini
2009-01-15 21:16 . 2009-01-15 21:16 38,805 --a------ c:\windows\FontData.fdb
2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-15 19:31 . 2008-08-10 21:42 72,592 --a------ c:\windows\zllsputility.exe
2009-01-15 19:31 . 2009-01-16 00:51 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-15 19:30 . 2009-01-16 14:47 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-15 19:30 . 2009-01-15 19:30 <DIR> d-------- c:\program files\Zone Labs
2009-01-15 19:30 . 2008-08-10 21:42 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-15 19:30 . 2009-01-16 14:12 349,222 --a------ c:\windows\system32\vsconfig.xml
2009-01-15 19:29 . 2009-01-16 20:56 <DIR> d-------- c:\windows\Internet Logs
2009-01-15 17:53 . 2009-01-15 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-15 17:34 . 2009-01-15 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-01-15 16:13 . 2009-01-15 16:14 69,240 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-15 15:40 . 2009-01-15 15:40 <DIR> d-------- C:\totalcmd
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\UC.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\RAR.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKZIP.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\LHA.PIF
2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\ARJ.PIF
2009-01-15 15:40 . 2009-01-16 01:09 300 --a------ c:\windows\wincmd.ini
2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-15 03:07 . 2009-01-15 03:07 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-15 03:06 . 2009-01-15 03:15 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-15 02:47 . 2009-01-15 02:50 <DIR> d-------- c:\program files\eMule
2009-01-15 02:11 . 2009-01-15 02:39 <DIR> d-------- c:\program files\MySQL-Front
2009-01-15 02:11 . 2009-01-15 02:13 <DIR> d-------- c:\documents and settings\dzona\Application Data\MySQL-Front
2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\program files\MySQL
2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\MySQL
2009-01-15 01:41 . 2009-01-15 01:41 <DIR> d-------- c:\program files\MSECache
2009-01-15 01:40 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\MSBuild
2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\Microsoft Works
2009-01-15 01:33 . 2009-01-15 01:37 <DIR> d-------- c:\windows\SHELLNEW
2009-01-15 01:32 . 2009-01-15 01:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-15 01:31 . 2009-01-15 01:31 <DIR> dr-h----- C:\MSOCache
2009-01-15 01:14 . 2009-01-15 12:57 <DIR> d-------- c:\documents and settings\dzona\Contacts
2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d-------- c:\program files\MSN Messenger
2009-01-15 01:06 . 2009-01-15 01:06 <DIR> d-------- c:\program files\Babylon
2009-01-15 01:06 . 2009-01-16 01:20 <DIR> d-------- c:\documents and settings\dzona\Application Data\Babylon
2009-01-15 01:06 . 2009-01-16 20:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon
2009-01-15 01:05 . 2009-01-15 01:05 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-15 00:16 . 2009-01-15 00:16 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-14 22:23 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2009-01-14 22:20 . 2009-01-14 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\dzona\Application Data\TuneUp Software
2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-14 21:46 . 2009-01-14 21:46 306,432 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-14 21:46 . 2007-12-20 10:41 29,440 --a------ c:\windows\system32\uxtuneup.dll
2009-01-14 21:45 . 2009-01-14 21:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2009-01-14 21:45 . 2009-01-14 21:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-14 21:43 . 2009-01-15 21:10 56 -r-hs---- c:\windows\system32\326CC3F28F.sys
2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Corel
2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-14 21:31 . 2009-01-14 21:31 <DIR> d-------- c:\documents and settings\dzona\Application Data\Corel
2009-01-14 21:31 . 2009-01-15 21:11 3,350 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-01-14 21:30 . 2009-01-14 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 21:28 . 2008-04-14 04:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Alcohol Soft
2009-01-14 21:21 . 2009-01-14 21:21 715,248 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-14 16:07 . 2009-01-14 16:07 <DIR> d-------- c:\program files\Google
2009-01-14 15:56 . 2009-01-14 15:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-14 13:21 . 2009-01-14 13:21 <DIR> d-------- c:\windows\system32\Lang
2009-01-14 13:21 . 2009-01-14 13:21 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-01-14 13:21 . 2009-01-14 13:21 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-01-14 13:15 . 2009-01-14 13:15 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-14 13:08 . 2009-01-14 13:08 <DIR> d-------- c:\program files\Webteh
2009-01-14 12:52 . 2009-01-15 00:15 <DIR> d-------- c:\documents and settings\dzona\Tracing
2009-01-14 12:47 . 2009-01-14 12:47 <DIR> d-------- c:\documents and settings\dzona\Application Data\Star-Tools
2009-01-14 12:42 . 2009-01-14 12:43 <DIR> d-------- C:\xampp
2009-01-14 07:25 . 2009-01-16 03:45 <DIR> d-------- c:\program files\FreeRapid-0.71
2009-01-14 07:25 . 2009-01-14 07:25 <DIR> d-------- c:\documents and settings\dzona\Application Data\VitySoft
2009-01-14 07:18 . 2009-01-14 07:18 <DIR> d-------- c:\program files\Winamp
2009-01-14 07:18 . 2009-01-14 13:15 <DIR> d-------- c:\documents and settings\dzona\Application Data\Winamp
2009-01-14 07:11 . 2009-01-15 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-14 07:10 . 2008-02-21 23:03 69,632 --a------ c:\windows\system32\javacpl.cpl
2009-01-14 07:09 . 2009-01-14 07:10 <DIR> d-------- c:\program files\Java
2009-01-14 07:09 . 2009-01-14 07:09 <DIR> d-------- c:\program files\Common Files\Java
2009-01-14 07:05 . 2009-01-14 07:05 0 --a------ c:\windows\nsreg.dat
2009-01-14 06:58 . 2009-01-14 06:58 <DIR> d-------- c:\windows\system32\RTCOM
2009-01-14 06:58 . 2006-03-16 06:24 4,249,088 -r------- c:\windows\system32\drivers\RtkHDAud.Sys
2009-01-14 06:58 . 2006-03-09 10:45 364,544 -r------- c:\windows\RtlUpd.exe
2009-01-14 06:58 . 2005-10-31 11:17 135,168 -r------- c:\windows\system32\RtlCPAPI.dll
2009-01-14 06:58 . 2006-02-20 10:00 86,016 -r------- c:\windows\SoundMan.exe
2009-01-14 06:58 . 2005-07-15 09:48 40,960 -r------- c:\windows\system32\ChCfg.exe
2009-01-14 06:57 . 2009-01-14 06:57 <DIR> d-------- c:\program files\Realtek
2009-01-14 06:57 . 2006-03-14 10:01 16,010,752 -r------- c:\windows\RTHDCPL.exe
2009-01-14 06:57 . 2006-03-14 08:49 9,711,104 -r------- c:\windows\RTLCPL.exe
2009-01-14 06:57 . 2006-03-14 08:45 2,809,344 -r------- c:\windows\alcwzrd.exe
2009-01-14 06:57 . 2006-03-10 12:32 2,158,592 -r------- c:\windows\MicCal.exe
2009-01-14 06:57 . 2005-04-16 15:20 487,424 -r------- c:\windows\RtlExUpd.dll
2009-01-14 06:57 . 2005-09-21 03:25 299,008 -r------- c:\windows\system32\ALSndMgr.Cpl
2009-01-14 06:57 . 2006-01-10 06:58 266,240 -r------- c:\windows\system32\RTSndMgr.Cpl
2009-01-14 06:57 . 2005-05-03 11:43 69,632 -r------- c:\windows\Alcmtr.exe
2009-01-14 06:56 . 2005-11-16 09:08 78,976 --a------ c:\windows\system32\drivers\Rtenicxp.sys
2009-01-14 06:52 . 2009-01-14 06:52 <DIR> d-------- c:\program files\IVT Corporation
2009-01-14 06:52 . 2008-04-14 00:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2009-01-14 06:49 . 2009-01-14 06:49 <DIR> d-------- c:\windows\Options
2009-01-14 06:49 . 2005-09-26 05:21 1,145,728 -ra------ c:\windows\system32\drivers\AGRSM.sys
2009-01-14 06:49 . 2005-09-09 04:20 88,203 -ra------ c:\windows\AGRSMMSG.exe
2009-01-14 06:49 . 2005-05-02 05:10 68,096 --------- c:\windows\system32\agrsmdel.exe
2009-01-14 06:49 . 2005-05-02 05:10 68,096 -ra------ c:\windows\agrsmdel.exe
2009-01-14 00:10 . 2009-01-14 00:10 4,444 --a------ c:\windows\system32\pid.PNF
2009-01-14 00:09 . 2001-08-17 18:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-14 00:08 . 2008-04-14 10:42 74,240 --a------ c:\windows\system32\usbui.dll
2009-01-14 00:08 . 2008-04-14 05:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-14 00:08 . 2008-04-14 05:06 14,208 --a------ c:\windows\system32\drivers\battc.sys
2009-01-14 00:08 . 2008-04-14 05:06 13,952 --a------ c:\windows\system32\drivers\CmBatt.sys
2009-01-14 00:08 . 2008-04-14 05:06 10,240 --a------ c:\windows\system32\drivers\compbatt.sys
2009-01-14 00:08 . 2001-08-17 18:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-14 00:06 . 2009-01-15 03:15 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-14 00:05 . 2009-01-16 14:09 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-14 00:05 . 2009-01-15 17:08 <DIR> d-------- c:\windows\system32\CatRoot
2009-01-14 00:05 . 2009-01-16 14:10 <DIR> d--h----- c:\documents and settings\Default User
2009-01-14 00:05 . 2009-01-13 23:17 <DIR> d-------- c:\documents and settings\All Users
2009-01-14 00:05 . 2009-01-13 23:24 <DIR> d-------- C:\Documents and Settings
2009-01-14 00:05 . 2008-04-14 09:00 1,296,669 -ra------ c:\windows\SET3.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 20:30 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 05:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 22:31 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-13 22:31 --------- d-----w c:\program files\RALINK
2009-01-13 22:30 --------- d-----w c:\program files\ATI Technologies
2009-01-13 22:27 --------- d-----w c:\program files\AMD
2009-01-13 22:19 --------- d-----w c:\program files\microsoft frontpage
2009-01-13 22:13 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_14.09.33,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-16 13:05:48 284,316 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2009-01-16 20:00:56 284,316 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2009-01-15 21:03:17 10,753,182 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-01-16 13:47:13 10,773,339 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-14 3960552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-10 981904]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-11-21 03:11 3289088 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Documents and Settings\\dzona\\My Documents\\DesktopToolbar\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-10 24636]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\dzona\Application Data\Mozilla\Firefox\Profiles\1gk3djcj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ba
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 21:02:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-16 21:03:37
ComboFix-quarantined-files.txt 2009-01-16 20:03:35

Pre-Run: 24.830.775.296 bytes free
Post-Run: 24,818,577,408 bytes free

269

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Zipuj/raruj mi sledeci folder:
C:\qoobox\quarantine


i posalji mi ga preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Uploadovao sam fajl sinoc. A evo sada kada sam palio racunar, opet se pali 10 min. :/

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Log je cist.

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


A, sad zasto je usporen, to ne znam. Ako ce ti biti lakse ni moj komp u Beogradu se ne ukljucuje nista brze od tvog.

Tog trojanca smo obrisali.

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Kaze da nema Comba ...
Ali nije mi jasno, podignem sistem i onda se 10 puta sporije dize ... :/

Hvala na pomoci.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Jesi kucao combofix /u?

Ko je trenutno na forumu
 

Ukupno su 999 korisnika na forumu :: 56 registrovanih, 14 sakrivenih i 929 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aleksandar_tatic, aleksandarcipo 2, amaterSRB, Apok, apostata, awathorn, axa, BoT, cole77, dejan__81, dejanbenkovic, Dersu Uzala, Dimitrise93, DJORDJE-NO-1, Drug pukovnik, Duh sa sekirom, flash12, goxin, ivan979, Kubovac, Levi, ljuba sd, Magister, Mihajlo, MikeHammer, Milan A. Nikolic, Miskohd, mnn2, mračni čovek, mrmr, nemkea71, ninareflex, novidan, Panonsky, Parker2, pein, Penzula, RecA2, reidmihajilo, renoje2, RJ, sakota79, Sale.S, samsung2, slonic_tonic, StepskiVuk2, stug, theNedjeljko, vasa.93, Vl veliki, Wrangler2, yufighter, zexoni, Zori