MyCity » Ambulanta -> Arhiva Ambulante » Problemi od 14.01.2009.

Problemi od 14.01.2009.

Napisano na dan: 17.1.2009

Strana:
1
2

Problemi od 14.01.2009.

Sledeća strana

Pagination

Odgovori

Strana:
1
2

tuzor Poslao: 17 Jan 2009 08:34 Idi na vrh
offline tuzor Legendarni građanin Pridružio: 03 Sep 2007 Poruke: 4115 Gde živiš: U Kraljevstvu duha	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:17:15, on 17.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Tuzor\Desktop\help\help.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm033YYRS O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.0.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6.....4023666937 O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{32BCCC01-BE56-4036-A14B-6BFE750C77A6}: NameServer = 212.200.164.5 212.200.164.10 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8998 bytes Nod32 stalno nalazi "trojance", mahom na "Temp" i na "Local Settings - Temporary Internet Files". Prva pojava dogodila se 14.01.2009. oko 10 časova pre podne (vreme kada je moj sestrić bio na kompu, dok sam ja bio na poslu). Nod je našao "a variant of NOD32/Kryptik.EN trojan" na desktopu, pa pretpostavljam da je bila neka igrica u pitanju.

Profil

helen1 Poslao: 17 Jan 2009 11:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo tuzore, vidim u cemu je problem. * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. --------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

tuzor Poslao: 17 Jan 2009 14:47 Idi na vrh
offline tuzor Legendarni građanin Pridružio: 03 Sep 2007 Poruke: 4115 Gde živiš: U Kraljevstvu duha	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dva puta sam čekao duže vreme, ali na desktopu nije bilo ikonica posle završetka rada Combo Fix-a, pa sam morao da gasim i ponovo pokrećem računar. Nadam se da je sada sve u redu. Evo izveštaja: ComboFix 09-01-16.03 - Tuzor 2009-01-17 14:29:58.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.138 [GMT 1:00] Running from: c:\documents and settings\Tuzor\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))) . 2009-01-15 12:57 . 2009-01-15 18:36 <DIR> d-------- c:\documents and settings\Tuzor\Application Data\Wildfire 2009-01-11 16:14 . 2009-01-11 16:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-23 17:50 . 2009-01-16 18:50 3,165,824 --a------ c:\program files\ccsetup215.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-11 15:13 --------- d-----w c:\program files\Java 2008-12-14 13:07 1,323,755 ----a-w c:\program files\WRC3Setup.exe 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 16:27 --------- d-----w c:\program files\Wise Disk Cleaner 2008-12-07 16:22 1,156,877 ----a-w c:\program files\WDC3Setup.exe 2008-07-29 21:00 774,144 ----a-w c:\program files\RngInterstitial.dll 2007-11-06 20:52 344,998,294 ----a-w c:\program files\Photoshop_CS2_tryout.zip 2007-11-03 13:42 1,399,575 ----a-w c:\program files\avg_asw_uma_en_75_8.pdf . ------- Sigcheck ------- 2007-06-13 11:23 1039872 d97fcfdaf10bfe662e627b4f2012149f c:\windows\explorer.exe 2007-06-13 12:26 1039872 dc0d433b5812bea909fcffb58dc1ba45 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 11:23 1039872 92473aa578fdb29857f6e1b5bdc63899 c:\windows\system32\dllcache\explorer.exe 2004-08-03 23:56 31232 cc641c1b59825b81dcbe86dce1161978 c:\windows\system32\userinit.exe 2004-08-03 23:56 31232 74a61160976f774f1d0e8cd90cd1084b c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-17_14.12.11,82 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-17 13:25:35 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1700864] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-12 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 163840] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 163840] "CnxDslTaskBar"="c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 458752] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-02 949376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] c:\documents and settings\Tuzor\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 120320] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-11-02 598069] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "vidc.vp31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-11-02 85265] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-11-02 15424] R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-11-02 60288] R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-11-02 642944] R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2007-11-02 108675] R3 nvsmbus;Service for NVIDIA nForce PCI System Management;c:\windows\system32\drivers\nvsmbus.sys [2007-11-02 10112] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm033YYRS IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll c:\windows\Downloaded Program Files\ghgamesplayer.dll - O16 -: {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab c:\windows\Downloaded Program Files\GHGamesPlayer.inf . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 14:32:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(564) c:\windows\system32\imon.dll . Completion time: 2009-01-17 14:35:32 ComboFix-quarantined-files.txt 2009-01-17 13:35:29 ComboFix2.txt 2009-01-17 13:13:15 Pre-Run: 1,099,546,624 bytes free Post-Run: 1,082,654,720 bytes free 113 --- E O F --- 2009-01-14 17:06:21

Profil

helen1 Poslao: 17 Jan 2009 15:00 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi novi HJT log.

Profil

tuzor Poslao: 17 Jan 2009 15:08 Idi na vrh
offline tuzor Legendarni građanin Pridružio: 03 Sep 2007 Poruke: 4115 Gde živiš: U Kraljevstvu duha	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 'Oću, brate Helen1, samo kako?

Profil

helen1 Poslao: 17 Jan 2009 15:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Polako, bato. Sad mi Bobi kaze da postoji i prvi ComboFix log, posto si dva puta skenirao. Mozes li mi ga pronaci?

Profil

tuzor Poslao: 17 Jan 2009 15:30 Idi na vrh
offline tuzor Legendarni građanin Pridružio: 03 Sep 2007 Poruke: 4115 Gde živiš: U Kraljevstvu duha	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posle prvog skeniranja, čekao sam oko 15 minuta, i nije bilo ikonica na desktopu. Nisam mogao da kopiram izveštaj. Isključio sam računar, i ponovo ga startovao. Kada sam hteo da kopiram izveštaj za Ambulantu, opcija "paste" nije bila dostupna. Ponovio sam potrebnu proceduru (deštikliranje Amon-a, skeniranje, edit-select all-edit-copy), i poslao izveštaj. Hoću ja da pošaljem prvi izveštaj, samo mi reci gde da ga nađem?

Profil

helen1 Poslao: 17 Jan 2009 15:32 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nalazi se na: c:\qoobox Iskopiraj mi sadrzaj svih ComboFixN.txt (N= broj) fajlova i onog jednog bez brojke.

Profil

tuzor Poslao: 17 Jan 2009 15:49 Idi na vrh
offline tuzor Legendarni građanin Pridružio: 03 Sep 2007 Poruke: 4115 Gde živiš: U Kraljevstvu duha	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvoli! Ako je to ovo (ComboFix - Notepad): ComboFix 09-01-16.03 - Tuzor 2009-01-17 14:29:58.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.138 [GMT 1:00] Running from: c:\documents and settings\Tuzor\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))) . 2009-01-15 12:57 . 2009-01-15 18:36 <DIR> d-------- c:\documents and settings\Tuzor\Application Data\Wildfire 2009-01-11 16:14 . 2009-01-11 16:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-23 17:50 . 2009-01-16 18:50 3,165,824 --a------ c:\program files\ccsetup215.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-11 15:13 --------- d-----w c:\program files\Java 2008-12-14 13:07 1,323,755 ----a-w c:\program files\WRC3Setup.exe 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 16:27 --------- d-----w c:\program files\Wise Disk Cleaner 2008-12-07 16:22 1,156,877 ----a-w c:\program files\WDC3Setup.exe 2008-07-29 21:00 774,144 ----a-w c:\program files\RngInterstitial.dll 2007-11-06 20:52 344,998,294 ----a-w c:\program files\Photoshop_CS2_tryout.zip 2007-11-03 13:42 1,399,575 ----a-w c:\program files\avg_asw_uma_en_75_8.pdf . ------- Sigcheck ------- 2007-06-13 11:23 1039872 d97fcfdaf10bfe662e627b4f2012149f c:\windows\explorer.exe 2007-06-13 12:26 1039872 dc0d433b5812bea909fcffb58dc1ba45 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 11:23 1039872 92473aa578fdb29857f6e1b5bdc63899 c:\windows\system32\dllcache\explorer.exe 2004-08-03 23:56 31232 cc641c1b59825b81dcbe86dce1161978 c:\windows\system32\userinit.exe 2004-08-03 23:56 31232 74a61160976f774f1d0e8cd90cd1084b c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-17_14.12.11,82 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-17 13:25:35 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1700864] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-12 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 163840] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 163840] "CnxDslTaskBar"="c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 458752] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-02 949376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] c:\documents and settings\Tuzor\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 120320] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-11-02 598069] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "vidc.vp31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-11-02 85265] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-11-02 15424] R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-11-02 60288] R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-11-02 642944] R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2007-11-02 108675] R3 nvsmbus;Service for NVIDIA nForce PCI System Management;c:\windows\system32\drivers\nvsmbus.sys [2007-11-02 10112] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm033YYRS IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll c:\windows\Downloaded Program Files\ghgamesplayer.dll - O16 -: {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab c:\windows\Downloaded Program Files\GHGamesPlayer.inf . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 14:32:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(564) c:\windows\system32\imon.dll . Completion time: 2009-01-17 14:35:32 ComboFix-quarantined-files.txt 2009-01-17 13:35:29 ComboFix2.txt 2009-01-17 13:13:15 Pre-Run: 1,099,546,624 bytes free Post-Run: 1,082,654,720 bytes free 113 --- E O F --- 2009-01-14 17:06:21 Dopuna: 17 Jan 2009 15:49 2008-09-17 21:45:10 A------- 140 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST.vir 2008-09-17 21:45:10 A------- 305 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT.vir 2008-09-17 21:45:10 A------- 3,343 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG.vir 2008-09-17 21:45:10 A------- 5,446 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV.vir 2008-09-17 21:45:10 A------- 20,164 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG.vir 2008-09-17 21:45:10 A------- 20,480 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir 2008-09-17 21:45:10 A------- 24,576 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir 2008-09-17 21:45:10 A------- 77,894 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir 2008-09-17 21:45:10 A------- 86,096 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir 2008-09-17 21:45:10 A------- 127,057 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir 2008-09-17 21:45:10 A------- 131,072 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir 2008-09-17 21:45:10 A------- 147,528 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir 2008-09-17 21:45:10 A------- 278,599 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir 2008-09-17 21:45:11 A------- 140 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST.vir 2008-09-17 21:45:11 A------- 32,768 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir 2008-09-17 21:45:29 A------- 89,655 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S.vir 2008-09-17 21:45:30 A------- 40,516 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON.F3S.vir 2008-09-17 21:45:30 A------- 71,675 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\DOG.F3S.vir 2008-09-17 21:45:30 A------- 106,998 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\FISH.F3S.vir 2008-09-17 21:45:30 A------- 301,118 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S.vir 2008-09-17 21:45:31 A------- 43,287 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S.vir 2008-09-17 21:45:31 A------- 122,747 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAID.F3S.vir 2008-09-17 21:45:31 A------- 129,559 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S.vir 2008-09-17 21:45:31 A------- 149,817 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S.vir 2008-09-17 21:45:31 A------- 155,471 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S.vir 2008-09-17 21:45:31 A------- 272,367 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S.vir 2008-09-17 21:45:32 A------- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\CM.ICO.vir 2008-09-17 21:45:32 A------- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\MFC.ICO.vir 2008-09-17 21:45:32 A------- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\SMILEY.ICO.vir 2008-09-17 21:45:32 A------- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\WB.ICO.vir 2008-09-17 21:45:32 A------- 10,134 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\PSS.ICO.vir 2008-09-17 21:45:32 A------- 12,782 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO.vir 2008-09-17 21:45:32 A------- 56,438 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S.vir 2008-09-17 21:45:32 A------- 56,688 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\REVERSI.F3S.vir 2008-09-17 21:45:32 A------- 66,726 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHESS.F3S.vir 2008-09-17 21:45:32 A------- 113,081 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S.vir 2008-09-17 21:45:32 A------- 243,509 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S.vir 2008-09-17 21:45:33 A------- 24 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir 2008-09-17 21:49:30 A------- 466 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\files.ini.vir 2008-09-17 21:49:39 A------- 68 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\settings.dat.vir 2008-09-17 21:49:39 A------- 525 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\setting2.htm.vir 2008-09-17 21:49:48 A------- 1,024 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search3.vir 2008-09-17 21:49:48 A------- 81,301 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm.vir 2008-09-17 21:49:51 A------- 2,288 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\011A645B.bin.vir 2008-09-17 21:49:51 A------- 130,417 C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html.vir 2008-09-17 21:49:51 A------- 615,875 C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html.vir 2008-09-17 21:49:52 A------- 2,288 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\011A69DA.bin.vir 2008-09-17 21:49:54 A------- 1,724 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\011A6F29.bin.vir 2008-09-17 21:49:55 A------- 1,668 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\011A75A1.bin.vir 2008-09-17 21:49:56 A------- 1,284 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\011A7A83.bin.vir 2008-09-17 21:49:57 A------- 1,284 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\011A7DFE.bin.vir 2008-09-17 21:49:58 A------- 1,940 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\011A81E6.bin.vir 2008-09-18 18:48:47 A------- 1,922 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif.vir 2008-09-18 18:48:47 A------- 2,044 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\center.htm.vir 2008-09-18 18:48:47 A------- 2,353 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif.vir 2008-09-18 18:48:47 A------- 3,630 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm.vir 2008-09-18 18:48:47 A------- 7,794 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\index.htm.vir 2008-09-18 18:48:48 A------- 64 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif.vir 2008-09-18 18:48:48 A------- 145 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif.vir 2008-09-18 18:48:48 A------- 724 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif.vir 2008-09-18 18:48:48 A------- 1,517 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif.vir 2008-09-18 18:48:48 A------- 2,570 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm.vir 2008-09-18 18:48:48 A------- 3,036 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif.vir 2008-09-18 18:48:48 A------- 3,753 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif.vir 2008-09-18 18:48:48 A------- 4,345 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm.vir 2008-09-18 18:48:48 A------- 6,205 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm.vir 2008-09-18 21:33:09 A------- 324,902 C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html.vir 2008-09-28 23:51:03 A------- 107 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\03975444.vir 2009-01-17 14:05:37 A------- 170 C:\Qoobox\Quarantine\catchme.log 2009-01-17 14:09:09 A------- 6,805 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-01-17 14:12:16 A------- 166 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-MyWebSearch Plugin.reg.dat Evo i narednog: ComboFix 09-01-16.03 - Zoran Tucakovic 2009-01-17 14:06:48.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.43 [GMT 1:00] Running from: c:\documents and settings\Tuzor\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Tuzor\Application Data\FunWebProducts c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\011A645B.bin c:\program files\MyWebSearch\bar\Cache\011A69DA.bin c:\program files\MyWebSearch\bar\Cache\011A6F29.bin c:\program files\MyWebSearch\bar\Cache\011A75A1.bin c:\program files\MyWebSearch\bar\Cache\011A7A83.bin c:\program files\MyWebSearch\bar\Cache\011A7DFE.bin c:\program files\MyWebSearch\bar\Cache\011A81E6.bin c:\program files\MyWebSearch\bar\Cache\03975444 c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm c:\program files\MyWebSearch\bar\Message\COMMON\center.htm c:\program files\MyWebSearch\bar\Message\COMMON\index.htm c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\bar\Settings\setting2.htm c:\program files\MyWebSearch\bar\Settings\settings.dat . ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))) . 2009-01-15 12:57 . 2009-01-15 18:36 <DIR> d-------- c:\documents and settings\Tuzor\Application Data\Wildfire 2009-01-11 16:14 . 2009-01-11 16:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-23 17:50 . 2009-01-16 18:50 3,165,824 --a------ c:\program files\ccsetup215.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-11 15:13 --------- d-----w c:\program files\Java 2008-12-14 13:07 1,323,755 ----a-w c:\program files\WRC3Setup.exe 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 16:27 --------- d-----w c:\program files\Wise Disk Cleaner 2008-12-07 16:22 1,156,877 ----a-w c:\program files\WDC3Setup.exe 2008-07-29 21:00 774,144 ----a-w c:\program files\RngInterstitial.dll 2007-11-06 20:52 344,998,294 ----a-w c:\program files\Photoshop_CS2_tryout.zip 2007-11-03 13:42 1,399,575 ----a-w c:\program files\avg_asw_uma_en_75_8.pdf . ------- Sigcheck ------- 2004-08-03 23:56 31232 cc641c1b59825b81dcbe86dce1161978 c:\windows\system32\userinit.exe 2004-08-03 23:56 31232 74a61160976f774f1d0e8cd90cd1084b c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1700864] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-12 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 163840] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 163840] "CnxDslTaskBar"="c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 458752] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-02 949376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] c:\documents and settings\Tuzor\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 120320] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-11-02 598069] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "vidc.vp31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-11-02 85265] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-11-02 15424] R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2007-11-02 60288] R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2007-11-02 642944] R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2007-11-02 108675] R3 nvsmbus;Service for NVIDIA nForce PCI System Management;c:\windows\system32\drivers\nvsmbus.sys [2007-11-02 10112] . - - - - ORPHANS REMOVED - - - - HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm033YYRS IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll TCP: {32BCCC01-BE56-4036-A14B-6BFE750C77A6} = 212.200.164.5 212.200.164.10 c:\windows\Downloaded Program Files\ghgamesplayer.dll - O16 -: {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab c:\windows\Downloaded Program Files\GHGamesPlayer.inf . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 14:09:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\windows\system32\imon.dll - - - - - - - > 'lsass.exe'(560) c:\windows\system32\imon.dll . Completion time: 2009-01-17 14:13:14 ComboFix-quarantined-files.txt 2009-01-17 13:13:12 Pre-Run: 1.170.321.408 bytes free Post-Run: 1,156,714,496 bytes free 184 --- E O F --- 2009-01-14 17:06:21

Profil

helen1 Poslao: 17 Jan 2009 16:11 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi sledece fajlove: c:\windows\system32\userinit.exe c:\windows\system32\dllcache\userinit.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problemi od 14.01.2009.

Ko je trenutno na forumu

Ukupno su 1079 korisnika na forumu :: 38 registrovanih, 5 sakrivenih i 1036 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Apok, Ben Roj, bigfoot, Bobrock1, Boris90, CikaKURE, Denaya, dijica, Dimitrije Paunovic, Dorcolac, draganca, Frunze, goxin, kunktator, ljuba, Marko Marković, Mercury, Metanoja, milenko crazy north, milutin134, mnn2, mrav pesadinac, nemkea71, Nobunaga, Panonsky, pein, RJ, sasa87, stalja, stegonosa, suton, Trpe Grozni, Tvrtko I, vathra, virked, Vlajman1957, voja64, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by