Provera loga

1

Provera loga

offline
  • Pridružio: 05 Mar 2009
  • Poruke: 35

Moze li mi tko reci sta od ovoga da provjerim i popravim jer se slabo kuzim u to a hitno mi je!Ne smijem sam da ne bi nesto zehebo!Please, komp mi je u kurc* pa mi recite.. Hvala unaprijed!Smile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:53:32, on 5.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\WS\My Documents\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54EF60C2-EC04-4016-B055-23A00F39E946}: NameServer = 212.39.98.161,212.39.98.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{54EF60C2-EC04-4016-B055-23A00F39E946}: NameServer = 212.39.98.161,212.39.98.162
O17 - HKLM\System\CS2\Services\Tcpip\..\{54EF60C2-EC04-4016-B055-23A00F39E946}: NameServer = 212.39.98.161,212.39.98.162
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9740 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

A, sta fali tvom kompjuteru?
Kakvih problema imas?

offline
  • Pridružio: 05 Mar 2009
  • Poruke: 35

pa svasta nesto...hehe..uglavnom imo sam problema s virusima dostaa ovih dana...pa sam se tog rjesio...ali recemo internet browseri mi nece bas da rade osim opere! explorer i mozzila stekaju na sve strane,kaspersky mi je naso dosta vulnerabiltys ali ne moze ih se rjesit, pa mi i on zapinje kad udjem u online security itd.....pa sam ovim HiJackThis sceniro sve..i sad ne znam ima li uopce ikakvih problema i sta trebam ili je nesto drugo u pitanju??Sad

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Uradices sledece, a odgovor od mene ces dobiti sutra prepodne ili popodne:

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 05 Mar 2009
  • Poruke: 35

ehh sad je problem sto ja ne mogu pokrenuti nijedan combofix! I to je problem!Sad pise kao nemam dozvolu za to i tako nesto??!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Iskljuci Antivirus.

Probaj da skines odavde i pokrenes, ukoliko ti program zatrazi updejtovanje, dozvoli:

http://amf.mycity.rs/programs/mirrored/C-F.exe

offline
  • Pridružio: 05 Mar 2009
  • Poruke: 35

Evo uspio sam skinuti...evo lod file..pomagajte!Wink



ComboFix 09-03-04.01 - WS 2009-03-05 19:53:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2047.1649 [GMT 1:00]
Running from: c:\documents and settings\WS\My Documents\C-F.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\UACopodwoel.sys
c:\windows\system32\UACavdkmxvv.dll
c:\windows\system32\UACawviwekx.log
c:\windows\system32\UACcnipwwlw.dll
c:\windows\system32\UACcxotfumn.dll
c:\windows\system32\UACfhxyurip.dll
c:\windows\system32\UACmngqowjd.dat
c:\windows\system32\UACsijkopxm.log
c:\windows\system32\UACsrvpyfqb.log
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-04 21:39 . 2009-03-04 21:58 <DIR> d-------- c:\program files\Opera
2009-03-03 19:02 . 2009-03-05 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-03 00:08 . 2009-03-02 16:23 48,690 -r-hs---- c:\windows\fxsteller.exe
2009-03-02 13:40 . 2009-03-05 15:40 5,396 --a------ c:\windows\system32\uacinit.dll
2009-02-25 15:44 . 2009-02-25 15:44 <DIR> d-------- c:\documents and settings\LocalService\Application Data\GameTracker
2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\WS\Application Data\Malwarebytes
2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 19:17 . 2009-03-03 20:09 3,553 --a------ c:\windows\system32\%LocalXml%
2009-02-16 18:46 . 2009-02-16 19:17 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-16 18:46 . 2009-02-16 19:17 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-16 18:33 . 2009-02-16 18:33 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-16 18:33 . 2009-03-05 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-16 18:33 . 2009-03-05 19:57 3,300,896 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-16 18:33 . 2009-03-05 19:57 434,208 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-16 18:33 . 2009-03-05 19:57 27,916 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-16 18:33 . 2009-03-05 19:57 3,612 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-16 17:35 . 2009-03-03 21:27 <DIR> d-------- c:\program files\Kaspersky
2009-02-14 18:45 . 2009-02-14 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 20:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 20:12 --------- d-----w c:\program files\BearShare Applications
2009-03-03 20:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-03 01:59 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-03 00:56 --------- d-----w c:\program files\Google
2009-03-01 04:34 --------- d-----w c:\documents and settings\WS\Application Data\uTorrent
2009-02-16 17:30 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-16 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-02 19:43 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-02 17:45 --------- d-----w c:\program files\AskBarDis
2009-02-02 17:07 --------- d-----w c:\program files\Cheating-Death
2009-01-29 22:02 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-01-29 22:01 --------- d-----w c:\documents and settings\WS\Application Data\GRETECH
2009-01-29 22:00 --------- d-----w c:\program files\GRETECH
2009-01-29 21:59 --------- d-----w c:\program files\AskSearch
2009-01-27 18:02 --------- d-----w c:\program files\Team JPN
2009-01-23 23:38 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-20 21:30 --------- d-----w c:\documents and settings\WS\Application Data\BSplayer PRO
2009-01-18 21:39 --------- d-----w c:\program files\GameSpy Arcade
2009-01-16 22:22 --------- d-----w c:\program files\Valve
2009-01-14 20:49 --------- d-----w c:\documents and settings\WS\Application Data\Sony Corporation
2009-01-14 20:41 --------- d-----w c:\program files\Sony
2009-01-14 19:15 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-11 01:14 --------- d-----w c:\program files\MSXML 6.0
2009-01-11 01:12 --------- d-----w c:\program files\MSXML 4.0
2009-01-06 18:39 --------- d-----w c:\program files\directx
2009-01-06 18:34 --------- d-----w c:\program files\Infogrames
2009-01-05 17:09 --------- d-----w c:\program files\Java
2008-12-02 21:14 24,192 ----a-w c:\documents and settings\WS\usbsermptxp.sys
2008-12-02 21:14 22,768 ----a-w c:\documents and settings\WS\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"= "c:\program files\AskSearch\bin\DefaultSearch.dll" [2008-09-29 90112]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-02-01 210208]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-22 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-16 206088]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-03 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\WS\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-01-14 376832]
PowerReg Scheduler V3.exe [2009-01-06 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center]
-r-hs---- 2009-03-02 16:23 48690 c:\windows\fxsteller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2007-11-15 151552]
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-03-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe
HKCU-Run-GameTracker - c:\program files\GameTracker\GTLite.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {54EF60C2-EC04-4016-B055-23A00F39E946} = 212.39.98.161,212.39.98.162
FF - ProfilePath - c:\documents and settings\WS\Application Data\Mozilla\Firefox\Profiles\dyfo66ot.default\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-05 19:58:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-03-05 20:01:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-05 19:01:32

Pre-Run: 71,932,014,592 bytes free
Post-Run: 72,061,644,800 bytes free

227 --- E O F --- 2009-03-05 11:57:57

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Iskljuci ponovo Antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\fxsteller.exe
c:\windows\system32\uacinit.dll
C:\Documents and Settings\Radosavljevic\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 05 Mar 2009
  • Poruke: 35

Evo...




ComboFix 09-03-04.01 - WS 2009-03-06 1:34:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2047.1400 [GMT 1:00]
Running from: c:\documents and settings\WS\My Documents\C-F.exe
Command switches used :: c:\documents and settings\WS\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\Radosavljevic\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\windows\fxsteller.exe
c:\windows\system32\uacinit.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\fxsteller.exe
c:\windows\system32\uacinit.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-04 21:39 . 2009-03-04 21:58 <DIR> d-------- c:\program files\Opera
2009-03-03 19:02 . 2009-03-05 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-02-25 15:44 . 2009-02-25 15:44 <DIR> d-------- c:\documents and settings\LocalService\Application Data\GameTracker
2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\WS\Application Data\Malwarebytes
2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 19:17 . 2009-03-03 20:09 3,553 --a------ c:\windows\system32\%LocalXml%
2009-02-16 18:46 . 2009-02-16 19:17 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-16 18:46 . 2009-02-16 19:17 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-16 18:33 . 2009-02-16 18:33 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-16 18:33 . 2009-03-05 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-16 18:33 . 2009-03-05 21:36 3,329,568 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-16 18:33 . 2009-03-05 20:57 466,976 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-16 18:33 . 2009-03-05 21:36 28,140 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-16 18:33 . 2009-03-05 20:57 3,724 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-16 17:35 . 2009-03-03 21:27 <DIR> d-------- c:\program files\Kaspersky
2009-02-14 18:45 . 2009-02-14 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 20:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 20:12 --------- d-----w c:\program files\BearShare Applications
2009-03-03 20:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-03 01:59 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-03 00:56 --------- d-----w c:\program files\Google
2009-03-01 04:34 --------- d-----w c:\documents and settings\WS\Application Data\uTorrent
2009-02-16 17:30 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-16 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-02 19:43 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-02 17:45 --------- d-----w c:\program files\AskBarDis
2009-02-02 17:07 --------- d-----w c:\program files\Cheating-Death
2009-01-29 22:02 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-01-29 22:01 --------- d-----w c:\documents and settings\WS\Application Data\GRETECH
2009-01-29 22:00 --------- d-----w c:\program files\GRETECH
2009-01-29 21:59 --------- d-----w c:\program files\AskSearch
2009-01-27 18:13 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-27 18:02 --------- d-----w c:\program files\Team JPN
2009-01-23 23:38 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 23:37 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-20 21:30 --------- d-----w c:\documents and settings\WS\Application Data\BSplayer PRO
2009-01-18 21:39 --------- d-----w c:\program files\GameSpy Arcade
2009-01-16 22:22 --------- d-----w c:\program files\Valve
2009-01-14 20:49 --------- d-----w c:\documents and settings\WS\Application Data\Sony Corporation
2009-01-14 20:41 --------- d-----w c:\program files\Sony
2009-01-14 19:15 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-11 01:14 --------- d-----w c:\program files\MSXML 6.0
2009-01-11 01:12 --------- d-----w c:\program files\MSXML 4.0
2009-01-06 18:39 --------- d-----w c:\program files\directx
2009-01-06 18:34 --------- d-----w c:\program files\Infogrames
2009-01-05 17:09 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-06 15:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-02 21:14 24,192 ----a-w c:\documents and settings\WS\usbsermptxp.sys
2008-12-02 21:14 22,768 ----a-w c:\documents and settings\WS\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 68856]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-02-01 210208]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-22 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-16 206088]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-03 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\WS\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-01-14 376832]
PowerReg Scheduler V3.exe [2009-01-06 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2007-11-15 151552]
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-03-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {54EF60C2-EC04-4016-B055-23A00F39E946} = 212.39.98.161,212.39.98.162
FF - ProfilePath - c:\documents and settings\WS\Application Data\Mozilla\Firefox\Profiles\dyfo66ot.default\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-06 01:37:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-06 1:38:12
ComboFix-quarantined-files.txt 2009-03-06 00:38:10
ComboFix2.txt 2009-03-05 19:01:36

Pre-Run: 71.908.847.616 bytes free
Post-Run: 71,894,523,904 bytes free

198 --- E O F --- 2009-03-05 11:57:57

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8303
  • Gde živiš: Novi Beograd

Iskljuci Antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\WS\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

DirLook::
c:\documents and settings\All Users\Application Data\SecTaskMan


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 304 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 298 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: miodrag2, Penzula, sekretar, Taso2, tomigun, wizzardone