Shontavi DESK TOP

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

znam znam (mislim nauchio sam od proshli put =) )

Dopuna: 27 Jun 2008 19:55

e sad izglda da imam problem zeshci...

odadio sam sa fleshkom onako kako si mi rekao...ali kad pokrenem kombo on odradi neshto malo kaze da ne moze da nadje neki specifichan fajl....i onda mi poplavi ekran pishe nehsto sli ne mogu da stignem da prochitam jer se odma restartuje win...?!?!?!?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aj probamo ovako:

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Pa onda probaj ComboFix.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bez ikakvog uspjeha ponovo se isto ponovilo...javio je combo da ne moze da nadje neki specijalni fajl...i roknuo...=) a ugasio sam bio KIS....tj pauzirao....

mislim da bi treba ja ovo da formatiram...??!!!?'!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da razmislim i vidim sta cemo... Do sutra cu se javiti, nadam se. Strpljenja prijatelju...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

oki no frks...hvala za trud....

Dopuna: 27 Jun 2008 20:46

Logfile of HijackThis v1.99.1
Scan saved at 20:42, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Programmi\Boot Camp\KbdMgr.exe
C:\Programmi\Java\jre1.6.0\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dllcache\iexplore.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmi\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmi\TechSmith\SnagIt 8\SnagPriv.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Desktop\AMBULANTA\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = cafemontenegro.cg.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Programmi\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sXe Injected] C:\Programmi\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: CabBuilder - ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Servizio orario Apple (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe

POSHTO SAM MISLIO DA SU SE NESHTO OVI PROGRAMCHICI ZA CHISHCENE ZEZNULI ODLUCHIO SAM DA PONOVIM POSTUPAK...SKINU ONAJ PRVI PROGRAM I OVO GORE JE LOG OD NJEGA....SAD CU COMBO ODRADIT....PA TI KAD VIDISH I KAD PROUCHISH JAVI...MENI NIJE ZURBA NIKAKVA JER SU MI PROSHLI ISPITI VEZANI ZA KOMP...TAKO SAMO LAGANO...

Dopuna: 27 Jun 2008 20:55

e nije do toga...kad odradim combo on javi ona sranja da je komp inficiran i da ne moze da pronadje onaj fajl...ali mislim da ga je onaj flesh zeznuo nehsto jer od kad sam ono njega ukljuchio nece vishe combo...i kad mi se restartuje kom iskochi mi ono sranje da shaljem mikrosoftu kao greshke 2 komada slikao sam ih...ali ne znam kako se kache slike ovdje .... pa cu ti ih poslat na mail ako ti nadjem mail na profil

Dopuna: 27 Jun 2008 20:59

prva greshka !!!



druga greshka !!!


e komp mi je na italijanski...tako da cu ti ovo prevesti ako ti bude uopshte potrebno !!!

Dopuna: 27 Jun 2008 21:02

ih nisam vidio da mi je javi dva put istu svar...e i kad palim komp odma mi se pali internet explorer i MSN...u msn-u sam ugasio prije automacko paljenje ali se on opet sad pali...eto to je sve CHUJEMO SE

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ukljuci prikazivanje skrivenih fajlova i uploaduj mi sledece fajlove:

C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dllcache\iexplore.exe

uploaduj mi preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

Mora da postoji negde ComboFix log, iako skeniranje nije uspelo. Potrazi ga.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

upload sam odradio...potrazicu ga....sad cu ti i okachit shto je KIS 2009 detektovao...




Dopuna: 28 Jun 2008 2:29

evo shto sam nashao...

neki text fajl COMBO FIX

ComboFix 08-06-20.4 - User 2008-06-28 2:12:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1385 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\AMBULANTA\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

i josh jedan :

ComboFix 08-06-20.4 - User 2008-06-28 2:12:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1385 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\AMBULANTA\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

i josh jedan:
2008-06-25 08:53 110892 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\amvo.exe.vir
2008-06-26 07:12 77312 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir
2008-06-26 22:38 54 --a------ C:\Qoobox\Quarantine\catchme.log

to je sve... kad mi pojasnish malo kako drugachije da nadjem uradicu...ovo sam na najednostavni nachin nashao otishao na search =)

Dopuna: 28 Jun 2008 16:18

evo sam uspio da odradim sa combom log....

p.s. greshka je prije bila moja shto nisam...kad sam odradio sam fleshom chiscenje restartovao komp...makar mislim da je to poshto mi je sad uspjelo...EVO LOGA....

ComboFix 08-06-20.4 - User 2008-06-28 16:09:43.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1562 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\AMBULANTA\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-28 )))))))))))))))))))))))))))))))))))
.

2008-06-27 00:03 . 2008-06-28 16:08 <DIR> d-------- C:\Programmi\sXe Injected
2008-06-23 14:36 . 2008-06-23 14:36 268 --ah----- C:\sqmdata14.sqm
2008-06-23 14:36 . 2008-06-23 14:36 244 --ah----- C:\sqmnoopt14.sqm
2008-06-22 16:01 . 2008-06-22 16:01 <DIR> d-------- C:\Programmi\TechSmith
2008-06-22 15:59 . 2008-06-22 15:59 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-19 21:23 . 2008-06-19 21:29 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-19 21:23 . 2008-06-19 21:29 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-19 21:22 . 2008-06-19 21:22 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-06-19 21:22 . 2008-06-28 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-19 21:22 . 2008-06-28 16:05 3,985,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-19 21:22 . 2008-06-28 16:09 483,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-19 21:22 . 2008-06-28 16:05 32,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-19 21:22 . 2008-06-28 16:09 2,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-19 14:50 . 2008-06-28 16:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 14:50 . 2008-06-19 14:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 09:56 . 2008-06-19 09:56 <DIR> d-------- C:\Programmi\QuickTime
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-18 16:19 . 2008-06-18 16:19 <DIR> d-------- C:\WINDOWS\Counter-Strike Source Non-Steam
2008-06-18 13:47 . 2008-06-18 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-06-16 23:53 . 2008-06-17 22:45 <DIR> d-------- C:\Programmi\eMule AdunanzA
2008-06-16 23:53 . 2008-06-16 23:53 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\eMule AdunanzA
2008-06-15 22:46 . 2008-06-15 22:46 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-15 22:09 . 2008-06-15 22:09 8,439,274 --a------ C:\zlaka canterl.EPS
2008-06-11 16:03 . 2008-04-22 09:42 625,664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-11 16:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:01 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:19 . 2007-05-22 11:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-06-10 18:15 . 2008-06-10 18:15 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 13:09 . 2008-06-09 14:02 424 --a------ C:\WINDOWS\ODBC.INI
2008-06-08 20:56 . 2008-06-08 20:56 <DIR> d-------- C:\Programmi\TVAnts
2008-06-05 20:52 . 2008-06-05 20:52 <DIR> d-------- C:\Programmi\Sports Interactive
2008-06-04 20:49 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-04 20:47 . 2008-06-19 01:46 <DIR> d-------- C:\Programmi\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 10:17 --------- d-----w C:\Programmi\Valve
2008-06-26 05:12 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-06-22 02:11 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\dvdcss
2008-06-18 00:40 --------- d-----w C:\Programmi\Winamp
2008-06-18 00:39 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-06-18 00:39 --------- d-----w C:\Programmi\Valve Hammer Editor
2008-06-14 20:14 --------- d-----w C:\Programmi\ApexDC++
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:19 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Abvent
2008-06-10 16:17 --------- d-----w C:\Programmi\Graphisoft
2008-06-10 16:15 --------- d-----w C:\Programmi\Java
2008-06-04 18:51 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-04 18:18 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-26 09:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-05-26 08:47 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ESET
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Autodesk
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-21 03:15 --------- d-----w C:\Programmi\turbo squid tentacles
2008-05-21 03:11 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-21 03:11 --------- d-----w C:\Programmi\Autodesk
2008-05-10 00:19 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-05-09 23:27 --------- d-----w C:\Programmi\Webteh
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:02 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBUKEY
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBU-SYSTEMS
2008-05-06 10:16 --------- d-----w C:\Programmi\Google
2008-05-01 18:41 --------- d-----w C:\Programmi\SopCast
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-02 16:06 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-23 16:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007112320071124\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_22.45.47.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 20:40:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 14:07:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-26 18:29:28 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-28 12:56:41 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-06-28 12:56:41 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-28 12:56:41 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"Microsoft©"="C:\WINDOWS\system32\dllcache\iexplore.exe" [2008-04-22 09:42 625664]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 00:48 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"IRW"="C:\WINDOWS\system32\IRW.exe" [2007-10-08 21:56 147456]
"Apple_KbdMgr"="C:\Programmi\Boot Camp\KbdMgr.exe" [2007-10-08 23:06 419120]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0\bin\jusched.exe" [2008-06-10 18:15 77824]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"sXe Injected"="C:\Programmi\sXe Injected\sXe Injected.exe" [2008-06-26 09:42 581120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 06:16 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 06:43:54 11000]
SnagIt 8.lnk - C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe [2006-11-07 23:51:26 6366792]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"=
"C:\\Programmi\\ApexDC++\\ApexDC.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\WIBUKEY\\Server\\WkSvW32.exe"=
"C:\\Programmi\\Valve\\hlds.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"C:\\Programmi\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"C:\\Programmi\\Valve\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\system32\AppleOSSMgr.exe [2007-10-08 23:04]
R2 AppleTimeSrv;Servizio orario Apple;C:\WINDOWS\system32\AppleTimeSrv.exe [2007-10-08 23:05]
R2 KeyAgent;KeyAgent;C:\WINDOWS\system32\drivers\KeyAgent.sys [2007-10-08 21:56]
R2 MacHALDriver;Mac HAL;C:\WINDOWS\system32\drivers\MacHALDriver.sys [2007-10-08 21:56]
R3 aapltctp;Apple Trackpad Enabler;C:\WINDOWS\system32\DRIVERS\aapltctp.sys [2007-10-08 21:56]
R3 aapltp;Apple Trackpad;C:\WINDOWS\system32\DRIVERS\aapltp.sys [2007-10-08 21:56]
R3 applebt;Apple Built-in Bluetooth;C:\WINDOWS\system32\DRIVERS\applebt.sys [2007-10-08 21:56]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2007-10-08 21:56]
R3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2007-10-08 21:56]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 BthKicker;Apple Bluetooth Device Driver;C:\WINDOWS\system32\DRIVERS\BthKicker.sys [2007-10-08 21:56]
S3 ddsxeiservice;ddsxeiservice2;C:\Programmi\sXe Injected\ddsxei.sys [2008-06-26 08:55]
S3 iSightUpdate;iSight Update Driver;C:\WINDOWS\system32\DRIVERS\iSightUP.sys [2007-10-08 21:56]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Programmi\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027d1783-b0ce-11dc-9648-0017f2be917f}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c8e248d-c601-11dc-9656-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b0d288-cfea-11dc-9668-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f51558c-392a-11dd-978d-0017f2be917f}]
\Shell\AutoRun\command - e.cmd
\Shell\explore\Command - e.cmd
\Shell\open\Command - e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b7b9c37-9e6f-11dc-9634-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73944c5a-f2e4-11dc-96c9-0017f2be917f}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bb45fe-ea33-11dc-96ad-0017f2be917f}]
\Shell\AutoRun\command - E:\3wcxx91.cmd
\Shell\explore\Command - E:\3wcxx91.cmd
\Shell\open\Command - E:\3wcxx91.cmd

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-24 17:07:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 13:17:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-27 18:39:01 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-06-28 14:07:42 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-28 16:12:34
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-28 16:14:34
ComboFix-quarantined-files.txt 2008-06-28 14:14:02
ComboFix2.txt 2008-06-26 20:46:10

9 Directory 9,163,075,584 byte disponibili
12 Directory 9,196,621,824 byte disponibili

220 --- E O F --- 2008-06-20 14:38:34

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili



Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

prvi:

mycity.rs/must-login.png

drugi:

mycity.rs/must-login.png

treci:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Dr.Web CureIt (~9 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.