MyCity » Ambulanta -> Arhiva Ambulante » Smit Fraud problem

Smit Fraud problem

Napisano na dan: 13.1.2008
1

Smit Fraud problem
Sledeća strana Pagination

Idi na vrh

Poslao: 13 Jan 2008 21:21
Idi na vrh
offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Imam smit fraud od skora i skenirao sam komp Smithfraud programom, ali nista. Ako moze pomoc.
Evo loga:

Logfile of HijackThis v1.99.1
Scan saved at 21:18:24, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ILIJA\Desktop\Nova fascikla\tr3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsu7.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: XTN Monitor - {D7A1D78A-8423-4660-AE43-01F15E11AD7E} - C:\WINDOWS\dnqdlpmmwv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: The epxonwo - {BFAA078B-58E2-4E6C-BD54-BA2A5C6DA153} - C:\WINDOWS\epxonwo.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Messenger] C:\Program Files\Messenger\msmsgs.exe
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: asvdnmo - {4E3D5AC0-7CCC-4270-BE26-ED297AEC0382} - C:\WINDOWS\asvdnmo.dll
O21 - SSODL: bgntlvo - {684B9113-3015-4AFD-ADE8-A460B48F7878} - C:\WINDOWS\bgntlvo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibguard.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibserver.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Very Happy



Poslao: 13 Jan 2008 22:21
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 13 Jan 2008 23:01
Idi na vrh
offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Za sada nema vise onih upozorenja videcemo kasnije.
Evo loga:

ComboFix 08-01-14.1 - ILIJA 2008-01-13 22:49:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.260 [GMT 1:00]
Running from: C:\Documents and Settings\ILIJA\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\FANDJO\Application Data\addon.dat
C:\Documents and Settings\FANDJO\Favorites\Error Cleaner.url
C:\Documents and Settings\FANDJO\Favorites\Privacy Protector.url
C:\Documents and Settings\FANDJO\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\ILIJA\Favorites\Error Cleaner.url
C:\Documents and Settings\ILIJA\Favorites\Privacy Protector.url
C:\Documents and Settings\ILIJA\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Velkovic\Desktop\Error Cleaner.url
C:\Documents and Settings\Velkovic\Desktop\Privacy Protector.url
C:\Documents and Settings\Velkovic\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Velkovic\Favorites\Error Cleaner.url
C:\Documents and Settings\Velkovic\Favorites\Privacy Protector.url
C:\Documents and Settings\Velkovic\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\asvdnmo.dll
C:\WINDOWS\bgntlvo.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\dnqdlpmmwv.dll
C:\WINDOWS\epxonwo.dll
C:\WINDOWS\fqwmwdn.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\nsl24.dll
C:\WINDOWS\system32\nsu7.dll
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\tmpwin.exe
C:\WINDOWS\system32\system\win.dat
C:\WINDOWS\xpupdate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 22:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:46 . 2008-01-13 20:46 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Talkback
2008-01-13 20:44 . 2008-01-13 20:44 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\TuneUp Software
2008-01-13 20:29 . 2004-12-21 22:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\CyberLink
2008-01-13 20:29 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Ahead
2008-01-13 20:29 . 2004-12-21 22:54 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\AdobeUM
2008-01-13 20:29 . 2004-12-21 22:55 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\ACD Systems
2008-01-13 16:31 . 2008-01-13 16:31 <DIR> d-------- C:\Program Files\AdwareRemover2007
2008-01-12 17:31 . 2008-01-12 17:31 1,630 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-10 14:51 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-10 14:51 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-06 09:34 . 2008-01-06 09:34 594 --a------ C:\WINDOWS\eReg.dat
2007-12-30 19:40 . 2007-12-30 19:40 <DIR> d-------- C:\Documents and Settings\FANDJO\Application Data\bang
2007-12-27 20:30 . 2007-12-27 20:30 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-12-27 20:30 . 2007-12-27 20:30 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2007-12-23 11:09 . 2007-12-23 11:09 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-23 11:06 . 2007-12-23 11:07 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 18:08 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-11 22:08 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\LimeWire
2008-01-10 14:10 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BearShare
2008-01-09 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 11:13 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\uTorrent
2007-12-28 07:53 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BitTorrent
2007-12-25 21:13 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-23 13:09 --------- d-----w C:\Program Files\Opera
2007-12-23 13:09 --------- d-----w C:\Program Files\Netscape
2007-12-23 10:10 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-18 13:06 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\LimeWire
2007-12-13 09:21 --------- d-----w C:\Program Files\BearFlix
2007-12-12 19:23 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\UseNeXT
2007-12-12 19:19 --------- d-----w C:\Program Files\UseNeXT
2007-12-11 11:40 --------- d-----w C:\Program Files\BitTorrent
2007-12-11 09:05 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-11 08:59 --------- d-----w C:\Program Files\uTorrent
2007-12-10 21:29 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Uniblue
2007-12-10 19:18 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Netscape
2007-12-09 20:53 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:04 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Azureus
2007-12-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-07 23:25 --------- d-----w C:\Program Files\LimeWire
2007-12-07 12:14 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-07 11:02 --------- d-----w C:\Program Files\Webteh
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer Pro
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer
2007-12-06 13:55 --------- d-----w C:\Program Files\CCleaner
2007-12-06 13:03 --------- d-----w C:\Program Files\URUSoft
2007-12-04 22:05 --------- d-----w C:\Program Files\Windows Defender
2007-12-04 22:05 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-04 22:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-04 17:56 --------- d-----w C:\Program Files\Real
2007-12-04 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-12-01 19:56 --------- d-----w C:\Program Files\SuperMarioPac
2007-12-01 19:52 --------- d-----w C:\Program Files\Super Mario Epic
2007-11-30 22:05 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DMCache
2007-11-30 21:52 --------- d-----w C:\Program Files\Motherplanet
2007-11-30 11:29 --------- d-----w C:\Program Files\JLC's Software
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\Real
2007-11-30 11:03 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\JLC's Software
2007-11-28 20:11 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\ESET
2007-11-28 11:50 --------- d-----w C:\Program Files\MT882
2007-11-28 10:50 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}
2007-11-28 09:33 --------- d-----w C:\Program Files\BearShare Applications
2007-11-28 09:24 --------- d-----w C:\Program Files\DivX
2007-11-27 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 21:22 --------- d-----w C:\Program Files\Lavasoft
2007-11-27 21:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-27 21:19 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\ESET
2007-11-27 21:11 --------- d-----w C:\Program Files\BitLord
2007-11-27 20:54 --------- d-----w C:\Program Files\OneStepSearch
2007-11-27 20:53 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)
2007-11-27 20:53 --------- d-----w C:\Program Files\Labtec
2007-11-27 20:53 --------- d-----w C:\Program Files\Futuremark
2007-11-27 20:53 --------- d-----w C:\Program Files\FreshDevices
2007-11-27 20:53 --------- d-----w C:\Program Files\Alwil Software
2007-11-27 20:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy(2)
2007-11-27 20:52 --------- d-----w C:\Program Files\Save(2)
2007-11-27 09:47 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DivX
2007-11-21 15:10 --------- d-----w C:\Program Files\Google
2007-11-15 22:31 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Thunderbird
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 17:42 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-30 12:22 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

C:\Documents and Settings\Velkovic\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 15:26:25]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= [Link mogu videti samo ulogovani korisnici]\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-28 11:43 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"DataLayer"=C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
"SoundMan"=SOUNDMAN.EXE
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\moffice.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"MDNS"=C:\WINDOWS\system32\service.exe
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" /pause
"NI.UGDC_0001_N122M1912"="C:\Documents and Settings\FANDJO\Desktop\installer_en.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:07]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe []
S3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-13 21:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-11 01:12:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-14 22:54:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2649]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2008-01-14 22:58:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 21:58:22

Poslao: 14 Jan 2008 00:24
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo izgleda puno bolje.
Samo ćemo malo da počistimo...


Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Program Files\AdwareRemover2007
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}
C:\Program Files\OneStepSearch
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)
C:\Program Files\Save(2)

Registry::
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MDNS"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 14 Jan 2008 00:34
Idi na vrh
offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Srecna ti srpska nova godina i sve najbolje.
Evo loga:

ComboFix 08-01-14.1 - ILIJA 2008-01-15 0:28:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.170 [GMT 1:00]
Running from: C:\Documents and Settings\ILIJA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ILIJA\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\instance.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\mia.lib
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\SkinStudio.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\SkinStudio.par
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\SkinStudio.res
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\instance.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\mia.lib
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.exe
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.msi
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.par
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.res
C:\Program Files\AdwareRemover2007
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.lic
C:\Program Files\AdwareRemover2007\AdwareRemover20070.ar
C:\Program Files\AdwareRemover2007\AdwareRemover20070.dll
C:\Program Files\AdwareRemover2007\AdwareRemover20071.ar
C:\Program Files\AdwareRemover2007\AdwareRemover20071.dll
C:\Program Files\AdwareRemover2007\AdwareRemover20073.dll
C:\Program Files\AdwareRemover2007\Uninstall.exe
C:\Program Files\OneStepSearch
C:\Program Files\OneStepSearch\onestep(2).dll
C:\Program Files\OneStepSearch\readme.html
C:\Program Files\Save(2)
C:\Program Files\Save(2)\save.db

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 23:57 . 2008-01-14 23:57 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Thunderbird
2008-01-13 22:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:46 . 2008-01-13 20:46 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Talkback
2008-01-13 20:44 . 2008-01-13 20:44 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\TuneUp Software
2008-01-13 20:29 . 2004-12-21 22:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\CyberLink
2008-01-13 20:29 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Ahead
2008-01-13 20:29 . 2004-12-21 22:54 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\AdobeUM
2008-01-13 20:29 . 2004-12-21 22:55 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\ACD Systems
2008-01-12 17:31 . 2008-01-12 17:31 1,630 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-10 14:51 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-10 14:51 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-06 09:34 . 2008-01-06 09:34 594 --a------ C:\WINDOWS\eReg.dat
2007-12-30 19:40 . 2007-12-30 19:40 <DIR> d-------- C:\Documents and Settings\FANDJO\Application Data\bang
2007-12-27 20:30 . 2007-12-27 20:30 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-12-27 20:30 . 2007-12-27 20:30 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2007-12-23 11:09 . 2007-12-23 11:09 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-23 11:06 . 2007-12-23 11:07 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 22:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-11 22:08 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\LimeWire
2008-01-10 14:10 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BearShare
2008-01-09 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 11:13 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\uTorrent
2007-12-28 07:53 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BitTorrent
2007-12-25 21:13 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-23 13:09 --------- d-----w C:\Program Files\Opera
2007-12-23 13:09 --------- d-----w C:\Program Files\Netscape
2007-12-23 10:10 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-18 16:29 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-18 13:06 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\LimeWire
2007-12-13 09:21 --------- d-----w C:\Program Files\BearFlix
2007-12-12 19:23 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\UseNeXT
2007-12-12 19:19 --------- d-----w C:\Program Files\UseNeXT
2007-12-11 11:40 --------- d-----w C:\Program Files\BitTorrent
2007-12-11 09:05 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-11 08:59 --------- d-----w C:\Program Files\uTorrent
2007-12-10 21:29 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Uniblue
2007-12-10 19:18 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Netscape
2007-12-09 20:53 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:04 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Azureus
2007-12-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-07 23:25 --------- d-----w C:\Program Files\LimeWire
2007-12-07 12:14 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-07 11:02 --------- d-----w C:\Program Files\Webteh
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer Pro
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer
2007-12-06 13:55 --------- d-----w C:\Program Files\CCleaner
2007-12-06 13:03 --------- d-----w C:\Program Files\URUSoft
2007-12-04 22:05 --------- d-----w C:\Program Files\Windows Defender
2007-12-04 22:05 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-04 22:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-04 17:56 --------- d-----w C:\Program Files\Real
2007-12-04 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-12-01 19:56 --------- d-----w C:\Program Files\SuperMarioPac
2007-12-01 19:52 172,032 ----a-w C:\WINDOWS\system32\cncs32.dll
2007-12-01 19:52 --------- d-----w C:\Program Files\Super Mario Epic
2007-11-30 22:05 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DMCache
2007-11-30 21:52 --------- d-----w C:\Program Files\Motherplanet
2007-11-30 11:29 --------- d-----w C:\Program Files\JLC's Software
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\Real
2007-11-30 11:22 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-30 11:03 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\JLC's Software
2007-11-28 20:11 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\ESET
2007-11-28 11:50 --------- d-----w C:\Program Files\MT882
2007-11-28 09:33 --------- d-----w C:\Program Files\BearShare Applications
2007-11-28 09:24 --------- d-----w C:\Program Files\DivX
2007-11-27 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 21:22 --------- d-----w C:\Program Files\Lavasoft
2007-11-27 21:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-27 21:19 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\ESET
2007-11-27 21:11 --------- d-----w C:\Program Files\BitLord
2007-11-27 20:53 --------- d-----w C:\Program Files\Labtec
2007-11-27 20:53 --------- d-----w C:\Program Files\Futuremark
2007-11-27 20:53 --------- d-----w C:\Program Files\FreshDevices
2007-11-27 20:53 --------- d-----w C:\Program Files\Alwil Software
2007-11-27 20:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy(2)
2007-11-27 09:47 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DivX
2007-11-21 15:10 --------- d-----w C:\Program Files\Google
2007-11-19 14:41 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-15 22:31 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Thunderbird
2007-11-01 16:23 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 21:48:53 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 23:27:44 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 21:48:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 23:27:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 21:48:53 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 23:27:44 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 21:48:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 23:27:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 21:48:53 2,494,464 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 23:27:44 2,523,136 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 21:48:53 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 23:27:44 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 23:27:45 4,411,392 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\ntuser.dat
+ 2008-01-14 23:27:45 7,356,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 17:42 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-30 12:22 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

C:\Documents and Settings\Velkovic\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 15:26:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-28 11:43 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"DataLayer"=C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
"SoundMan"=SOUNDMAN.EXE
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\moffice.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" /pause
"NI.UGDC_0001_N122M1912"="C:\Documents and Settings\FANDJO\Desktop\installer_en.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:07]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe []
S3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-14 23:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-11 01:12:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-15 00:30:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 0:31:26
ComboFix-quarantined-files.txt 2008-01-14 23:31:11
ComboFix2.txt 2008-01-14 21:58:25

Poslao: 14 Jan 2008 01:04
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uhh... Napravio sam grešku.
Obrisan je folder koji pripada programu SkinStudio.
Možeš li reinstalirati program ili da koristimo System Restore?

Poslao: 14 Jan 2008 01:07
Idi na vrh
offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Ma reinstaliracu cu ga.

Poslao: 14 Jan 2008 01:16
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poslao: 14 Jan 2008 01:25
Idi na vrh
offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

To je to. Hvala ti puno i opusteno za onaj folder. Jos jednom srecna nova.

Poslao: 14 Jan 2008 02:02
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hvala... Sve najbolje... Smile

MyCity » Ambulanta -> Arhiva Ambulante » Smit Fraud problem

Ko je trenutno na forumu
 

Ukupno su 1284 korisnika na forumu :: 90 registrovanih, 5 sakrivenih i 1189 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Agape, Albin0, Apis Dr, bigfoot, bojan1234, Boris90, BOXRR, ccoogg123, ceman, CHARLIE JA., cifra, darkojovxp, Dekanovic, deLacy, Dimitrise93, Dioniss, Djokislav, djuradj, doragan, draganca, dulleo, FOX, Georgius, GUARIN, HrcAk47, Igritelj, ikan, kaisarevic1, Kalem, Kenanjoz, king111, KizJ, kNikS, Komanca, kreker, Kubovac, kulus, laganini123, Levi, Lošmi, Lucije Kvint, Macalone, Makarid, Malahit, MareMarkic, Marko Marković, marsi, mercedesamg, milenko crazy north, milikonst, Moldovan, Mrav Obrad, NeutrinoSRB, Niki2024, oldusername, operniki, ozzy, pein, peradetlić, ping15, PlayerOne, Povratak1912, Prečanin30, raster12, ruma, sabros, sasa87, sasovsky, Sevatar, stegonosa, stokssone, suton, synergia, Timočka Divizija, TRZH92, Vanderx, VBoss, veljko82, Vilhelmus, Vlada78, vladaa012, voja64, vrlenija, VX1, W123, wize, zillbg, zombicar153, 79693