Spor komp moguce zarazen!

1

Spor komp moguce zarazen!

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Ljudi pomazite da mu produvamo malo dizne
Unapred zahvalan!
Evo HJ log-a:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:07 PM, on 4/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608-)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AdobeR.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\CMMON32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\User\Desktop\asdsa\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\HAWAII_filmovi\300\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....6871368953
O17 - HKLM\System\CCS\Services\Tcpip\..\{20E26A3B-1FA0-475A-95FE-C8B509E1DE20}: NameServer = 10.151.167.2 10.151.167.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{20E26A3B-1FA0-475A-95FE-C8B509E1DE20}: NameServer = 10.151.167.2 10.151.167.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8422 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Zdravo,

Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface).
* Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


---------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Ugasio sam ga imam jos raspalu sedmicu skinucu kasnije....nego da nastavimo

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Pa hajde, skeniraj sa ComboFixom, ali prvo ugasi taj AVG.

Ja mislio da ces postaviti log, nisam mislio da treba da ti odgovorim.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

ComboFix 09-04-04.01 - User 2009-04-11 12:59:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.125 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning enabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MILAN\ravmonlog
c:\documents and settings\test\ravmonlog
c:\documents and settings\User\ravmonlog
c:\windows\adober.exe
c:\windows\c.exe
c:\windows\system32\f.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 12:34 . 2009-04-11 12:34 <DIR> d-------- c:\windows\LastGood
2009-04-11 03:04 . 2009-04-11 03:04 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-10 23:34 . 2008-06-13 15:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-04-10 23:34 . 2008-06-13 15:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-04-10 19:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-04-10 19:14 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-04-10 19:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-04-10 18:59 . 2009-04-10 23:12 <DIR> d-------- c:\documents and settings\User\Tracing
2009-04-10 18:58 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2009-04-10 18:57 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-10 18:56 . 2009-04-10 18:56 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-04-10 18:54 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft
2009-04-10 18:53 . 2009-04-10 18:53 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-04-10 18:13 . 2009-04-10 18:13 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-04-07 21:14 . 2009-04-07 21:14 8,628 --ah----- c:\windows\system32\CMMGR32.GID
2009-04-07 15:45 . 2009-04-11 00:04 <DIR> d-------- c:\documents and settings\User\Application Data\skypePM
2009-04-07 15:45 . 2009-04-07 15:45 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-07 15:33 . 2009-04-11 01:02 <DIR> d-------- c:\documents and settings\User\Application Data\Skype
2009-04-07 15:32 . 2009-04-07 15:32 <DIR> dr------- c:\program files\Skype
2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-04 21:44 . 2009-04-07 16:00 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-04 21:44 . 2009-04-04 21:44 1,409 --a------ c:\windows\QTFont.for
2009-04-04 18:38 . 2009-04-04 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies
2009-04-04 18:37 . 2009-04-04 18:45 <DIR> d-------- c:\documents and settings\User\Application Data\muvee Technologies
2009-04-04 18:37 . 2009-04-04 22:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 18:34 . 2009-04-04 18:34 <DIR> d-------- c:\program files\MSBuild
2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\windows\system32\XPSViewer
2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\program files\Reference Assemblies
2009-04-04 18:28 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-04-04 17:56 . 2009-04-04 17:58 <DIR> d-------- c:\documents and settings\User\Application Data\vlc
2009-04-04 17:54 . 2009-04-04 17:54 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall
2009-04-04 15:37 . 2009-04-04 15:37 <DIR> d-------- c:\documents and settings\MILAN\Application Data\vlc
2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\program files\VideoLAN
2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Thinstall
2009-03-31 18:02 . 2009-03-31 18:02 <DIR> d-------- c:\windows\Sun
2009-03-29 19:59 . 2009-03-29 19:59 9,979 --a------ c:\windows\system\16b30ce279.dll
2009-03-29 19:41 . 2009-03-29 19:41 <DIR> d-------- c:\documents and settings\MILAN\Application Data\CyberLink
2009-03-29 19:40 . 2009-03-29 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-03-29 19:39 . 2009-03-29 19:59 <DIR> d-------- c:\program files\CyberLink
2009-03-21 11:26 . 2009-03-21 11:26 <DIR> d-------- c:\documents and settings\test\Application Data\AVG7
2009-03-21 11:26 . 2009-04-11 13:00 <DIR> d-------- c:\documents and settings\test
2009-03-12 15:17 . 2009-03-12 15:17 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Mount&Blade
2009-03-12 15:16 . 2008-05-30 15:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-03-12 15:16 . 2008-05-30 15:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-03-12 15:16 . 2008-05-30 15:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-03-12 15:16 . 2008-05-30 15:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-03-12 15:16 . 2008-05-30 15:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-03-12 15:16 . 2008-05-30 15:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-03-12 15:16 . 2008-05-30 15:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-03-12 15:15 . 2009-03-12 15:15 <DIR> d-------- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 16:57 --------- d-----w c:\program files\Windows Live
2009-03-29 18:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2009-03-05 18:19 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-02-19 09:26 --------- d-----w c:\documents and settings\MILAN\Application Data\Black Sea Studios
2009-02-06 17:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-01 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-06-29 01:09 32768 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2009-04-01 20:06 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2009-03-27 09:55 24103720 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 19:38 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13399:TCP"= 13399:TCP:NortonAV
"17358:TCP"= 17358:TCP:NortonAV
"13702:TCP"= 13702:TCP:NortonAV
"13752:TCP"= 13752:TCP:NortonAV
"12953:TCP"= 12953:TCP:NortonAV
"14879:TCP"= 14879:TCP:NortonAV
"13088:TCP"= 13088:TCP:NortonAV
"18099:TCP"= 18099:TCP:NortonAV
"16400:TCP"= 16400:TCP:NortonAV
"13293:TCP"= 13293:TCP:NortonAV
"14796:TCP"= 14796:TCP:NortonAV
"13700:TCP"= 13700:TCP:NortonAV
"14151:TCP"= 14151:TCP:NortonAV
"14398:TCP"= 14398:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"18555:TCP"= 18555:TCP:NortonAV
"15790:TCP"= 15790:TCP:NortonAV
"14863:TCP"= 14863:TCP:NortonAV
"13837:TCP"= 13837:TCP:NortonAV
"12164:TCP"= 12164:TCP:NortonAV
"16915:TCP"= 16915:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"14146:TCP"= 14146:TCP:NortonAV
"15239:TCP"= 15239:TCP:NortonAV
"14507:TCP"= 14507:TCP:NortonAV
"17958:TCP"= 17958:TCP:NortonAV
"15410:TCP"= 15410:TCP:NortonAV
"12715:TCP"= 12715:TCP:NortonAV
"12913:TCP"= 12913:TCP:NortonAV
"13460:TCP"= 13460:TCP:NortonAV
"15679:TCP"= 15679:TCP:NortonAV
"16668:TCP"= 16668:TCP:NortonAV
"12197:TCP"= 12197:TCP:NortonAV
"16357:TCP"= 16357:TCP:NortonAV
"16603:TCP"= 16603:TCP:NortonAV
"13124:TCP"= 13124:TCP:NortonAV
"15014:TCP"= 15014:TCP:NortonAV
"16079:TCP"= 16079:TCP:NortonAV
"18754:TCP"= 18754:TCP:NortonAV
"14484:TCP"= 14484:TCP:NortonAV
"15738:TCP"= 15738:TCP:NortonAV
"15402:TCP"= 15402:TCP:NortonAV
"17652:TCP"= 17652:TCP:NortonAV
"13343:TCP"= 13343:TCP:NortonAV
"16696:TCP"= 16696:TCP:NortonAV
"18055:TCP"= 18055:TCP:NortonAV

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-04-10 55152]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89883d14-fe47-11dc-b119-806d6172696f}]
\Shell\AutoRun\command - f:\bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfc69982-fe57-11dc-a642-0013d465916d}]
\Shell\AutoRun\command - I:\AUTORUN.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Anti-Blaxx Manager - d:\hawaii_filmovi\300\Anti-Blaxx\Anti-Blaxx.exe
MSConfigStartUp-RavAV - c:\windows\AdobeR.exe
MSConfigStartUp-Weather - c:\progra~1\AWS\WEATHE~1\Weather.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {20E26A3B-1FA0-475A-95FE-C8B509E1DE20} = 10.151.167.2 10.151.167.2
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ah5jxs5w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrWB.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-11 13:02:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-11 13:04:21
ComboFix-quarantined-files.txt 2009-04-11 11:04:04

Pre-Run: 9,225,531,392 bytes free
Post-Run: 13,644,845,056 bytes free

242 --- E O F --- 2009-04-11 01:08:10

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Skini sledeci program, pokreni ga, i postavi mi log kad zavrsi.

http://amf.mycity.rs/personal/dr_Bora/Win32.Rjump_Port_Exception_Cleaner.exe


-------------------


Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89883d14-fe47-11dc-b119-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfc69982-fe57-11dc-a642-0013d465916d}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Evo Combo Fix log-a:


ComboFix 09-04-04.01 - User 2009-04-11 13:42:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.163 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 13:37 . 2009-04-11 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-04-11 03:04 . 2009-04-11 03:04 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-10 23:34 . 2008-06-13 15:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-04-10 23:34 . 2008-06-13 15:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-04-10 19:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-04-10 19:14 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-04-10 19:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-04-10 18:59 . 2009-04-10 23:12 <DIR> d-------- c:\documents and settings\User\Tracing
2009-04-10 18:58 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2009-04-10 18:57 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-10 18:56 . 2009-04-10 18:56 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-04-10 18:54 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft
2009-04-10 18:53 . 2009-04-10 18:53 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-04-10 18:13 . 2009-04-10 18:13 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-04-07 21:14 . 2009-04-07 21:14 8,628 --ah----- c:\windows\system32\CMMGR32.GID
2009-04-07 15:45 . 2009-04-11 00:04 <DIR> d-------- c:\documents and settings\User\Application Data\skypePM
2009-04-07 15:45 . 2009-04-07 15:45 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-07 15:33 . 2009-04-11 01:02 <DIR> d-------- c:\documents and settings\User\Application Data\Skype
2009-04-07 15:32 . 2009-04-07 15:32 <DIR> dr------- c:\program files\Skype
2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-04 21:44 . 2009-04-07 16:00 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-04 21:44 . 2009-04-04 21:44 1,409 --a------ c:\windows\QTFont.for
2009-04-04 18:38 . 2009-04-04 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies
2009-04-04 18:37 . 2009-04-04 18:45 <DIR> d-------- c:\documents and settings\User\Application Data\muvee Technologies
2009-04-04 18:37 . 2009-04-04 22:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 18:34 . 2009-04-04 18:34 <DIR> d-------- c:\program files\MSBuild
2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\windows\system32\XPSViewer
2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\program files\Reference Assemblies
2009-04-04 18:28 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-04-04 17:56 . 2009-04-04 17:58 <DIR> d-------- c:\documents and settings\User\Application Data\vlc
2009-04-04 17:54 . 2009-04-04 17:54 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall
2009-04-04 15:37 . 2009-04-04 15:37 <DIR> d-------- c:\documents and settings\MILAN\Application Data\vlc
2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\program files\VideoLAN
2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Thinstall
2009-03-31 18:02 . 2009-03-31 18:02 <DIR> d-------- c:\windows\Sun
2009-03-29 19:59 . 2009-03-29 19:59 9,979 --a------ c:\windows\system\16b30ce279.dll
2009-03-29 19:41 . 2009-03-29 19:41 <DIR> d-------- c:\documents and settings\MILAN\Application Data\CyberLink
2009-03-29 19:40 . 2009-03-29 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-03-29 19:39 . 2009-03-29 19:59 <DIR> d-------- c:\program files\CyberLink
2009-03-21 11:26 . 2009-04-11 13:37 <DIR> d-------- c:\documents and settings\test
2009-03-12 15:17 . 2009-03-12 15:17 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Mount&Blade
2009-03-12 15:16 . 2008-05-30 15:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-03-12 15:16 . 2008-05-30 15:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-03-12 15:16 . 2008-05-30 15:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-03-12 15:16 . 2008-05-30 15:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-03-12 15:16 . 2008-05-30 15:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-03-12 15:16 . 2008-05-30 15:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-03-12 15:16 . 2008-05-30 15:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-03-12 15:15 . 2009-03-12 15:15 <DIR> d-------- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 16:57 --------- d-----w c:\program files\Windows Live
2009-03-29 18:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2009-03-05 18:19 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-02-19 09:26 --------- d-----w c:\documents and settings\MILAN\Application Data\Black Sea Studios
2009-02-06 17:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-06-29 01:09 32768 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2009-03-27 09:55 24103720 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 19:38 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13399:TCP"= 13399:TCP:NortonAV
"17358:TCP"= 17358:TCP:NortonAV
"13702:TCP"= 13702:TCP:NortonAV
"13752:TCP"= 13752:TCP:NortonAV
"12953:TCP"= 12953:TCP:NortonAV
"14879:TCP"= 14879:TCP:NortonAV
"13088:TCP"= 13088:TCP:NortonAV
"18099:TCP"= 18099:TCP:NortonAV
"16400:TCP"= 16400:TCP:NortonAV
"13293:TCP"= 13293:TCP:NortonAV
"14796:TCP"= 14796:TCP:NortonAV
"13700:TCP"= 13700:TCP:NortonAV
"14151:TCP"= 14151:TCP:NortonAV
"14398:TCP"= 14398:TCP:NortonAV
"14772:TCP"= 14772:TCP:NortonAV
"18555:TCP"= 18555:TCP:NortonAV
"15790:TCP"= 15790:TCP:NortonAV
"14863:TCP"= 14863:TCP:NortonAV
"13837:TCP"= 13837:TCP:NortonAV
"12164:TCP"= 12164:TCP:NortonAV
"16915:TCP"= 16915:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"14146:TCP"= 14146:TCP:NortonAV
"15239:TCP"= 15239:TCP:NortonAV
"14507:TCP"= 14507:TCP:NortonAV
"17958:TCP"= 17958:TCP:NortonAV
"15410:TCP"= 15410:TCP:NortonAV
"12715:TCP"= 12715:TCP:NortonAV
"12913:TCP"= 12913:TCP:NortonAV
"13460:TCP"= 13460:TCP:NortonAV
"15679:TCP"= 15679:TCP:NortonAV
"16668:TCP"= 16668:TCP:NortonAV
"12197:TCP"= 12197:TCP:NortonAV
"16357:TCP"= 16357:TCP:NortonAV
"16603:TCP"= 16603:TCP:NortonAV
"13124:TCP"= 13124:TCP:NortonAV
"15014:TCP"= 15014:TCP:NortonAV
"16079:TCP"= 16079:TCP:NortonAV
"18754:TCP"= 18754:TCP:NortonAV
"14484:TCP"= 14484:TCP:NortonAV
"15738:TCP"= 15738:TCP:NortonAV
"15402:TCP"= 15402:TCP:NortonAV
"17652:TCP"= 17652:TCP:NortonAV
"13343:TCP"= 13343:TCP:NortonAV
"16696:TCP"= 16696:TCP:NortonAV
"18055:TCP"= 18055:TCP:NortonAV

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-04-10 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {20E26A3B-1FA0-475A-95FE-C8B509E1DE20} = 10.151.167.2 10.151.167.2
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ah5jxs5w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrWB.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-11 13:45:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-11 13:46:46
ComboFix-quarantined-files.txt 2009-04-11 11:46:28
ComboFix2.txt 2009-04-11 11:26:48
ComboFix3.txt 2009-04-11 11:04:22

Pre-Run: 13,673,635,840 bytes free
Post-Run: 13,661,401,088 bytes free

221 --- E O F --- 2009-04-11 01:08:10

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Jesi pokretao onaj program koji sam ti dao?

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Onaj drugi program samo pise Done! Ports closed:0....nema loga

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Moracemo onda ovako.

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13399:TCP"=-
"17358:TCP"=-
"13702:TCP"=-
"13752:TCP"=-
"12953:TCP"=-
"14879:TCP"=-
"13088:TCP"=-
"18099:TCP"=-
"16400:TCP"=-
"13293:TCP"=-
"14796:TCP"=-
"13700:TCP"=-
"14151:TCP"=-
"14398:TCP"=-
"14772:TCP"=-
"18555:TCP"=-
"15790:TCP"=-
"14863:TCP"=-
"13837:TCP"=-
"12164:TCP"=-
"16915:TCP"=-
"18960:TCP"=-
"14146:TCP"=-
"15239:TCP"=-
"14507:TCP"=-
"17958:TCP"=-
"15410:TCP"=-
"12715:TCP"=-
"12913:TCP"=-
"13460:TCP"=-
"15679:TCP"=-
"16668:TCP"=-
"12197:TCP"=-
"16357:TCP"=-
"16603:TCP"=-
"13124:TCP"=-
"15014:TCP"=-
"16079:TCP"=-
"18754:TCP"=-
"14484:TCP"=-
"15738:TCP"=-
"15402:TCP"=-
"17652:TCP"=-
"13343:TCP"=-
"16696:TCP"=-
"18055:TCP"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 980 korisnika na forumu :: 57 registrovanih, 5 sakrivenih i 918 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, alkatraz080, aramis s, babaroga, Cranium, Ctrl x, darcaud, Denaya, dozorni, dragon986, Drug pukovnik, Filip Marinković, Gama, Georgius, goxin, havoc995, Insan, jaeger, Jovan Nenad, kaisarevic1, kalens021, Kibice, Kiki2004, komkom, kripo, krlebgd77, kybonacci, LUDI, manda87, mačković, Mercury, Milan A. Nikolic, milos.cbr, mnn2, mrvica78, Nekicoveculjak, nenad81, repac, RJ, Roman, ruan, S-lash, sakota79, Simon simonović, Sirius, SlaKoj, Smiljke, Snorks, Srki94, Srle993, stegonosa, Vl veliki, Vlada1389, vobo, voja64, zuxbg