Trojanci :S

1

Trojanci :S

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Danas mi je pc izbacio ovu sliku (tj slika no1) , juce je nod pronaso neki trojan download-er sprint.dll , danas je pronasao v2messen.exe ...Probao sam cistiti ceo komp , ali izgleda da je ipak nesto ostalo... (posto sad posle ciscenja , opet mi izbacio prvu sliku...) evo log file sa hijackthis

Unapred hvala Smile

Logfile of HijackThis v1.99.1
Scan saved at 8:23:29 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Janki\Desktop\hhh.exe

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FED74750-F77B-4734-8094-EB6A31216EAD}: NameServer = 10.10.2.69,10.10.2.79,208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe






offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo


* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


------------------------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

sad sam pronasao na netu da : C:\WINDOWS\system32\wuauclt.exe moze biti virus (posto imam iskljucen auto update za win...)

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Janki90 ::sad sam pronasao na netu da : C:\WINDOWS\system32\wuauclt.exe moze biti virus (posto imam iskljucen auto update za win...)

Za ovo ne brini.

Uradi ono gore.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

evo log:

ComboFix 08-09-25.07 - Janki 2008-09-26 20:38:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1538 [GMT 2:00]
Running from: C:\Documents and Settings\Janki\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx

.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-26 15:11 . 2008-09-26 15:15 <DIR> d-------- C:\Program Files\a-squared Free
2008-09-26 15:10 . 2008-09-26 16:10 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-26 13:11 . 2008-09-26 20:18 110,592 --a------ C:\WINDOWS\system32\sprint.dll
2008-09-18 20:16 . 2008-09-18 20:16 <DIR> d-------- C:\Program Files\Safer Networking
2008-09-18 20:11 . 2008-09-18 20:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-18 20:11 . 2008-09-26 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 12:31 . 2008-09-18 12:33 <DIR> d-------- C:\Program Files\Magic Swf2Avi 2008
2008-09-18 00:51 . 2008-09-18 00:54 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\SWF.max
2008-09-17 19:34 . 2008-09-17 19:34 <DIR> d-------- C:\Program Files\SWF.max
2008-09-17 19:27 . 2008-09-17 19:29 <DIR> d-------- C:\Program Files\FlashGet
2008-09-16 22:53 . 2008-09-26 20:30 250 --a------ C:\WINDOWS\gmer.ini
2008-09-08 16:38 . 2008-09-08 16:38 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-08 16:37 . 2008-09-08 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-09-08 16:37 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-08 16:36 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-09-08 16:35 . 2008-09-08 16:36 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-09-08 16:35 . 2008-09-08 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-08 15:30 . 2008-09-08 15:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Program Files\Binaryfish
2008-09-03 17:22 . 2008-09-03 17:22 <DIR> d-------- C:\Program Files\Muff
2008-08-30 13:04 . 2008-08-30 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 18:20 --------- d-----w C:\Documents and Settings\Janki\Application Data\uTorrent
2008-09-26 13:11 --------- d-----w C:\Documents and Settings\Janki\Application Data\Orbit
2008-09-25 17:27 --------- d-----w C:\Program Files\ICQ6
2008-09-23 11:02 --------- d-----w C:\Documents and Settings\Janki\Application Data\OpenOffice.org2
2008-09-19 15:00 --------- d-----w C:\Program Files\SpeedFan
2008-09-12 12:07 --------- d-----w C:\Program Files\TQ Defiler
2008-09-08 14:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-08 14:36 --------- d-----w C:\Program Files\Common Files\Logitech
2008-09-08 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 13:57 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-03 22:56 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-30 11:02 --------- d-----w C:\Program Files\ATI Technologies
2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\skypePM
2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\Skype
2008-08-24 18:33 --------- d-----w C:\Documents and Settings\Janki\Application Data\MyPhoneExplorer
2008-08-23 13:56 --------- d-----w C:\Program Files\Lavalys
2008-08-19 22:09 --------- d-----w C:\Documents and Settings\Janki\Application Data\Winamp
2008-08-13 17:50 --------- d-----w C:\Program Files\Western Digital
2008-08-08 04:23 --------- d-----w C:\Program Files\Recuva
2008-08-03 02:24 --------- d-----w C:\Program Files\Skype
2008-08-03 02:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-03 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-02 14:52 --------- d-----w C:\Program Files\Opera
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-14 07:07 714 ----a-w C:\ma477.bin
2008-07-09 21:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-07-09 21:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-06-30 18:08 692,058 ----a-w C:\WINDOWS\system32\unins000.exe
2008-03-09 05:25 236 ----a-w C:\Program Files\Common Files\dx.reg
.

------- Sigcheck -------

2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\TCPIP.SYS

2004-08-04 02:56 57856 dbc194be82732d43f9712dc7beb41611 C:\WINDOWS\system32\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-09-03 267056]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 C:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-05-25 06:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-07-31 14:46 2131600 C:\Program Files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-22 19:53 2209224 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-07-16 16:57 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2006-04-13 8192]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-10 1386008]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 3712]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\Janki\LOCALS~1\Temp\GPU-Z.sys [ ]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-08 354560]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5ecb81-5739-11dd-b5bc-00055dd3fac7}]
\Shell\AutoRun\command - I:\Programs\totalcmd\TCPowerPack.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AtiTrayTools - C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
MSConfigStartUp-Google Update - C:\Documents and Settings\Janki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Sony Ericsson PC Suite - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Janki\Application Data\Mozilla\Firefox\Profiles\f0srcxv9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 20:39:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
Completion time: 2008-09-26 20:39:39
ComboFix-quarantined-files.txt 2008-09-26 18:39:36

Pre-Run: 8,794,304,512 bytes free
Post-Run: 8,906,625,024 bytes free

209

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Uploaduj mi sledeci fajl:

C:\WINDOWS\system32\sprint.dll

preko sledeceg linka:


http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Uploaduvao sam taj file (zipovao sam ga).Koliko se secam (i koliko pise u nod32 log-u) taj file je bio izbrisan iz mog racunara o.O (nod ga je detektovao kao virus)...

Dopuna: 27 Sep 2008 13:33

Koliko sam primetio , ove fajlove (na slici) se uvek ponavljaju (tj uvek ih obrisem a posle restarta , opet se pojave :Smajli

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zasto ih sve brises?


Iskljuci AV, pa onda:



Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.



Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\sprint.dll

DirLook::
C:\Program Files\Muff


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Jedino ativvax ne brisem...za ove dots.exe , sprint.dll i fntcache na netu pise da su virusi/spyware....uradio sam sve kako si rekao (btw ona prva slika koju sam uploadovao se uvek pojavljuje (na svakih ~60 min) Sad )..
evo log

ComboFix 08-09-26.06 - Janki 2008-09-27 16:28:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1611 [GMT 2:00]
Running from: C:\Documents and Settings\Janki\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Janki\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\sprint.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sprint.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-27 12:58 . 2008-09-27 16:25 0 --a------ C:\WINDOWS\system32\ativvaxx.cap
2008-09-27 12:47 . 2008-09-27 12:47 151,552 --a------ C:\WINDOWS\system32\dots.exe
2008-09-26 23:04 . 2008-09-26 23:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-26 21:30 . 2008-09-26 21:30 <DIR> d---s---- C:\WINDOWS\Cookies
2008-09-26 20:53 . 2008-09-26 21:31 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\BSplayer PRO
2008-09-26 15:11 . 2008-09-26 15:15 <DIR> d-------- C:\Program Files\a-squared Free
2008-09-26 15:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-18 20:16 . 2008-09-18 20:16 <DIR> d-------- C:\Program Files\Safer Networking
2008-09-18 20:11 . 2008-09-18 20:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-18 20:11 . 2008-09-27 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 12:31 . 2008-09-18 12:33 <DIR> d-------- C:\Program Files\Magic Swf2Avi 2008
2008-09-18 00:51 . 2008-09-27 03:51 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\SWF.max
2008-09-17 19:34 . 2008-09-17 19:34 <DIR> d-------- C:\Program Files\SWF.max
2008-09-17 19:27 . 2008-09-17 19:29 <DIR> d-------- C:\Program Files\FlashGet
2008-09-16 22:53 . 2008-09-26 20:30 250 --a------ C:\WINDOWS\gmer.ini
2008-09-08 16:38 . 2008-09-08 16:38 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-08 16:37 . 2008-09-08 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-09-08 16:37 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-08 16:36 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-09-08 16:35 . 2008-09-08 16:36 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-09-08 16:35 . 2008-09-08 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-08 15:30 . 2008-09-08 15:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Program Files\Binaryfish
2008-09-03 17:22 . 2008-09-03 17:22 <DIR> d-------- C:\Program Files\Muff
2008-08-30 13:04 . 2008-08-30 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 14:24 --------- d-----w C:\Documents and Settings\Janki\Application Data\uTorrent
2008-09-27 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 10:17 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-27 10:16 --------- d-----w C:\Program Files\TQ Defiler
2008-09-27 10:11 --------- d-----w C:\Documents and Settings\Janki\Application Data\My Games
2008-09-27 02:01 --------- d-----w C:\Documents and Settings\Janki\Application Data\Orbit
2008-09-26 19:49 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-09-25 17:27 --------- d-----w C:\Program Files\ICQ6
2008-09-23 11:02 --------- d-----w C:\Documents and Settings\Janki\Application Data\OpenOffice.org2
2008-09-19 15:00 --------- d-----w C:\Program Files\SpeedFan
2008-09-08 14:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-08 14:36 --------- d-----w C:\Program Files\Common Files\Logitech
2008-09-08 13:57 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-30 11:02 --------- d-----w C:\Program Files\ATI Technologies
2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\skypePM
2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\Skype
2008-08-24 18:33 --------- d-----w C:\Documents and Settings\Janki\Application Data\MyPhoneExplorer
2008-08-23 13:56 --------- d-----w C:\Program Files\Lavalys
2008-08-19 22:09 --------- d-----w C:\Documents and Settings\Janki\Application Data\Winamp
2008-08-13 17:50 --------- d-----w C:\Program Files\Western Digital
2008-08-08 04:23 --------- d-----w C:\Program Files\Recuva
2008-08-03 02:24 --------- d-----w C:\Program Files\Skype
2008-08-03 02:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-03 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-02 14:52 --------- d-----w C:\Program Files\Opera
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-14 07:07 714 ----a-w C:\ma477.bin
2008-07-09 21:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-07-09 21:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-06-30 18:08 692,058 ----a-w C:\WINDOWS\system32\unins000.exe
2008-03-09 05:25 236 ----a-w C:\Program Files\Common Files\dx.reg
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Muff ----

2004-09-20 16:29 174498 --a------ C:\Program Files\Muff\SPVInvaders\invaders.CAB
2004-09-10 12:17 160 --a------ C:\Program Files\Muff\SPVInvaders\invaders.ini


------- Sigcheck -------

2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\TCPIP.SYS

2004-08-04 02:56 57856 5274e48efcd5a464b7d17424debc3d6d C:\WINDOWS\system32\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-09-03 267056]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 C:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-05-25 06:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-22 19:53 2209224 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-07-16 16:57 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2006-04-13 8192]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-10 1386008]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 3712]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\Janki\LOCALS~1\Temp\GPU-Z.sys [ ]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-08 354560]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5ecb81-5739-11dd-b5bc-00055dd3fac7}]
\Shell\AutoRun\command - I:\Programs\totalcmd\TCPowerPack.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-a-squared - C:\Program Files\a-squared Anti-Malware\a2guard.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 16:29:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
Completion time: 2008-09-27 16:29:58
ComboFix-quarantined-files.txt 2008-09-27 14:29:54
ComboFix2.txt 2008-09-26 18:39:39

Pre-Run: 19,501,412,352 bytes free
Post-Run: 19,490,086,912 bytes free

212

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

pa i meni je sumnjiv taj fajl...
procitaj pravila za ovaj deo foruma Wink
http://www.mycity.rs/Ambulanta/Pravila-ovog-dela-foruma.html

Ko je trenutno na forumu
 

Ukupno su 1222 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 1177 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Bobrock1, Botovac, Brana01, CikaKURE, Dimitrije Paunovic, dragon986, dushan, Georgius, herrDule, ILGromovnik, Kubovac, kuntalo, Leonov, lord sir giga, Lošmi, Magistar78, Mcdado, mercedesamg, milenko crazy north, milutin134, mrvica78, nebkv, oldtimer, panonski mornar, Parker, raptorsi, srbijaiznadsvega, Srle993, ss10, Stoilkovic, Sumadija34, suton, tmanda323, vasa.93, vladulns, voja64, Volkhov-M, Zandar