Windows explorer.exe

1

Windows explorer.exe

offline
  • SPQR 
  • Novi MyCity građanin
  • Pridružio: 27 Nov 2008
  • Poruke: 9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:50, on 5.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Programmi\Boot Camp\KbdMgr.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\COMODO\SafeSurf\cssurf.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\Nuova cartella\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fmmontenegro.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Programmi\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programmi\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: CabBuilder - ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmi/Amazing%20Adventures%20Around%20the%20World/Images/stg_drm.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Servizio orario Apple (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 9468 bytes



Ne znam kako je doshlo do ovoga....samo je odjednom pocheo da ludi.
Pochelo je da mi iskache prozorchic kao da se neka komponenta windowsa instalira i ponekad mi se gubi explorer.exe !!!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8392
  • Gde živiš: Novi Beograd

Zdravo,

pogledacemo:

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • SPQR 
  • Novi MyCity građanin
  • Pridružio: 27 Nov 2008
  • Poruke: 9

ComboFix 09-06-05.02 - User 05.06.2009 21:37.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2032.1563 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\Nuova cartella\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
c:\windows\system32\Drivers\sptd.sys
c:\windows\system32\enoeuce.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-05-05 al 2009-06-05 )))))))))))))))))))))))))))))))))))
.

2009-05-30 13:14 . 2009-05-30 13:14 68208 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-05-28 05:34 . 2009-05-28 05:35 -------- dc----w- c:\programmi\File comuni\ChaosGroup
2009-05-28 05:34 . 2009-05-28 05:34 -------- dc----w- c:\programmi\Chaos Group
2009-05-28 04:24 . 2009-05-28 04:24 -------- dc----w- c:\programmi\Turbo Squid Tentacles
2009-05-28 04:23 . 2009-05-28 04:23 10134 -c--a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-28 04:23 . 2009-05-28 04:23 -------- dc----w- c:\programmi\Microsoft WSE
2009-05-26 00:10 . 2009-05-28 00:50 -------- dc----w- c:\documents and settings\User\Dati applicazioni\Abvent_Artlantis2
2009-05-26 00:09 . 2009-05-26 00:11 -------- dc----w- c:\programmi\Artlantis Studio 2
2009-05-15 15:58 . 2009-05-15 15:58 -------- dc----w- c:\windows\system32\IOSUBSYS
2009-05-15 15:55 . 2009-05-15 15:55 -------- dc----w- c:\documents and settings\LocalService\Menu Avvio
2009-05-15 15:55 . 2009-03-30 08:33 96104 -c--a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-15 15:55 . 2009-03-24 14:08 55640 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-15 15:55 . 2009-02-13 10:29 22360 -c--a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-15 15:55 . 2009-02-13 10:17 45416 -c--a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-15 15:54 . 2009-05-15 15:54 -------- dc----w- c:\programmi\Avira
2009-05-15 15:54 . 2009-05-15 15:54 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-05-15 01:33 . 2009-05-15 01:33 -------- dc----w- c:\programmi\DreamWorks Interactive
2009-05-13 13:55 . 2009-05-11 11:39 51200 -c--a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\zjjtmgh9.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\FFExternalAlert.dll
2009-05-13 13:55 . 2009-05-11 11:39 114688 -c--a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\zjjtmgh9.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\npmozax.dll
2009-05-09 16:26 . 2009-05-10 13:51 -------- dc----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GameSpy
2009-05-09 16:21 . 2009-05-10 17:03 -------- dc----w- c:\documents and settings\User\Dati applicazioni\My Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 19:27 . 2008-06-29 21:11 -------- dc----w- c:\documents and settings\User\Dati applicazioni\uTorrent
2009-06-04 18:52 . 2008-10-04 14:18 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-06-02 10:38 . 2008-10-29 18:26 -------- dc----w- c:\documents and settings\User\Dati applicazioni\U3
2009-05-28 04:19 . 2008-04-21 02:08 -------- dc----w- c:\programmi\File comuni\Autodesk Shared
2009-05-28 04:17 . 2008-04-21 02:10 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-05-28 04:17 . 2008-04-21 02:08 -------- dc----w- c:\programmi\Autodesk
2009-05-28 01:10 . 2007-11-30 00:27 -------- dc----w- c:\documents and settings\User\Dati applicazioni\Abvent
2009-05-26 00:11 . 2008-11-13 23:20 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Abvent
2009-05-25 22:50 . 2008-01-30 23:01 -------- dc----w- c:\programmi\ApexDC++
2009-05-17 11:37 . 2008-07-01 15:46 132640 -c--a-w- c:\windows\system32\drivers\cmdguard.sys
2009-05-16 21:26 . 2008-11-23 20:04 -------- dc----w- c:\documents and settings\User\Dati applicazioni\Hamachi
2009-05-15 15:58 . 2008-01-21 19:52 -------- dc----w- c:\programmi\Google
2009-05-15 12:47 . 2009-03-02 20:44 -------- dc----w- c:\programmi\Hamachi
2009-05-14 21:10 . 2008-07-01 15:46 168208 -c--a-w- c:\windows\system32\guard32.dll
2009-05-14 21:10 . 2008-07-01 15:46 82080 -c--a-w- c:\windows\system32\drivers\inspect.sys
2009-05-14 21:10 . 2008-07-01 15:46 24096 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-05-10 17:57 . 2007-11-24 18:36 98752 -c--a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-10 17:04 . 2007-11-23 16:53 -------- dc-h--w- c:\programmi\InstallShield Installation Information
2009-05-09 16:31 . 2001-08-31 11:00 84336 ----a-w- c:\windows\system32\perfc010.dat
2009-05-09 16:31 . 2001-08-31 11:00 489606 ----a-w- c:\windows\system32\perfh010.dat
2009-05-01 18:30 . 2009-05-01 18:30 3366912 -c--a-w- c:\windows\system32\GPhotos.scr
2009-04-29 00:05 . 2009-04-29 00:05 -------- dc----w- c:\programmi\Microsoft
2009-04-29 00:05 . 2009-04-29 00:05 -------- dc----w- c:\programmi\Windows Live SkyDrive
2009-04-29 00:04 . 2008-03-01 15:35 -------- dc----w- c:\programmi\Windows Live
2009-03-14 21:54 . 2009-03-14 21:54 75048 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IRW"="c:\windows\system32\IRW.exe" [2008-04-15 147456]
"Apple_KbdMgr"="c:\programmi\Boot Camp\KbdMgr.exe" [2008-04-15 423216]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"COMODO SafeSurf"="c:\programmi\COMODO\SafeSurf\cssurf.exe" [2008-07-01 278264]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-05-14 1794320]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-05-14 1794320]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-23 124928]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^SnagIt 8.lnk]
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\Counter-Strike Source\\hl2.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1.7.2008 17:46 132640]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.7.2008 17:46 24096]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [15.5.2009 17:55 108289]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [15.4.2008 17:44 132400]
R2 AppleTimeSrv;Servizio orario Apple;c:\windows\system32\AppleTimeSrv.exe [15.4.2008 17:44 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [15.4.2008 17:44 5504]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [15.4.2008 17:44 6528]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10.3.2008 0:04 65536]
R3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\drivers\aapltctp.sys [23.11.2007 18:56 4224]
R3 aapltp;Apple Trackpad;c:\windows\system32\drivers\aapltp.sys [23.11.2007 18:56 35072]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [23.11.2007 18:52 9088]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [23.11.2007 18:55 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [23.11.2007 18:55 19968]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [23.11.2007 18:55 7424]
S3 iSightUpdate;iSight Update Driver;c:\windows\system32\drivers\iSightUP.sys [23.11.2007 18:51 17664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2.10.2008 22:32 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2.10.2008 22:32 8320]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-05 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 09:04]

2009-06-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2009-06-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-procexp90.Sys


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fmmontenegro.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\zjjtmgh9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT144873&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.fmmontenegro.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT144873&SearchSource=2&q=
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\zjjtmgh9.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\zjjtmgh9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-05 21:40
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(800)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ipsecsvc.dll
.
Ora fine scansione: 2009-06-05 21:41
ComboFix-quarantined-files.txt 2009-06-05 19:41
ComboFix2.txt 2008-12-03 22:40

Pre-Run: 2.380.025.856 byte disponibili
Post-Run: 2.615.033.856 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

204 --- E O F --- 2008-08-03 11:17

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8392
  • Gde živiš: Novi Beograd

Zipuj/raruj mi sledeci folder:

c:\qoobox i posalji mi ga preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

uploaduj mi i sledeci fajl:

c:\windows\system32\OGAVerify.exe

offline
  • SPQR 
  • Novi MyCity građanin
  • Pridružio: 27 Nov 2008
  • Poruke: 9

Odradjeno helen Wink

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8392
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sptd.sys.vir
QUIT::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • SPQR 
  • Novi MyCity građanin
  • Pridružio: 27 Nov 2008
  • Poruke: 9

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sptd.sys.vir -> C:\WINDOWS\system32\drivers\sptd.sys ( 685816 bytes )


samo mi je ovo izbachio !

p.s. josh uvjek mi iskache (treperi...sam se upali i ugasi par puta u 10sekundi) prozorchic nesto za windows softver!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8392
  • Gde živiš: Novi Beograd

Mozes li da postavis screenshot toga sto ti iskoci?

offline
  • SPQR 
  • Novi MyCity građanin
  • Pridružio: 27 Nov 2008
  • Poruke: 9

teshko...poshto se pojavljuje samo na par sekundi!

A to je onaj prozo shto se pali kad se instalira neka softverska komponenta za windows ! i pishe da trazi neku softeversku komponentu da je instalira !

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8392
  • Gde živiš: Novi Beograd

Tesko da je ovo do malwera.

Obrati se u Windows deo.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 629 korisnika na forumu :: 46 registrovanih, 4 sakrivenih i 579 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, _Sale, A.R.Chafee.Jr., admiral13, amaterSRB, arsa, baza, bojank, Boris90, BSD, Cirkon, Dannyboy, darcaud, darios, dekao, DH, djboj, djo97, Djokislav, djordje92sm, Doc, Dorcolac, dragon986, Jester, Kaneda, komkom, kovinacc, krkalon, Krusarac, L3g1oN, lovac12, mercedesamg, Mercury, miodrag, motobubi, Recce, robytz, sabros, Sale.S, saputnik plavetnila, segax1, Toni, trajkoni018, voja64, Vzor50, Yellow Pinky