MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Da li ih ima još

[bobby]Da li ih ima još

Napisano na dan: 20.11.2008
1

[bobby]Da li ih ima još

Idi na vrh

Poslao: 20 Nov 2008 09:43
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3246

Stvarno čudno, preuzmem jednu Mickrosoftovu zakrpu i prilikom narednog restartovanja nema ničega na desktopu, AV traži repair koji nikako nisam mogao da uradim. Nekako tu zakrpu obrišem, ali probem je ostao. Šta gde i kako sam navatao maliciozne programe nikako mi nije jasno, ali više od sada mi je update sistema na off, zvuči nelogično ali je tako.

Nekako preskeniram sistem sa programom Malwarebytes' Anti-Malware (ispod je log), i potom uspem da pokrenem i AV i sa njim preskeniram sistem, isto ću zakačiti log ispod. Evo i Hijack loga ako može neko da proveri da li ima još nečega, jel mi se sistem podiže nešto sporije nego obično (ranije), a i sa virusima nikada čovek nije načisto.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:49, on 20.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
D:\Download torrent file\Internet Download Manager - Portable\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\Nova fascikla\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Download torrent file\Internet Download Manager - Portable\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [IDMan] D:\Download torrent file\Internet Download Manager - Portable\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - D:\Download torrent file\Internet Download Manager - Portable\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Download torrent file\Internet Download Manager - Portable\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Download torrent file\Internet Download Manager - Portable\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....7067499531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 7589 bytes



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Poslao: 20 Nov 2008 20:08
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 21 Nov 2008 03:27
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3246

ComboFix 08-11-19.08 - Administrator 2008-11-21 3:16:25.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.402 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msvrc20.dll
c:\windows\system32\rnplf19.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.

2008-11-20 16:11 . 2008-11-20 16:11 4,096 --ahs---- C:\Thumbs.db
2008-11-20 07:28 . 2008-11-20 09:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IDM
2008-11-20 07:28 . 2008-11-21 02:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DMCache
2008-11-20 07:28 . 2008-11-20 06:41 206,256 --a------ c:\windows\system32\idmmbc.dll
2008-11-20 07:23 . 2008-11-20 07:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\NASA
2008-11-20 07:21 . 2008-11-20 07:21 <DIR> d-------- c:\program files\NASA
2008-11-20 05:48 . 2008-11-20 05:48 <DIR> d-------- C:\Data
2008-11-20 05:11 . 2008-11-20 05:11 5,120 --ahs---- c:\windows\Thumbs.db
2008-11-19 06:27 . 2008-11-19 06:27 <DIR> d-------- c:\windows\system32\msmq
2008-11-19 06:27 . 2008-11-19 06:27 <DIR> d-------- C:\Inetpub
2008-11-19 05:02 . 2008-11-19 05:02 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-19 04:08 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-17 09:28 . 2008-11-19 17:40 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-17 09:28 . 2008-11-19 17:40 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-17 09:26 . 2008-11-17 09:26 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-17 03:34 . 2008-11-17 03:34 <DIR> d-------- c:\program files\Common Files\NSV
2008-11-17 03:18 . 2008-11-17 03:18 <DIR> d-------- c:\program files\SpacialAudio
2008-11-17 03:18 . 2005-09-23 00:05 626,688 --a------ c:\windows\system32\msvcr80.dll
2008-11-17 03:18 . 2005-09-23 00:05 548,864 --a------ c:\windows\system32\msvcp80.dll
2008-11-16 23:13 . 2008-11-16 23:18 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-16 19:57 . 2006-06-01 19:47 163,840 -----c--- c:\windows\system32\dllcache\jgdw400.dll
2008-11-16 19:57 . 2006-06-01 19:47 27,648 -----c--- c:\windows\system32\dllcache\jgpl400.dll
2008-11-16 19:54 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-16 19:54 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-16 19:50 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-16 19:50 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-16 19:50 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-16 19:50 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-16 19:33 . 2008-10-24 12:25 455,936 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 17:01 . 2008-11-17 03:55 <DIR> d-------- c:\program files\SHOUTcast
2008-11-16 13:37 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-16 13:37 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-16 13:37 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-16 13:37 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-16 13:37 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-12 07:02 . 2008-11-12 07:02 306,432 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-11-12 07:02 . 2007-12-20 10:41 29,440 --a------ c:\windows\system32\uxtuneup.dll
2008-11-12 06:52 . 2008-11-12 07:23 <DIR> d--h----- c:\windows\Icons
2008-11-12 03:48 . 2008-11-12 03:48 <DIR> d-------- c:\program files\Invisible Browsing
2008-11-12 02:11 . 2008-11-17 06:03 <DIR> d-------- c:\program files\WinWatermark 2
2008-11-11 21:30 . 2008-11-11 21:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Pamela
2008-11-11 01:41 . 2008-11-17 06:03 <DIR> d-------- c:\program files\Free Photo Resizer
2008-11-10 20:53 . 2008-11-10 20:53 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-10 14:29 . 2008-11-10 14:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nero
2008-11-10 14:27 . 2008-11-10 14:27 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-10 14:26 . 2008-11-10 14:27 <DIR> d-------- c:\program files\Nero 9
2008-11-10 14:23 . 2008-11-10 14:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AdobeUM
2008-11-09 10:26 . 2008-11-20 01:40 <DIR> d-------- c:\program files\world atlas
2008-11-09 10:18 . 2008-11-09 10:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\3DWA_L
2008-11-09 10:02 . 2008-11-09 10:02 87 --a------ c:\windows\Tiny_Run.ini
2008-11-09 07:07 . 2008-11-20 09:19 5,655,584 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-09 07:07 . 2008-11-21 03:14 819,232 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-09 07:07 . 2008-11-20 09:19 46,312 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-09 07:07 . 2008-11-21 03:14 4,928 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-08 04:20 . 2008-11-08 04:20 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-08 03:56 . 2008-11-08 03:56 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2008-11-08 03:41 . 2008-11-08 03:43 <DIR> d--h-c--- c:\windows\ie8
2008-11-05 22:10 . 2008-11-05 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\RosettaStoneLtdBackup
2008-11-05 20:14 . 2008-11-05 22:11 <DIR> d-------- c:\program files\Rosetta Stone
2008-11-05 20:14 . 2008-11-10 03:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone
2008-11-02 06:09 . 2008-11-19 17:53 34 --a------ c:\windows\system32\msghdf19.ocx
2008-11-02 05:54 . 2008-11-20 04:49 <DIR> d-------- c:\program files\Spy Cleaner Platinum
2008-11-02 05:54 . 2004-02-01 22:54 569,368 --a------ c:\windows\system32\olelib.tlb
2008-11-02 05:54 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2008-11-02 05:54 . 1998-04-24 00:00 368,912 --a------ c:\windows\system32\vbar332.dll
2008-11-02 05:54 . 2003-01-26 15:48 147,456 --a------ c:\windows\system32\Vbzip11.dll
2008-11-02 05:54 . 1998-12-02 09:11 143,360 --a------ c:\windows\system32\vbuzip10.dll
2008-11-02 05:54 . 1998-06-18 00:00 32,768 --a------ c:\windows\system32\Regtool5.dll
2008-11-02 05:54 . 1999-04-17 23:36 10,752 --a------ c:\windows\system32\aamd532.dll
2008-11-02 02:37 . 2008-11-02 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-30 01:25 . 2008-10-30 01:25 74,458 --a------ C:\Folders.dbx
2008-10-30 01:12 . 2008-10-30 01:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Acronis
2008-10-30 01:00 . 2008-10-30 01:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-10-30 01:00 . 2008-10-30 01:00 971,168 --a------ c:\windows\system32\drivers\tdrpm140.sys
2008-10-30 00:59 . 2008-11-04 23:07 <DIR> d-------- c:\program files\Common Files\Acronis
2008-10-30 00:59 . 2008-10-30 00:59 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2008-10-30 00:59 . 2008-10-30 00:59 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2008-10-25 23:57 . 2008-10-25 23:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2008-10-25 23:55 . 2008-11-04 22:48 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-10-25 23:55 . 2008-10-25 23:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 02:16 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2008-11-20 17:18 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-11-20 16:44 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-11-20 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-20 04:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-20 04:15 --------- d-----w c:\program files\YouTube Downloader
2008-11-20 04:15 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-20 04:15 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-20 04:15 --------- d-----w c:\program files\RegCure
2008-11-20 04:15 --------- d-----w c:\program files\Mouse
2008-11-20 04:13 --------- d-----w c:\program files\IObit
2008-11-20 04:12 --------- d-----w c:\program files\FastStone Image Viewer
2008-11-20 04:12 --------- d-----w c:\program files\FastStone Capture
2008-11-20 04:12 --------- d-----w c:\program files\Easy Thumbnails
2008-11-20 04:12 --------- d-----w c:\program files\ClocX
2008-11-20 03:50 --------- d-----w c:\program files\uTorrent
2008-11-20 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\Bitmeter2
2008-11-20 03:50 --------- d-----w c:\documents and settings\Administrator\Application Data\Vso
2008-11-20 03:49 --------- d-----w c:\program files\Thoosje Vista Sidebar
2008-11-20 03:49 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-11-20 03:15 --------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2008-11-20 00:31 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer PRO
2008-11-19 20:54 --------- d-----w c:\program files\Google
2008-11-17 03:00 --------- d-----w c:\program files\Winamp
2008-11-15 19:11 --------- d-----w c:\program files\Trillian
2008-11-12 06:03 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-10 13:21 --------- d-----w c:\program files\Ahead
2008-11-10 01:14 --------- d-----w c:\program files\Common Files\Adobe
2008-11-09 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 06:02 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-09 05:27 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss
2008-11-05 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-02 19:58 --------- d-----w c:\program files\ICQ6
2008-11-01 02:50 --------- d-----w c:\program files\The_Pirate_Bay
2008-11-01 01:13 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-30 16:55 --------- d-----w c:\program files\Opera
2008-10-25 22:56 --------- d-----w c:\program files\Yahoo!
2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-14 15:29 --------- d-----w c:\program files\Conduit
2008-10-09 16:48 --------- d-----w c:\program files\RocketDock
2008-10-03 15:45 --------- d-----w c:\program files\Paint.NET
2008-10-02 08:52 --------- d-----w c:\program files\Super Internet TV
2008-10-01 09:45 796,672 ----a-w c:\windows\GPInstall.exe
2008-10-01 09:45 --------- d-----w c:\program files\Aardvark
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 10:22 --------- d-----w c:\program files\Skype
2008-09-30 10:22 --------- d-----w c:\program files\Common Files\Skype
2008-09-30 10:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-28 11:08 --------- d-----w c:\documents and settings\Administrator\Application Data\Bitmeter2
2008-09-28 10:56 --------- d-----w c:\program files\Codebox
2008-09-23 16:17 --------- d-----w c:\program files\QuickTime
2008-09-23 06:06 --------- d-----w c:\program files\Common Files\xing shared
2008-09-23 06:06 --------- d-----w c:\program files\Common Files\Real
2008-09-23 06:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-09-23 06:05 --------- d-----w c:\program files\Real
2008-09-22 05:04 73,983 ----a-w c:\windows\WinVerCheck.exe
2008-09-15 12:17 1,846,912 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-22 02:08 878,592 ----a-w c:\windows\system32\wininet.dll
2008-08-22 02:08 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-08-22 02:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 02:06 72,704 ----a-w c:\windows\system32\admparse.dll
2008-08-22 02:06 71,680 ----a-w c:\windows\system32\iesetup.dll
2008-08-22 02:06 434,176 ----a-w c:\windows\system32\vbscript.dll
2008-08-22 02:05 48,640 ------w c:\windows\system32\PrivacIE.dll
2008-08-22 02:05 48,128 ----a-w c:\windows\system32\mshtmler.dll
2008-08-22 02:05 35,840 ----a-w c:\windows\system32\imgutil.dll
2008-08-22 02:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 01:57 156,160 ----a-w c:\windows\system32\msls31.dll
2007-12-17 02:11 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2005-07-14 19:31 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2007-10-10 23:28 2,568 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="d:\download torrent file\Internet Download Manager - Portable\Internet Download Manager\IDMan.exe" [2008-11-20 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srpskey"="c:\windows\SYSTEM32\SRPSKEY.EXE" [2007-05-04 35840]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2004-01-21 103936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-23 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2008-05-07 1008128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-03 14336]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-06-03 23152]
R3 HidMouse;HidMouse;c:\windows\system32\Drivers\HidMouse.sys [2008-02-03 34585]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2008-06-12 14336]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-05 30192]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-12 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - EVERESTDRIVER
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 18:38]

2008-11-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-07-26 20:37]

2008-11-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-07-26 20:37]

2008-11-20 c:\windows\Tasks\User_Feed_Synchronization-{61EDF5FA-C82B-4023-8C2B-44D92736E24F}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gfaxb2ht.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 03:20:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-11-21 3:23:46
ComboFix-quarantined-files.txt 2008-11-21 02:23:24
ComboFix2.txt 2008-09-24 18:35:59

Pre-Run: 13.272.371.200 bytes free
Post-Run: 13,254,791,168 bytes free

271

Poslao: 21 Nov 2008 17:08
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Imas li IE 7 instaliran?

Reci mi kako se sada komp ponasa? Ima li jos nekih simptoma?

Poslao: 21 Nov 2008 18:08
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3246

Sada je sve Ok, sve radi onom brzinom kao i ranije.

Inače imam instaliran IE 8 Beta 2, ali sam njega preuzeo i instalirao sa oficijalnog Majkrosoftov sajta.

Inače ja sam opet uključio update sistema, nadam se da to nije greška?

Poslao: 21 Nov 2008 18:13
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Video sam u logu fajl koji odgovara IE 7 (a mozda i IE 8 beta).
Hteo sam da budem siguran da je legitiman.
Da si rekao da imas IE 6, onda taj fajl nikako ne bi trebao da se nalazi na tvom kompu.

Nije nikakva greska imati ukljucen update. Nije mi bilo bas jasno ovo pitanje.

Sledece nije obavezno, ali bih te zamolio da uradis ukoliko ti nije tesko:
Spakuj u jedan ZIP ceo folder c:\QooBox\Quarantine i uploaduj mi taj ZIP preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php
Interesuje me da ih proverim.

To su fajlovi koje je ComboFix uklonio.
Oni ce biti obrisani za vjek i vjekova tek kada odradimo deinstalaciju ComboFixa:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Poslao: 21 Nov 2008 20:38
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3246

Odradio sam sve.

Evo i uplodovao sam fajl, samo ako imaš mogućnosti potvrdi da li je to taj fajl koji ti treba, verovatno zbog proučavanja.

Poslao: 21 Nov 2008 20:55
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Trazio sam folder C:\QooBox\Quarantine.
U njemu treba da ima desetak fajlova.

Ono sto si mi uploadovao je samo spisak fajlova.
No, ako si deinstalirao vec ComboFox, onda je vec kasno Wink

Poslao: 21 Nov 2008 21:10
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3246

Tih jesam, deisntalirao sam ga, ihhh sada ne znam šta radio od muke GUZ - Glavom U Zid , a to je bila šansa da ti se barem makice odužim za to što si mi sredio i spasio sistem od virusa i padanja.

Ako ima neke šanse sada nešto da ti pošlajem neki izveštaj samo reci, možda bi ti značio izveštaj iz AV progarama, ih sada bih se pojeo živ Embarassed .

Tebi hvala veliko za sve učinjeno i za spašen sistem. Very Happy

Još jednom hvala i živeo. Ziveli

Poslao: 21 Nov 2008 21:49
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nije frka Wink

Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Da li ih ima još

Ko je trenutno na forumu
 

Ukupno su 851 korisnika na forumu :: 39 registrovanih, 5 sakrivenih i 807 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, bankulen, Battlehammer, bladesu, cavatina, cenejac111, darios, darkangel, draganca, dulleo, Griffon vulture, ILGromovnik, Leonov, mackenzie, Mcdado, mercedesamg, milutin134, MiroslavD, Mixelotti, mrav pesadinac, Ne doznajem se u oružje, nuke92, Parker, Ripanjac, RJ, Sančo, sasa87, Simon simonović, Srky Boy, ss10, Stanlio, stegonosa, Stoilkovic, suton, VJ, YU-UKI, zillbg, Živković