[bobby]Web strane

1

[bobby]Web strane

offline
  • Pridružio: 29 Avg 2005
  • Poruke: 720
  • Gde živiš: Beograd

Logfile of HijackThis v1.99.1
Scan saved at 8:15:41 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\New Folder\nacika.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.yahoo.com/search?p=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0CFF493C-5ED3-4D24-BF90-8D529D22395F} - C:\WINDOWS\system32\tuvWnKDw.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} - C:\WINDOWS\system32\mlJAtqoN.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BMdf8fa7b8] Rundll32.exe "C:\WINDOWS\system32\ykidecws.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://natashabg92.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: mlJAtqoN - mlJAtqoN.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Problem je sledeci... Very Happy
na drugom kompu ne mogu da otvaram odredjene sajtove ( yahoo mail, google results itd )
probao sam IE, firefox , operu ali isti problem, jednostavno ne ucitava stranu

ISP: SBB ( kazu da do njih nije kvar )

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 29 Avg 2005
  • Poruke: 720
  • Gde živiš: Beograd

ComboFix 08-06-20.4 - Admin 2008-06-29 12:46:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.584 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BMdf8fa7b8.xml
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\apesvhmj.dll
C:\WINDOWS\system32\audwwqgt.ini
C:\WINDOWS\system32\dtwwgxtj.dll
C:\WINDOWS\system32\fuvecyma.ini
C:\WINDOWS\system32\hwveqsqj.ini
C:\WINDOWS\system32\jtxgwwtd.ini
C:\WINDOWS\system32\lhujjucg.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nlncikqt.ini
C:\WINDOWS\system32\npddaedi.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\tjqaokhc.ini
C:\WINDOWS\system32\tvtsqdfk.ini
C:\WINDOWS\system32\wDKnWvut.ini
C:\WINDOWS\system32\wDKnWvut.ini2
C:\WINDOWS\system32\ykidecws.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 12:49 . 2008-06-29 12:49 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-28 19:50 . 2008-06-28 19:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-28 19:50 . 2008-06-29 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-28 19:50 . 2008-06-29 12:48 1,437,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 19:50 . 2008-06-29 12:49 270,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 19:50 . 2008-06-28 20:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-28 19:50 . 2008-06-28 20:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-28 19:50 . 2008-06-29 12:48 13,356 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 19:50 . 2008-06-29 12:49 2,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-26 00:15 . 2008-06-26 00:18 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Mount&Blade
2008-06-26 00:14 . 2008-06-27 16:35 <DIR> d-------- C:\Program Files\Mount&Blade
2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Program Files\Activision
2008-06-22 20:57 . 2008-06-22 20:57 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-22 20:52 . 2008-06-22 20:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DAEMON Tools
2008-06-22 20:52 . 2008-06-22 20:52 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-15 10:17 . 2008-06-15 10:17 <DIR> d-------- C:\Program Files\Ali Keshavarz
2008-06-14 21:20 . 2008-06-28 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-10 11:36 . 2008-06-18 19:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-10 11:30 . 2008-06-10 11:37 <DIR> d-------- C:\Program Files\Winamp
2008-06-08 15:38 . 2008-06-08 15:40 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-08 15:38 . 2008-06-08 15:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
2008-06-08 13:56 . 2008-06-08 13:56 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-07 09:14 . 2008-06-07 09:14 32,764 --a------ C:\WINDOWS\17PHolmes1188.exe
2008-06-06 17:48 . 2008-06-06 17:48 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-06 17:40 . 2008-06-07 15:47 <DIR> d--hs---- C:\WINDOWS\VXNlcg
2008-06-06 17:39 . 2008-06-15 10:07 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-06 17:39 . 2008-06-15 00:19 <DIR> d-------- C:\WINDOWS\system32\vntiho18
2008-06-06 17:39 . 2008-06-15 00:20 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-06 17:39 . 2008-06-29 12:46 <DIR> d-------- C:\Temp
2008-06-06 17:31 . 2008-06-14 11:28 <DIR> d-------- C:\Program Files\BrowsingEnhancer
2008-06-06 17:29 . 2008-06-10 09:50 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-06-06 17:29 . 2008-06-06 17:30 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-06-04 15:02 . 2008-06-04 15:03 <DIR> d-------- C:\Program Files\Spider-Man 2
2008-06-01 17:58 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\Durex game
2008-06-01 17:58 . 2008-06-01 17:58 <DIR> d-------- C:\Program Files\Durex
2008-06-01 17:58 . 2000-09-09 16:25 650,685 --a------ C:\WINDOWS\screenSaver_.flc
2008-06-01 17:58 . 2000-09-09 18:46 406,771 --a------ C:\WINDOWS\Durex Sperm Screensaver.scr
2008-06-01 17:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-01 17:58 . 2000-05-03 13:20 282,112 --a------ C:\WINDOWS\Cncs232.dll
2008-06-01 17:54 . 2008-06-01 18:05 607 --a------ C:\WINDOWS\cncscore.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 17:44 --------- d-----w C:\Program Files\LimeWire
2008-06-23 13:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-22 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 11:14 --------- d-----w C:\Program Files\The Dark Legions
2008-06-19 20:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-18 20:29 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nettalk
2008-06-16 16:25 --------- d-----w C:\Program Files\Battleship
2008-06-15 09:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-11 20:05 --------- d-----w C:\Program Files\Omerta Script
2008-06-11 08:48 --------- d-----w C:\Program Files\8BallClub
2008-06-10 09:19 --------- d-----w C:\Program Files\War Chess
2008-06-08 13:13 --------- d-----w C:\Program Files\uTorrent
2008-05-28 06:30 --------- d-----w C:\Program Files\Nettalk6
2008-05-27 18:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\BSplayer Pro
2008-05-25 10:21 --------- d-----w C:\Documents and Settings\Admin\Application Data\PC Suite
2008-05-24 10:20 --------- d-----w C:\Program Files\Nokia
2008-04-29 19:05 --------- d-----w C:\Program Files\Rockstar Games
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-22 17:32 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008022620080227\index.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2005-07-29 14:24 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs
.

------- Sigcheck -------

2007-12-27 23:34 360704 90671a9a8f189262be5224c497c2e0c7 C:\WINDOWS\system32\drivers\tcpip.sys

2007-12-27 23:39 2221824 86889d12db125d402d618ed36bf7e166 C:\WINDOWS\system32\ntkrnlpa.exe

2007-12-27 23:34 2345216 31610d15a02ce89554172a03e5268efa C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFF493C-5ED3-4D24-BF90-8D529D22395F}]
C:\WINDOWS\system32\tuvWnKDw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 19:49 88363 C:\WINDOWS\AGRSMMSG.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 22:05 344064]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-27 23:33 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-02-26 21:07:40 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtqoN]
mlJAtqoN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-21 08:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\8BallClub\\GameDirector.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 17:21]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 06:00]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-26 21:00]
S3 vmmouse;VMware Pointing Device;C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2007-05-02 04:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:16:53 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-29 09:58:31 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 12:49:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-29 12:52:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 10:52:14

Pre-Run: 15,061,327,872 bytes free
Post-Run: 15,305,412,608 bytes free

205

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\tuvWnKDw.dll
C:\WINDOWS\system32\mlJAtqoN.dll
C:\WINDOWS\17PHolmes1188.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFF493C-5ED3-4D24-BF90-8D529D22395F}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtqoN]

DirLook::
C:\WINDOWS\VXNlcg
C:\WINDOWS\system32\zabD
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\izo


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Jel ti to imas maticnu sa nVidia chipsetom a ATi graficku?

offline
  • Pridružio: 29 Avg 2005
  • Poruke: 720
  • Gde živiš: Beograd

kaze windows cannot access the specified device, path or file. you may not have the appropriate premissions to access te item.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Kada to kaze?
Kod prevlacenja skripta na ikonicu ComboFixa ili u toku rada ComboFixa?

offline
  • Pridružio: 29 Avg 2005
  • Poruke: 720
  • Gde živiš: Beograd

kad se prevuce, btw i ja sam se cudio sto su uzeli takvu konfiguraciju al jbg....

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hmmm... mozes li da probas ponovo.
Proveri i da nemas duplih ekstenzija na ta dva fajla (CFScript i ComboFix).
Ja ne mogu sada nista vise da pomognem do veceras jer moram da izadjem iz stana.

Ako ti je hitno, cimnucu nekoga da preuzme.

offline
  • Pridružio: 29 Avg 2005
  • Poruke: 720
  • Gde živiš: Beograd

ma nema frke, veceras Wink

Dopuna: 29 Jun 2008 16:09

evo loga

ComboFix 08-06-20.4 - Admin 2008-06-29 16:02:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.613 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\mlJAtqoN.dll
C:\WINDOWS\system32\tuvWnKDw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\17PHolmes1188.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 12:49 . 2008-06-29 12:49 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-28 19:50 . 2008-06-28 19:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-28 19:50 . 2008-06-29 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-28 19:50 . 2008-06-29 15:50 2,347,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 19:50 . 2008-06-29 15:47 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 19:50 . 2008-06-28 20:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-28 19:50 . 2008-06-28 20:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-28 19:50 . 2008-06-29 15:50 20,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 19:50 . 2008-06-29 15:51 2,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-26 00:15 . 2008-06-26 00:18 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Mount&Blade
2008-06-26 00:14 . 2008-06-27 16:35 <DIR> d-------- C:\Program Files\Mount&Blade
2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Program Files\Activision
2008-06-22 20:57 . 2008-06-22 20:57 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-22 20:52 . 2008-06-22 20:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DAEMON Tools
2008-06-22 20:52 . 2008-06-22 20:52 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-15 10:17 . 2008-06-15 10:17 <DIR> d-------- C:\Program Files\Ali Keshavarz
2008-06-14 21:20 . 2008-06-28 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-10 11:36 . 2008-06-18 19:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-10 11:30 . 2008-06-10 11:37 <DIR> d-------- C:\Program Files\Winamp
2008-06-08 15:38 . 2008-06-08 15:40 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-08 15:38 . 2008-06-08 15:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
2008-06-08 13:56 . 2008-06-08 13:56 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-06 17:48 . 2008-06-06 17:48 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-06 17:40 . 2008-06-07 15:47 <DIR> d--hs---- C:\WINDOWS\VXNlcg
2008-06-06 17:39 . 2008-06-15 10:07 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-06 17:39 . 2008-06-15 00:19 <DIR> d-------- C:\WINDOWS\system32\vntiho18
2008-06-06 17:39 . 2008-06-15 00:20 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-06 17:39 . 2008-06-29 12:46 <DIR> d-------- C:\Temp
2008-06-06 17:31 . 2008-06-14 11:28 <DIR> d-------- C:\Program Files\BrowsingEnhancer
2008-06-06 17:29 . 2008-06-10 09:50 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-06-06 17:29 . 2008-06-06 17:30 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-06-04 15:02 . 2008-06-04 15:03 <DIR> d-------- C:\Program Files\Spider-Man 2
2008-06-01 17:58 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\Durex game
2008-06-01 17:58 . 2008-06-01 17:58 <DIR> d-------- C:\Program Files\Durex
2008-06-01 17:58 . 2000-09-09 16:25 650,685 --a------ C:\WINDOWS\screenSaver_.flc
2008-06-01 17:58 . 2000-09-09 18:46 406,771 --a------ C:\WINDOWS\Durex Sperm Screensaver.scr
2008-06-01 17:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-01 17:58 . 2000-05-03 13:20 282,112 --a------ C:\WINDOWS\Cncs232.dll
2008-06-01 17:54 . 2008-06-01 18:05 607 --a------ C:\WINDOWS\cncscore.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 17:44 --------- d-----w C:\Program Files\LimeWire
2008-06-23 13:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-22 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 11:14 --------- d-----w C:\Program Files\The Dark Legions
2008-06-19 20:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-18 20:29 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nettalk
2008-06-16 16:25 --------- d-----w C:\Program Files\Battleship
2008-06-15 09:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-11 20:05 --------- d-----w C:\Program Files\Omerta Script
2008-06-11 08:48 --------- d-----w C:\Program Files\8BallClub
2008-06-10 09:19 --------- d-----w C:\Program Files\War Chess
2008-06-08 13:13 --------- d-----w C:\Program Files\uTorrent
2008-05-28 06:30 --------- d-----w C:\Program Files\Nettalk6
2008-05-27 18:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\BSplayer Pro
2008-05-25 10:21 --------- d-----w C:\Documents and Settings\Admin\Application Data\PC Suite
2008-05-24 10:20 --------- d-----w C:\Program Files\Nokia
2008-04-29 19:05 --------- d-----w C:\Program Files\Rockstar Games
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-22 17:32 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008022620080227\index.dat
2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2005-07-29 14:24 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\izo ----


---- Directory of C:\WINDOWS\system32\vntiho18 ----


---- Directory of C:\WINDOWS\system32\zabD ----


---- Directory of C:\WINDOWS\VXNlcg ----

2005-07-29 16:24 472 -rahs---- C:\WINDOWS\VXNlcg\prh5w0.vbs


------- Sigcheck -------

2007-12-27 23:34 360704 90671a9a8f189262be5224c497c2e0c7 C:\WINDOWS\system32\drivers\tcpip.sys

2007-12-27 23:39 2221824 86889d12db125d402d618ed36bf7e166 C:\WINDOWS\system32\ntkrnlpa.exe

2007-12-27 23:34 2345216 31610d15a02ce89554172a03e5268efa C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-29_12.51.53.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 10:48:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 13:48:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 19:49 88363 C:\WINDOWS\AGRSMMSG.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 22:05 344064]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-27 23:33 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-02-26 21:07:40 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-21 08:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\8BallClub\\GameDirector.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 17:21]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 06:00]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-26 21:00]
S3 vmmouse;VMware Pointing Device;C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2007-05-02 04:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:16:53 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-29 13:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 16:03:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\natasha_bg_92@hotmail.com\SharingMetadata\Working\database_1ADC_BCBD_DCBC_948B\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-29 16:04:54
ComboFix-quarantined-files.txt 2008-06-29 14:04:46
ComboFix2.txt 2008-06-29 10:52:17

Pre-Run: 13,253,816,320 bytes free
Post-Run: 15,280,017,408 bytes free

186

Dopuna: 29 Jun 2008 16:22

sad je prob izgleda resen, al komp je poceo da koci mnogo... u task manageru nema nista zanimljivo, kaspersky je podesen..

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ostao je sledeci fajl:
C:\WINDOWS\VXNlcg\prh5w0.vbs
Otvori ga u Notepadu (nemoj nikako dupli klik na fajl) i iskopiraj mi sadrzaj ovde.

Sledece foldere obrisi, trebalo bi da su prazni:
C:\WINDOWS\system32\zabD
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\izo
C:\Temp

Dalje, jel postoji na ovom kompu instaliran VMWare?
Za svaki slucaj, salji sledeci fajl na proveru:
C:\WINDOWS\system32\DRIVERS\vmmouse.sys
Uploaduj ga preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 302 korisnika na forumu :: 4 registrovanih, 1 sakriven i 297 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: kayvan6079, ladro, RecA, voja64