http://storageprotector.com/ - lepo me izmucio :)

2

http://storageprotector.com/ - lepo me izmucio :)

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Citat:ComboFix 08-02.05.3 - LEO 2 2008-02-12 14:31:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.452 [GMT 1:00]
Running from: C:\Documents and Settings\LEO 2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\LEO 2\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-12 09:06 . 2008-02-12 09:06 <DIR> d-------- C:\Documents and Settings\LEO 2\Pavark
2008-02-11 12:19 . 2008-02-11 12:19 <DIR> d-------- C:\Program Files\IObit
2008-02-08 13:00 . 2007-11-27 22:51 35,216 --a------ C:\WINDOWS\system32\drivers\TMPassthru.sys
2008-02-08 12:47 . 2008-02-08 12:47 <DIR> d-------- C:\Program Files\Avira
2008-02-08 12:47 . 2008-02-08 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-08 12:22 . 2008-02-08 12:22 250 --a------ C:\WINDOWS\gmer.ini
2008-02-08 11:31 . 2008-02-08 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-08 11:17 . 2007-04-10 10:30 200,064 --a------ C:\WINDOWS\system32\wwww.dll
2008-02-08 11:09 . 2008-02-08 11:09 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-02-08 11:00 . 2008-02-08 11:01 <DIR> d-------- C:\Program Files\CCleaner
2008-02-08 10:46 . 2004-03-03 12:00 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-08 10:46 . 2004-03-03 06:09 290,816 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-02-07 14:41 . 2008-02-12 14:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-07 14:39 . 2008-02-07 14:39 <DIR> d-------- C:\Documents and Settings\LEO 2\Application Data\Bitdefender
2008-02-07 14:38 . 2008-02-07 14:38 <DIR> d-------- C:\Program Files\Softwin
2008-02-07 14:38 . 2008-02-07 14:39 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-02-07 14:38 . 2008-02-07 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-07 13:56 . 2008-02-09 09:15 <DIR> d-------- C:\VundoFix Backups
2008-02-07 13:26 . 2004-08-04 13:00 388,608 --a------ C:\kmd.exe
2008-02-07 11:24 . 2008-02-07 11:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-07 11:23 . 2008-02-07 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 15:29 . 2008-01-24 15:29 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-24 15:29 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-24 15:28 . 2008-01-24 15:30 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-24 15:28 . 2008-02-07 11:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 09:30 . 2008-01-23 09:30 <DIR> d-------- C:\Program Files\MyPlayCity.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 13:34 --------- d-----w C:\Program Files\Trillian
2008-02-12 13:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 18:22 --------- d-----w C:\Documents and Settings\LEO 2\Application Data\Skype
2008-02-08 12:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 12:00 --------- d-----w C:\Program Files\Trend Micro
2008-02-08 09:46 --------- d-----w C:\Program Files\ATI Technologies
2008-02-08 09:26 --------- d-----w C:\Documents and Settings\LEO 2\Application Data\ATI
2008-02-08 08:48 --------- d-----w C:\Program Files\Opera
2008-02-07 13:36 --------- d-----w C:\Program Files\MSN Messenger
2008-02-07 13:35 --------- d-----w C:\Program Files\NewSoft
2008-02-07 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 14:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-30 14:40 --------- d-----w C:\Program Files\FastStone Screen Capture
2008-01-11 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-11 11:06 --------- d-----w C:\Program Files\Windows Live
2008-01-11 10:10 140,288 ----a-w C:\WINDOWS\~GLC0001.TMP
2008-01-11 10:10 --------- d-----w C:\Program Files\Sebran
2008-01-11 10:06 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-01-10 13:19 --------- d-----w C:\Documents and Settings\LEO 2\Application Data\U3
2008-01-10 08:04 --------- d-----w C:\Program Files\The Weather Channel FW
2008-01-09 15:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-01-08 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-14 11:01 --------- d-----w C:\Program Files\Google
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2007-12-13 15:15 --------- d-----w C:\Program Files\EPSON
2007-11-22 13:55 336 ----a-w C:\Program Files\temp995.bat
2007-11-15 10:29 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-11-15 10:29 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2008-02-07 15:04 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00 335872]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-12-19 14:41:18 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-08-05 07:14]
R2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S0 FPA_RTP;FPA_RTP;C:\WINDOWS\system32\Drivers\FSTOPW.SYS []
S3 SM_clp300_FUService;CLP-300 Status Monitor Service;"C:\Program Files\Samsung\Samsung CLP-300 Series\SPanel\ssmsrvc []
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-24 15:29]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c1699d-81ec-11db-bc15-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74212c89-81ed-11db-a5f9-00104b957563}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:58:31 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 14:36:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
.
**************************************************************************
.
Completion time: 2008-02-12 14:39:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 13:39:10
ComboFix2.txt 2008-02-11 08:42:13
ComboFix3.txt 2008-02-07 12:51:50
.
2008-01-10 08:05:02 --- E O F ---





Urageno......



A evoi ovo, odmah nakon combofixa :




Citat:Logfile of HijackThis v1.99.1
Scan saved at 14:43:13, on 12.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\LEO 2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.balkan.enliveninternational.com/rep.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: CLP-300 Status Monitor Service (SM_clp300_FUService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

to je to...pozdrav...

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje





Jos i ovo Smile


Hvala !

Ko je trenutno na forumu
 

Ukupno su 979 korisnika na forumu :: 66 registrovanih, 10 sakrivenih i 903 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., Batinas, Ben Roj, Bokkie, branko7, Bubimir, Buda Baba, bufanje, CallMeIshmael, Chainsaw, darkangel, Dejan84, Denaya, dok80, DonRumataEstorski, Ehinacea, Griffon vulture, hurmiza, ivica976, JOntra, kalens021, Konda, Kriglord, krlebgd77, kunktator, kuntalo, kybonacci, Lieutenant, ljuba, Lošmi, messerschmitt, mihajlot2013, mile23, Mimikrija, misa1xx, Mixelotti, Mlav, nenad81, Neutral-M, nobutado, Panter, proka89, proleter373, radoznao, raptorsi, raskoljnikov, rikirubio, rkekoke, RobinHood12, Rocker, rodoljub, Rogan33, segax1, slonic_tonic, Srle993, stagezin, Stuka76, Tas011, Tenk, theNedjeljko, Van, Visionary, VladaNS1978, zillbg, Zmaj Ognjeni Vuk