MyCity » Ambulanta -> Arhiva Ambulante » http://storageprotector.com/ - lepo me izmucio :)

http://storageprotector.com/ - lepo me izmucio :)

Napisano na dan: 7.2.2008
2

http://storageprotector.com/ - lepo me izmucio :)
Pagination Prethodna strana

Idi na vrh

Poslao: 12 Feb 2008 14:46
Idi na vrh
offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Citat:ComboFix 08-02.05.3 - LEO 2 2008-02-12 14:31:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.452 [GMT 1:00]
Running from: C:\Documents and Settings\LEO 2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\LEO 2\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-12 09:06 . 2008-02-12 09:06 <DIR> d-------- C:\Documents and Settings\LEO 2\Pavark
2008-02-11 12:19 . 2008-02-11 12:19 <DIR> d-------- C:\Program Files\IObit
2008-02-08 13:00 . 2007-11-27 22:51 35,216 --a------ C:\WINDOWS\system32\drivers\TMPassthru.sys
2008-02-08 12:47 . 2008-02-08 12:47 <DIR> d-------- C:\Program Files\Avira
2008-02-08 12:47 . 2008-02-08 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-08 12:22 . 2008-02-08 12:22 250 --a------ C:\WINDOWS\gmer.ini
2008-02-08 11:31 . 2008-02-08 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-08 11:17 . 2007-04-10 10:30 200,064 --a------ C:\WINDOWS\system32\wwww.dll
2008-02-08 11:09 . 2008-02-08 11:09 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-02-08 11:00 . 2008-02-08 11:01 <DIR> d-------- C:\Program Files\CCleaner
2008-02-08 10:46 . 2004-03-03 12:00 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-08 10:46 . 2004-03-03 06:09 290,816 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-02-07 14:41 . 2008-02-12 14:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-07 14:39 . 2008-02-07 14:39 <DIR> d-------- C:\Documents and Settings\LEO 2\Application Data\Bitdefender
2008-02-07 14:38 . 2008-02-07 14:38 <DIR> d-------- C:\Program Files\Softwin
2008-02-07 14:38 . 2008-02-07 14:39 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-02-07 14:38 . 2008-02-07 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-07 13:56 . 2008-02-09 09:15 <DIR> d-------- C:\VundoFix Backups
2008-02-07 13:26 . 2004-08-04 13:00 388,608 --a------ C:\kmd.exe
2008-02-07 11:24 . 2008-02-07 11:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-07 11:23 . 2008-02-07 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 15:29 . 2008-01-24 15:29 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-24 15:29 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-24 15:28 . 2008-01-24 15:30 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-24 15:28 . 2008-02-07 11:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 09:30 . 2008-01-23 09:30 <DIR> d-------- C:\Program Files\MyPlayCity.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 13:34 --------- d-----w C:\Program Files\Trillian
2008-02-12 13:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 18:22 --------- d-----w C:\Documents and Settings\LEO 2\Application Data\Skype
2008-02-08 12:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 12:00 --------- d-----w C:\Program Files\Trend Micro
2008-02-08 09:46 --------- d-----w C:\Program Files\ATI Technologies
2008-02-08 09:26 --------- d-----w C:\Documents and Settings\LEO 2\Application Data\ATI
2008-02-08 08:48 --------- d-----w C:\Program Files\Opera
2008-02-07 13:36 --------- d-----w C:\Program Files\MSN Messenger
2008-02-07 13:35 --------- d-----w C:\Program Files\NewSoft
2008-02-07 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 14:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-30 14:40 --------- d-----w C:\Program Files\FastStone Screen Capture
2008-01-11 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-11 11:06 --------- d-----w C:\Program Files\Windows Live
2008-01-11 10:10 140,288 ----a-w C:\WINDOWS\~GLC0001.TMP
2008-01-11 10:10 --------- d-----w C:\Program Files\Sebran
2008-01-11 10:06 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-01-10 13:19 --------- d-----w C:\Documents and Settings\LEO 2\Application Data\U3
2008-01-10 08:04 --------- d-----w C:\Program Files\The Weather Channel FW
2008-01-09 15:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-01-08 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-14 11:01 --------- d-----w C:\Program Files\Google
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2007-12-13 15:15 --------- d-----w C:\Program Files\EPSON
2007-11-22 13:55 336 ----a-w C:\Program Files\temp995.bat
2007-11-15 10:29 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-11-15 10:29 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2008-02-07 15:04 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00 335872]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-12-19 14:41:18 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-08-05 07:14]
R2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S0 FPA_RTP;FPA_RTP;C:\WINDOWS\system32\Drivers\FSTOPW.SYS []
S3 SM_clp300_FUService;CLP-300 Status Monitor Service;"C:\Program Files\Samsung\Samsung CLP-300 Series\SPanel\ssmsrvc []
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-24 15:29]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c1699d-81ec-11db-bc15-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74212c89-81ed-11db-a5f9-00104b957563}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:58:31 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 14:36:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
.
**************************************************************************
.
Completion time: 2008-02-12 14:39:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 13:39:10
ComboFix2.txt 2008-02-11 08:42:13
ComboFix3.txt 2008-02-07 12:51:50
.
2008-01-10 08:05:02 --- E O F ---





Urageno......



A evoi ovo, odmah nakon combofixa :




Citat:Logfile of HijackThis v1.99.1
Scan saved at 14:43:13, on 12.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\LEO 2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.balkan.enliveninternational.com/rep.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: CLP-300 Status Monitor Service (SM_clp300_FUService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Poslao: 13 Feb 2008 08:35
Idi na vrh
offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

to je to...pozdrav...

Poslao: 13 Feb 2008 16:52
Idi na vrh
offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje





Jos i ovo Smile


Hvala !

MyCity » Ambulanta -> Arhiva Ambulante » http://storageprotector.com/ - lepo me izmucio :)

Ko je trenutno na forumu
 

Ukupno su 867 korisnika na forumu :: 10 registrovanih, 1 sakriven i 856 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: comi_pfc, Darko_X, draggan, havoc995, pein, prle122, Shilok, stalja, zlaya011, šumar bk2