MyCity » Ambulanta -> Arhiva Ambulante » internet spor...

internet spor...

Napisano na dan: 28.12.2007

Strana:
1
2

internet spor...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

dankisha Poslao: 28 Dec 2007 09:31 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ADSL 512 je u pitanju. Podrska tvrdi da je sve u redu a brzina je i do 10 puta manja. Molim pomoc. Logfile of HijackThis v1.99.1 Scan saved at 9:30:46 AM, on 12/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\SRPSKEY.EXE C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe C:\Program Files\USB.Safely.Remove\USB.Safely.Remove\(zabranjeno)\USBSafelyRemove.exe C:\WINDOWS\svchost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Danko\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sweetim.com/installbar.asp?barid={516868D4-FC7C-4478-91C6-2F441409FA3F} R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB.Safely.Remove\USB.Safely.Remove\(zabranjeno)\USBSafelyRemove.exe /startup O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Block Level Filtering Service - Unknown owner - C:\WINDOWS\svchost.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

Profil

dr_Bora Poslao: 28 Dec 2007 11:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pokreni HT, skeniraj i čekiraj sledeće linije: O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O23 - Service: Block Level Filtering Service - Unknown owner - C:\WINDOWS\svchost.exe Klikni Fix Checked. ------------------------------------------------------------------------------------- Restartuj kompjuter. Skini ComboFix sa jedne od sledecih adresa i sačuvaj ga na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

dankisha Poslao: 28 Dec 2007 12:22 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da sam odradio kako treba: ComboFix 07-12-21.4 - Danko 2007-12-28 12:04:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.871 [GMT 1:00] Running from: C:\Documents and Settings\Danko\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll C:\WINDOWS\rs.txt C:\WINDOWS\svchost.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-27 08:35 . 2007-12-27 08:43 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-27 08:35 . 2007-12-27 08:35 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-27 08:34 . 2007-12-28 12:10 10,827,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-27 08:34 . 2007-12-28 12:08 146,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-27 08:34 . 2007-12-28 12:08 14,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-27 08:34 . 2007-12-28 12:08 2,372 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-26 09:23 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-12-26 09:23 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2007-12-24 14:59 . 2007-12-24 16:01 <DIR> d-------- C:\Program Files\ScanSpyware v3.8 2007-12-24 14:45 . 2007-12-24 14:45 <DIR> d-------- C:\Program Files\MT882 2007-12-24 14:45 . 2006-03-20 08:32 30,336 --a------ C:\WINDOWS\system32\drivers\glauiad.sys 2007-12-24 14:45 . 2006-03-22 10:59 19,220 --------- C:\WINDOWS\wwdslcfg.ini 2007-12-24 08:43 . 2007-12-24 08:43 38 --a------ C:\WINDOWS\avisplitter.INI 2007-12-23 12:48 . 2002-08-13 06:09 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2007-12-23 12:48 . 2002-08-13 06:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-12-23 11:58 . 2007-12-23 11:58 <DIR> d-------- C:\Program Files\Bazooka Scanner 2007-12-23 10:07 . 2007-12-23 11:55 <DIR> d-------- C:\Program Files\a2 2007-12-20 20:26 . 2007-12-21 08:47 2,803 --a------ C:\WINDOWS\CDPLAYER.INI 2007-12-20 20:24 . 2007-12-20 20:24 <DIR> d-------- C:\Program Files\MP3Producer 2007-12-20 20:24 . 2007-12-20 20:25 8 --a------ C:\WINDOWS\system32\ntP2.trk 2007-12-20 09:46 . 2007-12-20 09:46 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-19 10:53 . 2007-12-19 10:53 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\TeamViewer 2007-12-19 10:52 . 2007-12-19 10:52 <DIR> d-------- C:\Documents and Settings\Danko\temp 2007-12-19 10:40 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-18 17:33 . 2007-12-28 12:08 <DIR> d--hs---- C:\WINDOWS\system32\28463 2007-12-18 00:44 . 2007-12-18 00:44 219,664 --a------ C:\WINDOWS\system32\klogon.dll 2007-12-18 00:43 . 2007-12-18 00:43 23,396 --a------ C:\WINDOWS\system32\drivers\klopp.dat 2007-12-16 09:42 . 2007-12-16 09:42 <DIR> d-------- C:\Program Files\EPCTV 2007-12-14 08:54 . 2007-12-14 08:54 <DIR> d-------- C:\Program Files\USB.Safely.Remove 2007-12-14 08:54 . 2007-12-14 08:54 <DIR> d-------- C:\Program Files\USB Safely Remove 2007-12-14 08:44 . 2007-12-14 08:44 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\USBSafelyRemove 2007-12-13 13:28 . 2007-12-13 13:28 24,592 --a------ C:\WINDOWS\system32\drivers\klim5.sys 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\WINDOWS\system32\psconv 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\Program Files\psconvert 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\Program Files\8848Soft 2007-12-13 09:13 . 2003-04-11 18:28 679,109 --a------ C:\WINDOWS\FONTSDIR.MFD 2007-12-13 09:13 . 2001-10-29 01:42 116,224 --a------ C:\WINDOWS\system32\pdfmonnt.dll 2007-12-13 09:13 . 2007-12-13 09:13 164 --a------ C:\WINDOWS\system32\psconv.ini 2007-12-09 13:51 . 2007-12-09 13:51 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests 2007-12-09 12:45 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-09 12:44 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-09 12:44 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-12-09 12:36 . 2007-12-09 12:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-09 12:19 . 2007-12-09 12:19 6 --a------ C:\WINDOWS\youtubed.ocx 2007-12-09 12:11 . 2007-12-09 12:13 5 --a------ C:\WINDOWS\youtubex.dll 2007-12-09 12:10 . 2007-12-09 12:39 <DIR> d-------- C:\Program Files\YoutubeGet 2007-11-30 21:09 . 2007-11-30 21:09 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\CyberLink 2007-11-30 21:07 . 2007-11-30 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-30 21:05 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-11-30 21:03 . 2007-12-03 09:39 <DIR> d-------- C:\Program Files\CyberLink 2007-11-30 10:59 . 2007-11-30 10:59 <DIR> d-------- C:\Program Files\SCi Games 2007-11-30 09:32 . 2007-11-30 10:31 <DIR> d-------- C:\Program Files\TC UP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-28 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-27 07:34 --------- d-----w C:\Program Files\Kaspersky Lab 2007-12-27 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-23 11:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-23 07:32 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-12-21 13:39 --------- d-----w C:\Program Files\FaceOnBody 2007-12-21 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaceOnBody 2007-12-16 08:45 --------- d-----w C:\Program Files\Super Internet TV 2007-12-09 11:53 --------- d-----w C:\Program Files\Winamp 2007-12-09 09:58 --------- d-----w C:\Documents and Settings\Danko\Application Data\dvdcss 2007-12-08 09:48 --------- d-----w C:\Program Files\eMule 2007-12-08 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-30 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 09:11 --------- d-----w C:\Program Files\NASA 2007-11-16 07:53 --------- d-----w C:\Program Files\Analogue Vista Clock 2007-11-13 19:52 --------- d-----w C:\Program Files\Replay Converter 2007-11-13 08:00 --------- d-----w C:\Program Files\Jufsoft 2007-11-13 07:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback 2007-11-10 13:40 --------- d-----w C:\Program Files\Xilisoft 2007-11-09 17:04 --------- d-----w C:\Program Files\YouTube Downloader 2007-10-31 12:41 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2007-08-17 14:33 48 ----a-w C:\Program Files\NowOnAir.txt 2007-08-17 14:33 42 ----a-w C:\Program Files\NowOnAir.xml.new 2007-08-17 14:33 408 ----a-w C:\Program Files\NowOnAir.xml 2007-06-03 11:41 880,640 ----a-w C:\Program Files\common.dll 2007-06-03 11:41 651,264 ----a-w C:\Program Files\googleearth.dll 2007-06-03 11:41 180,224 ----a-w C:\Program Files\measure.dll 2007-06-03 11:41 126,976 ----a-w C:\Program Files\gps.dll 2007-05-24 15:49 1,654,784 ----a-w C:\Program Files\evll.dll 2007-05-06 09:20 106,496 ----a-w C:\Program Files\gisingest.dll 2007-05-06 09:19 245,760 ----a-w C:\Program Files\theme.dll 2007-05-06 09:19 143,360 ----a-w C:\Program Files\capture.dll 2007-05-06 09:11 4,345,856 ----a-w C:\Program Files\gdal13.dll 2007-05-06 09:08 0 ----a-w C:\Program Files\kh20 2006-10-02 12:07 6,324,224 ----a-w C:\Program Files\JZRADIO.exe.bak 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} {E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-07-08 09:33 266240] [HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Analogue Vista Clock"="C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe" [2007-11-14 19:38] "USB Safely Remove"="C:\Program Files\USB.Safely.Remove\USB.Safely.Remove\(zabranjeno)\USBSafelyRemove.exe" [2007-11-22 20:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2006-04-24 11:10] "YFFC Agent"="C:\WINDOWS\system32\28463\YFFC.exe" [2007-12-18 17:33] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Jazler Studio Auto Startup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Jazler Studio Auto Startup.lnk backup=C:\WINDOWS\pss\Jazler Studio Auto Startup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] 2007-12-18 00:43 227856 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-08-03 11:51 202024 --a------ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 08:25 1828136 --a------ C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srpskey] 2006-04-24 11:10 34304 --a------ C:\WINDOWS\SYSTEM32\SRPSKEY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pctspk"=2 (0x2) "ose"=3 (0x3) "NVSvc"=2 (0x2) "IDriverT"=3 (0x3) "AVP"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b754e0aa-138e-11dc-a3cc-001802f415d0}] \Shell\Auto\command - Long.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe . Contents of the 'Scheduled Tasks' folder "2007-12-21 16:32:46 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . Napomena: KIS se javio posle restarta "not found: Trojan program Trojan.Win32.Inject.ph File: C:\Documents and Settings\Danko\Desktop\ComboFix.exe//PE_Patch.UPX/catchme.cfexe//PE_Patch.UPX//#" ...da nije zasmetao ComboFix-u?

Profil

dr_Bora Poslao: 28 Dec 2007 23:12 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Privremeno isključi KIS, a zatim... Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\Program Files\ScanSpyware v3.8 Driver:: Block Level Filtering Service Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b754e0aa-138e-11dc-a3cc-001802f415d0}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Takođe, postavi i novi HT log.

Profil

dankisha Poslao: 29 Dec 2007 08:42 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-12-21.4 - Danko 2007-12-29 8:28:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.907 [GMT 1:00] Running from: C:\Documents and Settings\Danko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Danko\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ScanSpyware v3.8 C:\Program Files\ScanSpyware v3.8\ssdb120907.db C:\Program Files\ScanSpyware v3.8\ssdb121707.db . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll C:\WINDOWS\rs.txt C:\WINDOWS\svchost.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_BLOCK_LEVEL_FILTERING_SERVICE -------\Block Level Filtering Service ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-27 08:35 . 2007-12-27 08:43 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-27 08:35 . 2007-12-27 08:35 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-27 08:34 . 2007-12-29 08:34 11,157,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-27 08:34 . 2007-12-29 08:32 150,476 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-27 08:34 . 2007-12-29 08:32 20,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-27 08:34 . 2007-12-29 08:32 2,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-26 09:23 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-12-26 09:23 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2007-12-24 14:45 . 2007-12-24 14:45 <DIR> d-------- C:\Program Files\MT882 2007-12-24 14:45 . 2006-03-20 08:32 30,336 --a------ C:\WINDOWS\system32\drivers\glauiad.sys 2007-12-24 14:45 . 2006-03-22 10:59 19,220 --------- C:\WINDOWS\wwdslcfg.ini 2007-12-24 08:43 . 2007-12-24 08:43 38 --a------ C:\WINDOWS\avisplitter.INI 2007-12-23 12:48 . 2002-08-13 06:09 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2007-12-23 12:48 . 2002-08-13 06:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-12-23 11:58 . 2007-12-23 11:58 <DIR> d-------- C:\Program Files\Bazooka Scanner 2007-12-23 10:07 . 2007-12-23 11:55 <DIR> d-------- C:\Program Files\a2 2007-12-20 20:26 . 2007-12-21 08:47 2,803 --a------ C:\WINDOWS\CDPLAYER.INI 2007-12-20 20:24 . 2007-12-20 20:24 <DIR> d-------- C:\Program Files\MP3Producer 2007-12-20 20:24 . 2007-12-20 20:25 8 --a------ C:\WINDOWS\system32\ntP2.trk 2007-12-20 09:46 . 2007-12-20 09:46 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-19 10:53 . 2007-12-19 10:53 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\TeamViewer 2007-12-19 10:52 . 2007-12-19 10:52 <DIR> d-------- C:\Documents and Settings\Danko\temp 2007-12-19 10:40 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-18 17:33 . 2007-12-29 08:36 <DIR> d--hs---- C:\WINDOWS\system32\28463 2007-12-18 00:44 . 2007-12-18 00:44 219,664 --a------ C:\WINDOWS\system32\klogon.dll 2007-12-18 00:43 . 2007-12-18 00:43 23,396 --a------ C:\WINDOWS\system32\drivers\klopp.dat 2007-12-16 09:42 . 2007-12-16 09:42 <DIR> d-------- C:\Program Files\EPCTV 2007-12-14 08:54 . 2007-12-14 08:54 <DIR> d-------- C:\Program Files\USB.Safely.Remove 2007-12-14 08:54 . 2007-12-14 08:54 <DIR> d-------- C:\Program Files\USB Safely Remove 2007-12-14 08:44 . 2007-12-14 08:44 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\USBSafelyRemove 2007-12-13 13:28 . 2007-12-13 13:28 24,592 --a------ C:\WINDOWS\system32\drivers\klim5.sys 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\WINDOWS\system32\psconv 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\Program Files\psconvert 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\Program Files\8848Soft 2007-12-13 09:13 . 2003-04-11 18:28 679,109 --a------ C:\WINDOWS\FONTSDIR.MFD 2007-12-13 09:13 . 2001-10-29 01:42 116,224 --a------ C:\WINDOWS\system32\pdfmonnt.dll 2007-12-13 09:13 . 2007-12-13 09:13 164 --a------ C:\WINDOWS\system32\psconv.ini 2007-12-09 13:51 . 2007-12-09 13:51 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests 2007-12-09 12:45 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-09 12:44 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-09 12:44 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-12-09 12:36 . 2007-12-09 12:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-09 12:19 . 2007-12-09 12:19 6 --a------ C:\WINDOWS\youtubed.ocx 2007-12-09 12:11 . 2007-12-09 12:13 5 --a------ C:\WINDOWS\youtubex.dll 2007-12-09 12:10 . 2007-12-09 12:39 <DIR> d-------- C:\Program Files\YoutubeGet 2007-11-30 21:09 . 2007-11-30 21:09 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\CyberLink 2007-11-30 21:07 . 2007-11-30 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-30 21:05 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-11-30 21:03 . 2007-12-03 09:39 <DIR> d-------- C:\Program Files\CyberLink 2007-11-30 10:59 . 2007-11-30 10:59 <DIR> d-------- C:\Program Files\SCi Games 2007-11-30 09:32 . 2007-11-30 10:31 <DIR> d-------- C:\Program Files\TC UP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-29 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-27 07:34 --------- d-----w C:\Program Files\Kaspersky Lab 2007-12-27 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-23 11:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-23 07:32 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-12-21 13:39 --------- d-----w C:\Program Files\FaceOnBody 2007-12-21 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaceOnBody 2007-12-16 08:45 --------- d-----w C:\Program Files\Super Internet TV 2007-12-09 11:53 --------- d-----w C:\Program Files\Winamp 2007-12-09 09:58 --------- d-----w C:\Documents and Settings\Danko\Application Data\dvdcss 2007-12-08 09:48 --------- d-----w C:\Program Files\eMule 2007-12-08 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-30 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 09:11 --------- d-----w C:\Program Files\NASA 2007-11-16 07:53 --------- d-----w C:\Program Files\Analogue Vista Clock 2007-11-13 19:52 --------- d-----w C:\Program Files\Replay Converter 2007-11-13 08:00 --------- d-----w C:\Program Files\Jufsoft 2007-11-13 07:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback 2007-11-10 13:40 --------- d-----w C:\Program Files\Xilisoft 2007-11-09 17:04 --------- d-----w C:\Program Files\YouTube Downloader 2007-10-31 12:41 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2007-08-17 14:33 48 ----a-w C:\Program Files\NowOnAir.txt 2007-08-17 14:33 42 ----a-w C:\Program Files\NowOnAir.xml.new 2007-08-17 14:33 408 ----a-w C:\Program Files\NowOnAir.xml 2007-06-03 11:41 880,640 ----a-w C:\Program Files\common.dll 2007-06-03 11:41 651,264 ----a-w C:\Program Files\googleearth.dll 2007-06-03 11:41 180,224 ----a-w C:\Program Files\measure.dll 2007-06-03 11:41 126,976 ----a-w C:\Program Files\gps.dll 2007-05-24 15:49 1,654,784 ----a-w C:\Program Files\evll.dll 2007-05-06 09:20 106,496 ----a-w C:\Program Files\gisingest.dll 2007-05-06 09:19 245,760 ----a-w C:\Program Files\theme.dll 2007-05-06 09:19 143,360 ----a-w C:\Program Files\capture.dll 2007-05-06 09:11 4,345,856 ----a-w C:\Program Files\gdal13.dll 2007-05-06 09:08 0 ----a-w C:\Program Files\kh20 2006-10-02 12:07 6,324,224 ----a-w C:\Program Files\JZRADIO.exe.bak 2001-11-23 12:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-28_12.12.21.66 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} {E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-07-08 09:33 266240] [HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Analogue Vista Clock"="C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe" [2007-11-14 19:38] "USB Safely Remove"="C:\Program Files\USB.Safely.Remove\USB.Safely.Remove\(zabranjeno)\USBSafelyRemove.exe" [2007-11-22 20:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2006-04-24 11:10] "YFFC Agent"="C:\WINDOWS\system32\28463\YFFC.exe" [2007-12-18 17:33] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Jazler Studio Auto Startup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Jazler Studio Auto Startup.lnk backup=C:\WINDOWS\pss\Jazler Studio Auto Startup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] 2007-12-18 00:43 227856 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-08-03 11:51 202024 --a------ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 08:25 1828136 --a------ C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srpskey] 2006-04-24 11:10 34304 --a------ C:\WINDOWS\SYSTEM32\SRPSKEY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pctspk"=2 (0x2) "ose"=3 (0x3) "NVSvc"=2 (0x2) "IDriverT"=3 (0x3) "AVP"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-12-21 16:32:46 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 08:35:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\28463\YFFC.exe [2356] 0x88B51B90 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180] -> C:\WINDOWS\SYSTEM32\srpskeyh3.dll C:\WINDOWS\system32\28463\YFFC.006 C:\WINDOWS\system32\28463\YFFC.007 . Completion time: 2007-12-29 8:38:53 - machine was rebooted [Danko] Logfile of HijackThis v1.99.1 Scan saved at 8:41:24 AM, on 12/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\SYSTEM32\SRPSKEY.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe C:\Program Files\USB.Safely.Remove\USB.Safely.Remove\(zabranjeno)\USBSafelyRemove.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Danko\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sweetim.com/installbar.asp?barid={516868D4-FC7C-4478-91C6-2F441409FA3F} R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB.Safely.Remove\USB.Safely.Remove\(zabranjeno)\USBSafelyRemove.exe /startup O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

Profil

dr_Bora Poslao: 29 Dec 2007 09:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet je potrebno isključiti KIS... Otvoriti Notepad i iskopirati sledeci tekst: `Rootkit:: C:\WINDOWS\system32\28463\YFFC.exe Folder:: C:\WINDOWS\system32\28463 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YFFC Agent"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

dankisha Poslao: 29 Dec 2007 10:08 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-12-21.4 - Danko 2007-12-29 10:00:42.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.783 [GMT 1:00] Running from: C:\Documents and Settings\Danko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Danko\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\28463 C:\WINDOWS\system32\28463\AKV.exe C:\WINDOWS\system32\28463\YFFC.001 C:\WINDOWS\system32\28463\YFFC.002 C:\WINDOWS\system32\28463\YFFC.005 C:\WINDOWS\system32\28463\YFFC.006 C:\WINDOWS\system32\28463\YFFC.007 C:\WINDOWS\system32\28463\YFFC.009 C:\WINDOWS\system32\28463\YFFC.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-26 09:23 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-12-26 09:23 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2007-12-24 14:45 . 2007-12-24 14:45 <DIR> d-------- C:\Program Files\MT882 2007-12-24 14:45 . 2006-03-20 08:32 30,336 --a------ C:\WINDOWS\system32\drivers\glauiad.sys 2007-12-24 14:45 . 2006-03-22 10:59 19,220 --------- C:\WINDOWS\wwdslcfg.ini 2007-12-24 08:43 . 2007-12-24 08:43 38 --a------ C:\WINDOWS\avisplitter.INI 2007-12-23 12:48 . 2002-08-13 06:09 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2007-12-23 12:48 . 2002-08-13 06:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-12-23 11:58 . 2007-12-23 11:58 <DIR> d-------- C:\Program Files\Bazooka Scanner 2007-12-23 10:07 . 2007-12-23 11:55 <DIR> d-------- C:\Program Files\a2 2007-12-20 20:26 . 2007-12-21 08:47 2,803 --a------ C:\WINDOWS\CDPLAYER.INI 2007-12-20 20:24 . 2007-12-20 20:24 <DIR> d-------- C:\Program Files\MP3Producer 2007-12-20 20:24 . 2007-12-20 20:25 8 --a------ C:\WINDOWS\system32\ntP2.trk 2007-12-20 09:46 . 2007-12-20 09:46 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-19 10:53 . 2007-12-19 10:53 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\TeamViewer 2007-12-19 10:52 . 2007-12-19 10:52 <DIR> d-------- C:\Documents and Settings\Danko\temp 2007-12-19 10:40 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-16 09:42 . 2007-12-16 09:42 <DIR> d-------- C:\Program Files\EPCTV 2007-12-14 08:54 . 2007-12-14 08:54 <DIR> d-------- C:\Program Files\USB.Safely.Remove 2007-12-14 08:54 . 2007-12-14 08:54 <DIR> d-------- C:\Program Files\USB Safely Remove 2007-12-14 08:44 . 2007-12-14 08:44 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\USBSafelyRemove 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\WINDOWS\system32\psconv 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\Program Files\psconvert 2007-12-13 09:13 . 2007-12-13 09:13 <DIR> d-------- C:\Program Files\8848Soft 2007-12-13 09:13 . 2003-04-11 18:28 679,109 --a------ C:\WINDOWS\FONTSDIR.MFD 2007-12-13 09:13 . 2001-10-29 01:42 116,224 --a------ C:\WINDOWS\system32\pdfmonnt.dll 2007-12-13 09:13 . 2007-12-13 09:13 164 --a------ C:\WINDOWS\system32\psconv.ini 2007-12-09 13:51 . 2007-12-09 13:51 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests 2007-12-09 12:45 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-09 12:44 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-09 12:44 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-12-09 12:36 . 2007-12-09 12:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-09 12:19 . 2007-12-09 12:19 6 --a------ C:\WINDOWS\youtubed.ocx 2007-12-09 12:11 . 2007-12-09 12:13 5 --a------ C:\WINDOWS\youtubex.dll 2007-12-09 12:10 . 2007-12-09 12:39 <DIR> d-------- C:\Program Files\YoutubeGet 2007-11-30 21:09 . 2007-11-30 21:09 <DIR> d-------- C:\Documents and Settings\Danko\Application Data\CyberLink 2007-11-30 21:07 . 2007-11-30 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-30 21:05 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-11-30 21:03 . 2007-12-03 09:39 <DIR> d-------- C:\Program Files\CyberLink 2007-11-30 10:59 . 2007-11-30 10:59 <DIR> d-------- C:\Program Files\SCi Games 2007-11-30 09:32 . 2007-11-30 10:31 <DIR> d-------- C:\Program Files\TC UP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-29 08:56 --------- d-----w C:\Program Files\Kaspersky Lab 2007-12-29 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-27 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-23 11:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-23 07:32 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-12-21 13:39 --------- d-----w C:\Program Files\FaceOnBody 2007-12-21 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaceOnBody 2007-12-16 08:45 --------- d-----w C:\Program Files\Super Internet TV 2007-12-09 11:53 --------- d-----w C:\Program Files\Winamp 2007-12-09 09:58 --------- d-----w C:\Documents and Settings\Danko\Application Data\dvdcss 2007-12-08 09:48 --------- d-----w C:\Program Files\eMule 2007-12-08 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-30 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 09:11 --------- d-----w C:\Program Files\NASA 2007-11-16 07:53 --------- d-----w C:\Program Files\Analogue Vista Clock 2007-11-13 19:52 --------- d-----w C:\Program Files\Replay Converter 2007-11-13 08:00 --------- d-----w C:\Program Files\Jufsoft 2007-11-13 07:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback 2007-11-10 13:40 --------- d-----w C:\Program Files\Xilisoft 2007-11-09 17:04 --------- d-----w C:\Program Files\YouTube Downloader 2007-08-17 14:33 48 ----a-w C:\Program Files\NowOnAir.txt 2007-08-17 14:33 42 ----a-w C:\Program Files\NowOnAir.xml.new 2007-08-17 14:33 408 ----a-w C:\Program Files\NowOnAir.xml 2007-06-03 11:41 880,640 ----a-w C:\Program Files\common.dll 2007-06-03 11:41 651,264 ----a-w C:\Program Files\googleearth.dll 2007-06-03 11:41 180,224 ----a-w C:\Program Files\measure.dll 2007-06-03 11:41 126,976 ----a-w C:\Program Files\gps.dll 2007-05-24 15:49 1,654,784 ----a-w C:\Program Files\evll.dll 2007-05-06 09:20 106,496 ----a-w C:\Program Files\gisingest.dll 2007-05-06 09:19 245,760 ----a-w C:\Program Files\theme.dll 2007-05-06 09:19 143,360 ----a-w C:\Program Files\capture.dll 2007-05-06 09:11 4,345,856 ----a-w C:\Program Files\gdal13.dll 2007-05-06 09:08 0 ----a-w C:\Program Files\kh20 2006-10-02 12:07 6,324,224 ----a-w C:\Program Files\JZRADIO.exe.bak 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-28_12.12.21.66 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} {E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-07-08 09:33 266240] [HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Analogue Vista Clock"="C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe" [2007-11-14 19:38] "USB Safely Remove"="C:\Program Files\USB.Safely.Remove\USB.Safely.Remove\(zabranjeno)\USBSafelyRemove.exe" [2007-11-22 20:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2006-04-24 11:10] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Jazler Studio Auto Startup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Jazler Studio Auto Startup.lnk backup=C:\WINDOWS\pss\Jazler Studio Auto Startup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-08-03 11:51 202024 --a------ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 08:25 1828136 --a------ C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srpskey] 2006-04-24 11:10 34304 --a------ C:\WINDOWS\SYSTEM32\SRPSKEY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pctspk"=2 (0x2) "ose"=3 (0x3) "NVSvc"=2 (0x2) "IDriverT"=3 (0x3) "AVP"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) R0 XMS1563K;XMS1563K;C:\WINDOWS\system32\drivers\XMS1563K.sys [2007-06-05 18:13] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 08:25] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs [] R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 14:28] S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50] S3 WINIO;WINIO;D:\winio.sys [] S4 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 23:36] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-12-21 16:32:46 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 10:05:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180] -> C:\WINDOWS\SYSTEM32\srpskeyh3.dll . Completion time: 2007-12-29 10:07:02 - machine was rebooted C:\ComboFix2.txt ... 2007-12-29 08:38

Profil

dr_Bora Poslao: 29 Dec 2007 10:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Primetiš li neke konkretne probleme?

Profil

dankisha Poslao: 29 Dec 2007 10:44 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cini se da sve radi OK. Mozes li mi ukratko reci sta se dogodilo. I HVALA puno. Vec drugi put mi pomazes, ako se nekad sretnemo - gajba piva.

Profil

dr_Bora Poslao: 29 Dec 2007 22:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » internet spor...

Ko je trenutno na forumu

Ukupno su 791 korisnika na forumu :: 5 registrovanih, 2 sakrivenih i 784 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: goxin, mgolub, MilosKop, S-lash, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by