MyCity » Ambulanta -> Arhiva Ambulante » izgleda da sam pokupio nesto opasno

izgleda da sam pokupio nesto opasno

Napisano na dan: 26.3.2009

Strana:
1
2

izgleda da sam pokupio nesto opasno

Sledeća strana

Pagination

Odgovori

Strana:
1
2

lazio Poslao: 26 Mar 2009 10:10 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:03:39 AM, on 3/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ekhwp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP .exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\SERVIS\Desktop\New Folder\TR3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTDI.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTDI.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTDI.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ekhwp] C:\WINDOWS\system32\ekhwp.exe \u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [32NFG94-H61-2SF-N1P-5M1ERH6L6] C:\RECYCLER\S-1-5-21-2264224754-0585302854-501895927-3940\winIgn.exe O4 - HKCU\..\Run: [12CFG515-K641-55SF-N55P] C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 6603 bytes

Profil

diarno Poslao: 26 Mar 2009 10:29 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da si pokupio gamad-jesi... a dal je opasno.. uskoro cemo saznati Uradi sledece : * Klikni desnim tasterom na McAfee Antivirus ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Exit. * Kada se pojavi upit o isključivanju, klikni Yes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

lazio Poslao: 26 Mar 2009 10:54 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo izvestaja od comba ComboFix 09-03-25.03 - SERVIS 2009-03-26 10:42:57.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1006 [GMT 1:00] Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise On-access scanning disabled (Outdated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\olhrwef.exe . ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-25 13:20 . 2009-03-25 13:44 23,052 -rahs---- c:\windows\system32\olhrwef.exe588736431 2009-03-25 13:20 . 2009-03-25 14:58 23,052 --a------ c:\windows\system32\olhrwef.exe2958778741 2009-03-25 13:20 . 2009-03-25 13:20 23,052 -rahs---- c:\windows\system32\olhrwef.exe1428382195 2009-03-25 10:28 . 2008-04-24 13:33 512,000 --a------ c:\windows\system32\zinlogon.tmp 2009-03-25 10:25 . 2009-03-25 10:25 30,464 --a------ c:\windows\system32\drivers\acpi32.sys 2009-03-25 10:24 . 2009-03-25 10:23 32,256 --a------ c:\windows\system32\ekhwp.exe 2009-03-25 10:24 . 2009-03-25 10:23 32,256 ---h----- c:\documents and settings\SERVIS\tprrnd.exe 2009-03-25 10:23 . 2009-03-25 10:23 163,840 --a------ c:\windows\system32\nvtpm32.dll 2009-03-25 10:23 . 2009-03-25 10:23 97,280 --a------ c:\windows\system32\azton.mt 2009-03-25 10:23 . 2009-03-26 09:27 64,512 --a------ c:\windows\system32\ewf3.pxf 2009-03-25 10:23 . 2009-03-25 10:23 32,768 --a------ c:\windows\system32\fe3.wa 2009-03-25 09:54 . 2009-03-25 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware 2009-03-24 13:21 . 2009-03-24 13:22 42 --a------ c:\documents and settings\SERVIS\Application Data\svighost.dll 2009-03-24 13:20 . 2009-03-24 13:20 <DIR> d-------- c:\program files\USBScan 2009-03-21 12:17 . 2009-03-26 10:20 <DIR> d-------- C:\QUARANTINE 2009-03-20 14:46 . 2009-03-20 14:46 69 --a------ c:\windows\NeroDigital.ini 2009-03-20 11:04 . 2009-03-20 11:05 <DIR> d-------- c:\program files\SopCast 2009-03-19 13:57 . 2009-03-19 15:44 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\vlc 2009-03-19 13:52 . 2009-03-19 13:53 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\MozillaControl 2009-03-19 13:52 . 2009-03-19 13:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher 2009-03-19 13:52 . 2009-03-19 13:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc 2009-03-19 13:51 . 2009-03-19 13:51 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12 2009-03-19 13:50 . 2009-03-19 13:50 <DIR> d-------- c:\program files\VideoLAN 2009-03-19 13:50 . 2009-03-19 13:51 <DIR> d-------- c:\program files\Graboid 2009-03-19 10:11 . 2009-03-19 10:15 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\Ahead 2009-03-19 10:07 . 2009-03-19 10:07 <DIR> d-------- c:\program files\Nero 2009-03-19 10:07 . 2009-03-19 10:13 <DIR> d-------- c:\program files\Common Files\Ahead 2009-03-19 09:08 . 2009-03-19 09:07 110,053 -r-hs---- C:\q0dhfjf.exe 2009-03-18 12:50 . 2009-03-18 12:50 <DIR> d-------- c:\program files\TDI 2009-03-18 12:50 . 2009-03-18 12:50 <DIR> d-------- c:\program files\Conduit 2009-03-18 11:43 . 2009-03-20 14:26 <DIR> d-------- c:\program files\nLite 2009-03-17 16:25 . 2009-03-21 14:35 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\BSplayer Pro 2009-03-17 16:24 . 2009-03-17 16:24 <DIR> d-------- c:\program files\Webteh 2009-03-17 16:23 . 2009-03-17 16:23 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\Media Player Classic 2009-03-16 09:06 . 2009-03-17 09:04 111,435 -r-hs---- C:\luk1ylq.com 2009-03-14 14:07 . 2009-03-24 09:08 109,692 -rahs---- c:\windows\system32\olhrwef .exe 2009-03-14 14:07 . 2009-03-25 10:24 23,052 --a------ c:\windows\system32\olhrwef.exe2628598895 2009-03-14 09:42 . 2009-03-14 09:42 <DIR> d-------- c:\program files\Java 2009-03-14 09:42 . 2009-03-14 09:42 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-14 09:42 . 2009-03-14 09:42 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-13 22:56 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-13 22:56 . 2009-03-13 22:56 376 --a------ c:\windows\ODBC.INI 2009-03-13 22:54 . 2009-03-13 22:54 <DIR> d-------- c:\program files\Common Files\L&H 2009-03-13 22:53 . 2009-03-13 22:53 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-13 22:53 . 2009-03-13 22:53 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-13 22:52 . 2009-03-13 22:52 <DIR> d-------- c:\program files\Microsoft Works 2009-03-13 22:51 . 2009-03-13 22:53 <DIR> d-------- c:\windows\SHELLNEW 2009-03-13 22:48 . 2009-03-13 22:48 <DIR> dr-h----- C:\MSOCache 2009-03-13 22:44 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-13 22:43 . 2009-03-13 22:43 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-03-13 22:43 . 2008-03-21 21:30 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-03-13 22:43 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll 2009-03-13 22:43 . 2008-03-31 22:25 682,496 --a------ c:\windows\system32\divx.dll 2009-03-13 22:43 . 2006-09-24 16:11 389,120 --a------ c:\windows\system32\lameACM.acm 2009-03-13 22:43 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-03-13 22:43 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll 2009-03-13 22:43 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll 2009-03-13 22:43 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-13 22:43 . 2008-03-21 21:28 81,920 --a------ c:\windows\system32\dpl100.dll 2009-03-13 22:43 . 2008-03-28 18:41 7,680 --a------ c:\windows\system32\ff_vfw.dll 2009-03-13 22:43 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-03-13 22:43 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml 2009-03-13 22:42 . 2009-03-13 22:44 <DIR> d-------- c:\program files\Common Files\Adobe 2009-03-13 11:14 . 2009-03-13 11:14 603,904 --a------ c:\windows\system32\TUProgSt.exe 2009-03-13 11:14 . 2009-03-13 11:14 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2009-03-13 11:14 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll 2009-03-13 11:12 . 2009-03-23 09:38 <DIR> d-------- c:\program files\TuneUp Utilities 2009 2009-03-13 11:12 . 2009-03-13 11:12 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\TuneUp Software 2009-03-13 11:12 . 2009-03-13 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-03-13 11:11 . 2009-03-13 11:11 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-13 11:07 . 2009-03-13 11:07 <DIR> d-------- c:\program files\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-25 09:23 578,560 ----a-w c:\windows\system32\user32.DLL 2009-01-16 07:19 1,614,848 ----a-w c:\windows\system32\sfcfiles.dll 2009-01-10 07:58 990,208 ----a-w c:\windows\system32\syssetup.dll 2002-01-03 21:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012002010320020104\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] 2009-03-10 11:47 2079256 --a------ c:\program files\TDI\tbTDI.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{964ED5ED-9595-43A1-BD83-9F831B5DBE7F}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2009-03-26 23052] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-03-26 23052] "ekhwp"="c:\windows\system32\ekhwp.exe" [2009-03-25 32256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Winamp\\winampa.exe"= "c:\\Documents and Settings\\SERVIS\\tprrnd.exe"= "c:\\WINDOWS\\system32\\ekhwp.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2002-01-03 67904] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-13 603904] S2 acpi32;acpi32;c:\windows\system32\drivers\acpi32.sys [2009-03-25 30464] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2002-01-03 64432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59509d7b-0093-11d6-aee6-806d6172696f}] \Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN \Shell\configure\command - E:\SETUP.EXE \Shell\install\command - E:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a194e63-1536-11de-a6d5-001731315163}] \Shell\AutoRun\command - G:\xsia.bat \Shell\open\Command - G:\xsia.bat . Contents of the 'Scheduled Tasks' folder 2009-03-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-03-25 c:\windows\Tasks\Pareto UNS.job - c:\program files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe HKCU-Run-32NFG94-H61-2SF-N1P-5M1ERH6L6 - c:\recycler\S-1-5-21-2264224754-0585302854-501895927-3940\winIgn.exe HKCU-Run-12CFG515-K641-55SF-N55P - c:\recycler\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe HKCU-Run-12CFG515-K641-55SF-N66P - c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-26 10:45:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-26 10:47:50 ComboFix-quarantined-files.txt 2009-03-26 09:47:46 ComboFix2.txt 2009-03-26 09:00:12 Pre-Run: 20,898,287,616 bytes free Post-Run: 20,888,854,528 bytes free 190

Profil

diarno Poslao: 26 Mar 2009 12:05 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Simpaticnu kolekciju ti ovde imas Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\olhrwef.exe588736431 c:\windows\system32\olhrwef.exe2958778741 c:\windows\system32\olhrwef.exe1428382195 c:\windows\system32\zinlogon.tmp c:\windows\system32\drivers\acpi32.sys c:\windows\system32\ekhwp.exe c:\documents and settings\SERVIS\tprrnd.exe c:\windows\system32\nvtpm32.dll c:\windows\system32\azton.mt c:\windows\system32\ewf3.pxf c:\documents and settings\SERVIS\Application Data\svighost.dll C:\q0dhfjf.exe C:\luk1ylq.com c:\windows\system32\olhrwef.exe2628598895 Driver:: acpi32 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ekhwp"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\ekhwp.exe"=- "c:\\Documents and Settings\\SERVIS\\tprrnd.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a194e63-1536-11de-a6d5-001731315163}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

lazio Poslao: 26 Mar 2009 12:25 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-25.03 - SERVIS 2009-03-26 12:11:23.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.987 [GMT 1:00] Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\SERVIS\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise On-access scanning disabled (Outdated) * Created a new restore point FILE :: c:\documents and settings\SERVIS\Application Data\svighost.dll c:\documents and settings\SERVIS\tprrnd.exe C:\luk1ylq.com C:\q0dhfjf.exe c:\windows\system32\azton.mt c:\windows\system32\drivers\acpi32.sys c:\windows\system32\ekhwp.exe c:\windows\system32\ewf3.pxf c:\windows\system32\nvtpm32.dll c:\windows\system32\olhrwef.exe1428382195 c:\windows\system32\olhrwef.exe2628598895 c:\windows\system32\olhrwef.exe2958778741 c:\windows\system32\olhrwef.exe588736431 c:\windows\system32\zinlogon.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\SERVIS\Application Data\svighost.dll c:\documents and settings\SERVIS\tprrnd.exe C:\luk1ylq.com C:\q0dhfjf.exe c:\windows\system32\azton.mt c:\windows\system32\drivers\acpi32.sys c:\windows\system32\ekhwp.exe c:\windows\system32\ewf3.pxf c:\windows\system32\nvtpm32.dll c:\windows\system32\olhrwef.exe1428382195 c:\windows\system32\olhrwef.exe2628598895 c:\windows\system32\olhrwef.exe2958778741 c:\windows\system32\olhrwef.exe588736431 c:\windows\system32\zinlogon.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPI32 -------\Service_acpi32 ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-26 11:25 . 2009-03-26 11:33 <DIR> d-------- c:\program files\DriverGuide Toolkit 2009-03-25 10:23 . 2009-03-25 10:23 32,768 --a------ c:\windows\system32\fe3.wa 2009-03-25 09:54 . 2009-03-25 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware 2009-03-24 13:20 . 2009-03-24 13:20 <DIR> d-------- c:\program files\USBScan 2009-03-21 12:17 . 2009-03-26 10:20 <DIR> d-------- C:\QUARANTINE 2009-03-20 14:46 . 2009-03-20 14:46 69 --a------ c:\windows\NeroDigital.ini 2009-03-20 11:04 . 2009-03-20 11:05 <DIR> d-------- c:\program files\SopCast 2009-03-19 13:57 . 2009-03-19 15:44 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\vlc 2009-03-19 13:52 . 2009-03-19 13:53 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\MozillaControl 2009-03-19 13:52 . 2009-03-19 13:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher 2009-03-19 13:52 . 2009-03-19 13:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc 2009-03-19 13:51 . 2009-03-19 13:51 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12 2009-03-19 13:50 . 2009-03-19 13:50 <DIR> d-------- c:\program files\VideoLAN 2009-03-19 13:50 . 2009-03-19 13:51 <DIR> d-------- c:\program files\Graboid 2009-03-19 10:11 . 2009-03-19 10:15 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\Ahead 2009-03-19 10:07 . 2009-03-19 10:07 <DIR> d-------- c:\program files\Nero 2009-03-19 10:07 . 2009-03-19 10:13 <DIR> d-------- c:\program files\Common Files\Ahead 2009-03-18 12:50 . 2009-03-18 12:50 <DIR> d-------- c:\program files\TDI 2009-03-18 12:50 . 2009-03-18 12:50 <DIR> d-------- c:\program files\Conduit 2009-03-18 11:43 . 2009-03-20 14:26 <DIR> d-------- c:\program files\nLite 2009-03-17 16:25 . 2009-03-21 14:35 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\BSplayer Pro 2009-03-17 16:24 . 2009-03-17 16:24 <DIR> d-------- c:\program files\Webteh 2009-03-17 16:23 . 2009-03-17 16:23 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\Media Player Classic 2009-03-14 14:07 . 2009-03-24 09:08 109,692 -rahs---- c:\windows\system32\olhrwef .exe 2009-03-14 09:42 . 2009-03-14 09:42 <DIR> d-------- c:\program files\Java 2009-03-14 09:42 . 2009-03-14 09:42 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-14 09:42 . 2009-03-14 09:42 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-13 22:56 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-13 22:56 . 2009-03-13 22:56 376 --a------ c:\windows\ODBC.INI 2009-03-13 22:54 . 2009-03-13 22:54 <DIR> d-------- c:\program files\Common Files\L&H 2009-03-13 22:53 . 2009-03-13 22:53 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-13 22:53 . 2009-03-13 22:53 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-13 22:52 . 2009-03-13 22:52 <DIR> d-------- c:\program files\Microsoft Works 2009-03-13 22:51 . 2009-03-13 22:53 <DIR> d-------- c:\windows\SHELLNEW 2009-03-13 22:48 . 2009-03-13 22:48 <DIR> dr-h----- C:\MSOCache 2009-03-13 22:44 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-13 22:43 . 2009-03-13 22:43 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-03-13 22:43 . 2008-03-21 21:30 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-03-13 22:43 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll 2009-03-13 22:43 . 2008-03-31 22:25 682,496 --a------ c:\windows\system32\divx.dll 2009-03-13 22:43 . 2006-09-24 16:11 389,120 --a------ c:\windows\system32\lameACM.acm 2009-03-13 22:43 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-03-13 22:43 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll 2009-03-13 22:43 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll 2009-03-13 22:43 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-13 22:43 . 2008-03-21 21:28 81,920 --a------ c:\windows\system32\dpl100.dll 2009-03-13 22:43 . 2008-03-28 18:41 7,680 --a------ c:\windows\system32\ff_vfw.dll 2009-03-13 22:43 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-03-13 22:43 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml 2009-03-13 22:42 . 2009-03-13 22:44 <DIR> d-------- c:\program files\Common Files\Adobe 2009-03-13 11:14 . 2009-03-13 11:14 603,904 --a------ c:\windows\system32\TUProgSt.exe 2009-03-13 11:14 . 2009-03-13 11:14 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2009-03-13 11:14 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll 2009-03-13 11:12 . 2009-03-23 09:38 <DIR> d-------- c:\program files\TuneUp Utilities 2009 2009-03-13 11:12 . 2009-03-13 11:12 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\TuneUp Software 2009-03-13 11:12 . 2009-03-13 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-03-13 11:11 . 2009-03-13 11:11 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-13 11:07 . 2009-03-13 11:07 <DIR> d-------- c:\program files\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-25 09:23 578,560 ----a-w c:\windows\system32\user32.DLL 2009-01-16 07:19 1,614,848 ----a-w c:\windows\system32\sfcfiles.dll 2009-01-10 07:58 990,208 ----a-w c:\windows\system32\syssetup.dll 2002-01-03 21:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012002010320020104\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-26_ 9.58.48.53 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-04-14 11:00:00 1,384,479 ----a-w c:\windows\system32\msvbvm60.dll + 2004-02-23 08:00:00 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll + 2009-03-26 11:15:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_238.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] 2009-03-10 11:47 2079256 --a------ c:\program files\TDI\tbTDI.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{964ED5ED-9595-43A1-BD83-9F831B5DBE7F}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2009-03-26 23052] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-03-26 23052] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Winamp\\winampa.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2002-01-03 67904] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-13 603904] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2002-01-03 64432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59509d7b-0093-11d6-aee6-806d6172696f}] \Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN \Shell\configure\command - E:\SETUP.EXE \Shell\install\command - E:\SETUP.EXE . Contents of the 'Scheduled Tasks' folder 2009-03-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-03-25 c:\windows\Tasks\Pareto UNS.job - c:\program files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-26 12:16:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\ctfmon.exe2811881968 15360 bytes executable scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\program files\McAfee\Common Framework\McTray.exe c:\windows\system32\ctfmon.exe2811881968NEROCHECK.EXE c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe c:\program files\Analog Devices\SoundMAX\smax4pnp .exe c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************ . Completion time: 2009-03-26 12:19:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-26 11:19:12 ComboFix2.txt 2009-03-26 09:47:52 ComboFix3.txt 2009-03-26 09:00:12 Pre-Run: 20,846,649,344 bytes free Post-Run: 20,783,452,160 bytes free 226

Profil

diarno Poslao: 26 Mar 2009 12:43 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

lazio Poslao: 26 Mar 2009 14:04 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 26 Mar 2009 14:04 mycity.rs/must-login.png mycity.rs/must-login.png

Profil

diarno Poslao: 26 Mar 2009 18:23 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\olhrwef .exe c:\windows\system32\fe3.wa` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

lazio Poslao: 27 Mar 2009 09:16 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-26.03 - SERVIS 2009-03-27 9:05:49.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1075 [GMT 1:00] Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\SERVIS\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise On-access scanning disabled (Outdated) * Created a new restore point FILE :: c:\windows\system32\fe3.wa c:\windows\system32\olhrwef .exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\fe3.wa c:\windows\system32\olhrwef .exe . ((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 ))))))))))))))))))))))))))))))) . 2009-03-26 11:25 . 2009-03-26 11:33 <DIR> d-------- c:\program files\DriverGuide Toolkit 2009-03-25 09:54 . 2009-03-25 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware 2009-03-24 13:20 . 2009-03-24 13:20 <DIR> d-------- c:\program files\USBScan 2009-03-21 12:17 . 2009-03-26 10:20 <DIR> d-------- C:\QUARANTINE 2009-03-20 14:46 . 2009-03-20 14:46 69 --a------ c:\windows\NeroDigital.ini 2009-03-20 11:04 . 2009-03-20 11:05 <DIR> d-------- c:\program files\SopCast 2009-03-19 13:57 . 2009-03-19 15:44 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\vlc 2009-03-19 13:52 . 2009-03-19 13:53 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\MozillaControl 2009-03-19 13:52 . 2009-03-19 13:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher 2009-03-19 13:52 . 2009-03-19 13:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc 2009-03-19 13:51 . 2009-03-19 13:51 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12 2009-03-19 13:50 . 2009-03-19 13:50 <DIR> d-------- c:\program files\VideoLAN 2009-03-19 13:50 . 2009-03-19 13:51 <DIR> d-------- c:\program files\Graboid 2009-03-19 10:11 . 2009-03-19 10:15 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\Ahead 2009-03-19 10:07 . 2009-03-19 10:07 <DIR> d-------- c:\program files\Nero 2009-03-19 10:07 . 2009-03-19 10:13 <DIR> d-------- c:\program files\Common Files\Ahead 2009-03-18 12:50 . 2009-03-18 12:50 <DIR> d-------- c:\program files\TDI 2009-03-18 12:50 . 2009-03-18 12:50 <DIR> d-------- c:\program files\Conduit 2009-03-18 11:43 . 2009-03-20 14:26 <DIR> d-------- c:\program files\nLite 2009-03-17 16:25 . 2009-03-21 14:35 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\BSplayer Pro 2009-03-17 16:24 . 2009-03-17 16:24 <DIR> d-------- c:\program files\Webteh 2009-03-17 16:23 . 2009-03-17 16:23 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\Media Player Classic 2009-03-14 09:42 . 2009-03-14 09:42 <DIR> d-------- c:\program files\Java 2009-03-14 09:42 . 2009-03-14 09:42 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-14 09:42 . 2009-03-14 09:42 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-13 22:56 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-13 22:56 . 2009-03-13 22:56 376 --a------ c:\windows\ODBC.INI 2009-03-13 22:54 . 2009-03-13 22:54 <DIR> d-------- c:\program files\Common Files\L&H 2009-03-13 22:53 . 2009-03-13 22:53 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-13 22:53 . 2009-03-13 22:53 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-13 22:52 . 2009-03-13 22:52 <DIR> d-------- c:\program files\Microsoft Works 2009-03-13 22:51 . 2009-03-13 22:53 <DIR> d-------- c:\windows\SHELLNEW 2009-03-13 22:48 . 2009-03-13 22:48 <DIR> dr-h----- C:\MSOCache 2009-03-13 22:44 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-13 22:43 . 2009-03-13 22:43 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-03-13 22:43 . 2008-03-21 21:30 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-03-13 22:43 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll 2009-03-13 22:43 . 2008-03-31 22:25 682,496 --a------ c:\windows\system32\divx.dll 2009-03-13 22:43 . 2006-09-24 16:11 389,120 --a------ c:\windows\system32\lameACM.acm 2009-03-13 22:43 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-03-13 22:43 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll 2009-03-13 22:43 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll 2009-03-13 22:43 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-13 22:43 . 2008-03-21 21:28 81,920 --a------ c:\windows\system32\dpl100.dll 2009-03-13 22:43 . 2008-03-28 18:41 7,680 --a------ c:\windows\system32\ff_vfw.dll 2009-03-13 22:43 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-03-13 22:43 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml 2009-03-13 22:42 . 2009-03-13 22:44 <DIR> d-------- c:\program files\Common Files\Adobe 2009-03-13 11:14 . 2009-03-13 11:14 603,904 --a------ c:\windows\system32\TUProgSt.exe 2009-03-13 11:14 . 2009-03-13 11:14 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2009-03-13 11:14 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll 2009-03-13 11:12 . 2009-03-23 09:38 <DIR> d-------- c:\program files\TuneUp Utilities 2009 2009-03-13 11:12 . 2009-03-13 11:12 <DIR> d-------- c:\documents and settings\SERVIS\Application Data\TuneUp Software 2009-03-13 11:12 . 2009-03-13 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-03-13 11:11 . 2009-03-13 11:11 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-13 11:07 . 2009-03-13 11:07 <DIR> d-------- c:\program files\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-25 09:23 578,560 ----a-w c:\windows\system32\user32.DLL 2009-01-16 07:19 1,614,848 ----a-w c:\windows\system32\sfcfiles.dll 2009-01-10 07:58 990,208 ----a-w c:\windows\system32\syssetup.dll 2002-01-03 21:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012002010320020104\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-26_ 9.58.48.53 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-04-14 11:00:00 1,384,479 ----a-w c:\windows\system32\msvbvm60.dll + 2004-02-23 08:00:00 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll + 2009-03-27 07:59:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4c4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] 2009-03-10 11:47 2079256 --a------ c:\program files\TDI\tbTDI.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{964ED5ED-9595-43A1-BD83-9F831B5DBE7F}"= "c:\program files\TDI\tbTDI.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2009-03-26 23052] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-03-27 23052] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Winamp\\winampa.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2002-01-03 67904] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-13 603904] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2002-01-03 64432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59509d7b-0093-11d6-aee6-806d6172696f}] \Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN \Shell\configure\command - E:\SETUP.EXE \Shell\install\command - E:\SETUP.EXE . Contents of the 'Scheduled Tasks' folder 2009-03-27 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-03-25 c:\windows\Tasks\Pareto UNS.job - c:\program files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-27 09:08:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-27 9:10:51 ComboFix-quarantined-files.txt 2009-03-27 08:10:46 ComboFix2.txt 2009-03-26 11:19:20 ComboFix3.txt 2009-03-26 09:47:52 ComboFix4.txt 2009-03-26 09:00:12 Pre-Run: 20,960,714,752 bytes free Post-Run: 21,000,200,192 bytes free 177

Profil

diarno Poslao: 27 Mar 2009 18:41 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlicno.. kakvo je sad stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » izgleda da sam pokupio nesto opasno

Ko je trenutno na forumu

Ukupno su 1488 korisnika na forumu :: 44 registrovanih, 5 sakrivenih i 1439 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Apok, Areal84, babaroga, bigfoot, Bobrock1, cinoeye, deLacy, DonRumataEstorski, dragoljub11987, galerija, Gall, goxin, ILGromovnik, Joco Skljoco, JOntra, Karla, Kubovac, ladro, laurusri, Leonov, Lieutenant, mercedesamg, Metanoja, milos.cbr, Miloskec, milutin134, novator, Oscar, ozzy, Parker, pein, procesor, radoznao, rodoljub, ruger357, sasa87, stegonosa, Stoilkovic, styg, vladulns, zixmix, Zoca

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by