log HJ i Combofix ... mislim da ima tu neki virus

log HJ i Combofix ... mislim da ima tu neki virus

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

combofix:

ComboFix 09-06-11.06 - miki 06/12/2009 17:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1364 [GMT 2:00]
Running from: c:\documents and settings\miki\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\Mlkf.dll
c:\windows\system32\pncrt.dll
c:\windows\system32\spool.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-07 07:31 . 2009-06-07 07:31 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-07 07:31 . 2009-06-07 07:31 -------- d-----w- c:\program files\MSBuild
2009-06-07 07:30 . 2009-06-07 07:30 -------- d-----w- c:\program files\Reference Assemblies
2009-06-07 07:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-07 07:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-07 07:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-07 07:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-07 07:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-07 07:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-07 07:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-07 07:30 . 2009-06-07 07:30 -------- d-----w- C:\4eefef919900c58531898c6ab354d2
2009-06-07 07:29 . 2009-06-07 09:39 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-06 16:16 . 2009-06-06 16:16 -------- d-----w- c:\program files\iPod
2009-06-06 16:16 . 2009-06-06 16:16 -------- d-----w- c:\program files\iTunes
2009-06-06 16:14 . 2009-06-06 16:15 -------- d-----w- c:\program files\QuickTime
2009-06-06 16:11 . 2009-06-06 16:11 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-27 17:27 . 2009-06-06 12:49 0 ----a-w- c:\program files\Common Files\chd.exe
2009-05-27 17:03 . 2009-05-27 17:03 -------- d-----w- c:\program files\Elcomsoft
2009-05-18 15:55 . 2009-05-18 15:55 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-05-14 20:36 . 2009-05-14 20:36 -------- d-----w- C:\a1c31643af160503c65e

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 11:19 . 2009-05-03 13:57 41 ----a-w- c:\windows\system32\mslck.dat
2009-06-11 08:42 . 2009-04-09 21:30 -------- d-----w- c:\documents and settings\miki\Application Data\uTorrent
2009-06-08 18:40 . 2009-05-06 20:13 -------- d-----w- c:\documents and settings\miki\Application Data\Skype
2009-06-08 17:30 . 2009-05-06 20:17 -------- d-----w- c:\documents and settings\miki\Application Data\skypePM
2009-06-07 14:40 . 2009-04-14 18:46 -------- d-----w- c:\documents and settings\miki\Application Data\Apple Computer
2009-06-07 09:42 . 2009-04-09 19:23 30584 ----a-w- c:\documents and settings\miki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 16:16 . 2009-04-14 18:38 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 12:45 . 2009-04-28 19:52 -------- d-----w- c:\program files\FolderAccess
2009-06-01 05:19 . 2009-04-09 21:30 -------- d-----w- c:\program files\uTorrent
2009-05-29 11:36 . 2009-04-14 18:39 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-04-14 18:39 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-28 20:51 . 2009-05-09 02:09 -------- d-----w- c:\documents and settings\miki\Application Data\gtk-2.0
2009-05-28 01:00 . 2009-04-09 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-27 16:03 . 2009-04-09 19:16 -------- d-----w- c:\program files\Launch Manager
2009-05-09 08:40 . 2009-04-12 15:52 -------- d-----w- c:\program files\Winamp
2009-05-09 08:39 . 2009-04-12 15:52 -------- d-----w- c:\documents and settings\miki\Application Data\Winamp
2009-05-09 02:04 . 2009-05-09 02:04 -------- d-----w- c:\program files\GIMP-2.0
2009-05-06 20:17 . 2009-05-06 20:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-06 20:12 . 2009-05-06 20:12 -------- d-----r- c:\program files\Skype
2009-05-06 20:12 . 2009-05-06 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-06 20:12 . 2009-05-06 20:12 -------- d-----w- c:\program files\Common Files\Skype
2009-05-04 17:39 . 2009-05-04 17:39 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-05-04 17:28 . 2009-05-04 17:28 -------- d-----w- c:\program files\PDF Password Remover v3.0
2009-05-04 17:17 . 2009-04-12 15:42 -------- d-----w- c:\program files\Tweak PDF Converter
2009-05-03 16:37 . 2009-05-03 16:37 -------- d-----w- c:\documents and settings\miki\Application Data\DivX
2009-05-03 12:35 . 2009-05-03 12:35 -------- d-----w- c:\program files\Foxit Software
2009-05-03 12:35 . 2009-05-03 12:35 -------- d-----w- c:\documents and settings\miki\Application Data\Foxit
2009-05-03 12:07 . 2009-05-03 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-05-03 12:01 . 2009-05-03 12:01 -------- d-----w- c:\program files\DivX
2009-05-03 11:58 . 2009-05-03 11:58 -------- d-----w- c:\program files\MSXML 4.0
2009-05-03 11:55 . 2009-05-03 11:55 -------- d-----w- c:\program files\Pinnacle
2009-05-03 11:55 . 2009-04-09 19:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-02 19:30 . 2009-05-02 19:30 -------- d-----w- c:\documents and settings\miki\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-28 19:48 . 2009-04-28 19:31 -------- d-----w- c:\program files\Xilisoft
2009-04-25 09:03 . 2009-04-25 09:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-25 09:03 . 2009-04-09 18:59 -------- d-----w- c:\program files\Java
2009-04-24 17:42 . 2009-04-24 17:42 152576 ----a-w- c:\documents and settings\miki\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-23 17:23 . 2009-04-09 20:35 90112 ----a-w- c:\windows\DUMP5265.tmp
2009-04-14 20:04 . 2009-04-14 20:04 -------- d-----w- c:\documents and settings\miki\Application Data\Xilisoft Corporation
2009-04-14 19:50 . 2009-04-14 19:50 -------- d-----w- c:\program files\ffdshow
2009-04-14 19:31 . 2009-04-14 19:31 -------- d-----w- c:\program files\YouTube Downloader
2009-04-14 18:45 . 2009-04-14 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-14 18:45 . 2009-04-14 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-14 18:44 . 2009-04-14 18:44 -------- d-----w- c:\program files\Bonjour
2009-04-14 18:39 . 2009-04-14 18:39 -------- d-----w- c:\program files\Apple Software Update
2009-04-14 18:38 . 2009-04-14 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-04-09 20:46 . 2009-04-09 18:54 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-09 19:22 . 2009-04-09 19:22 127 ----a-w- c:\documents and settings\miki\Local Settings\Application Data\fusioncache.dat
2009-04-09 18:52 . 2009-04-09 18:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-30 18:01 . 2009-04-14 19:50 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-30 18:01 . 2009-04-14 19:50 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-03-25 04:29 . 2009-04-09 19:26 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-03-19 14:32 . 2009-04-14 18:45 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-16 16:42 . 2009-03-16 16:42 524288 ----a-w- c:\windows\opuc.dll
2009-03-16 16:42 . 2009-04-09 21:47 264704 ------w- c:\documents and settings\miki\Application Data\OfficeUpdate12\oudetect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-25 148888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKLM\~\startupfolder\C:^Documents and Settings^miki^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\documents and settings\miki\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\system32\drivers\PctvVirtualNdis.sys [5/3/2009 2:00 PM 13696]
S1 mailKmd;mailKmd; [x]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [5/3/2009 2:00 PM 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [5/3/2009 2:00 PM 13440]
.
Contents of the 'Scheduled Tasks' folder

2009-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-12 17:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,24,38,06,b7,00,
48,45,07,c8,28,51,af,b0,29,a3,98,40,a1,56,b9,35,3f,7c,fe,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,3a,9c,37,b7,5f,
b5,75,df,71,3b,04,66,8b,46,0d,96,54,36,46,03,04,4e,7c,1b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,08,51,24,b3,64,
e8,5f,e1,25,da,ec,7e,55,20,c9,26,25,89,96,3b,55,46,1c,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,25,1a,6c,8d,70,
01,16,dd,3e,1e,9e,e0,57,5a,93,61,c4,1e,43,34,8b,d5,48,02,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,58,bb,a5,98,3f,
82,14,56,cd,44,cd,b9,a6,33,6c,cd,5b,2c,e6,32,8a,53,43,cf,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,be,90,cd,a9,6e,
56,da,b0,b0,18,ed,a7,3f,8d,37,a4,68,03,bd,75,42,81,c6,f3,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b3,51,5a,8e,d3,
8a,7d,8a,31,77,e1,ba,b1,f8,68,02,f1,c7,5b,b3,a9,e8,71,01,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,0e,35,75,78,cd,
0b,20,96,83,6c,56,8b,a0,85,96,ab,63,81,df,83,30,41,6c,49,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,76,70,0b,1d,b5,
13,b3,b6,51,fa,6e,91,28,9e,14,cc,d1,b7,70,b3,61,02,9b,af,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,90,9a,61,c6,d5,
05,a4,1a,b1,cd,45,5a,a8,c4,f8,b9,e3,e7,9c,7d,96,e5,c2,05,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,22,de,e6,95,34,
63,a0,e7,e3,0e,66,d5,eb,bc,2f,6b,bb,11,8f,ec,e1,20,73,61,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,7f,82,3c,a3,67,
8c,8a,cb,fa,ea,66,7f,d4,3b,6b,70,41,9c,78,ef,98,46,5e,af,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CF25371.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LckFldService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-12 17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-12 15:37

Pre-Run: 46,523,293,696 bytes free
Post-Run: 46,679,379,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

248


HJ:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:26 PM, on 6/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\miki\Desktop\mk30\mk30.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....9306808109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....9316833015
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

--
End of file - 5663 bytes


hvala na pomoci ...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Zbog čega sumnjaš na malware? Neki problem?

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

mozda i nije, ali internet iako je veza ok, iako torrent radi perfektno, ni jednu stranicu ne mogu da otvorim. ni u operi ni u ie.

druga stvar, recimo kopiram iz jednog foldera u drugi neke stvari i odjednom mi prijavi neku gresku i zatvori sve explorere.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Zaboraviš da pomenem: zašto nemaš antivirus? Bez AV-a, samo je pitanje dana kada ćeš morati formatirati disk (jer će Windows biti toliko uništem od strane malware-a da mu neće biti pomoći).



Anyway, ne bih rekao da ovde postoji nešto maliciozno, no možemo odraditi još jednu proveru.


Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

evo:

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Čisti logovi.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



mirjanagb ::mozda i nije, ali internet iako je veza ok, iako torrent radi perfektno, ni jednu stranicu ne mogu da otvorim. ni u operi ni u ie.

Raspitaj se u: http://www.mycity.rs/Internet-klijenti/

mirjanagb ::druga stvar, recimo kopiram iz jednog foldera u drugi neke stvari i odjednom mi prijavi neku gresku i zatvori sve explorere.

Raspitaj se u: http://www.mycity.rs/Windows/

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

ok ... hvala na pomoci!!!!

samo jedno pitanje:

sta je ovo sto je combofix obrisao, na samom pocetku log-a?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Obzirom na to da nisi ispratila uputstvo za otvaranje teme (idući put će ista biti obrisana), ne mogu precizno reći.
Kada bih nagađao, rekao bih da je obrisao jednog crva i jedan legitiman file.

Ko je trenutno na forumu
 

Ukupno su 1299 korisnika na forumu :: 82 registrovanih, 9 sakrivenih i 1208 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, amaterSRB, Apok, awathorn, Ben Roj, black venom, BlekMen, Bobrock1, Boris90, cavatina, CrazyDiablo, Dannyboy, DavidA, Denaya, DENIRO, djo97, djordje92sm, Doca, Dorcolac, draganca, dragon986, Duh sa sekirom, filigranofil, Fog of War, Frunze, Georgius, Gosha101980, helen1, HrcAk47, IvanKotan, Još malo pa deda, kairos, kinez88, Komentator, Konda, Koridor, krlebgd77, ljuba, mercedesamg, mileJNA, milimoj, misaru, Misirac, mrmr, mrvica78, nebidrag, nenad81, nenooo, nuki1234, opt1, Outis, panonski mornar, Peresvet, powSrb, repac, RJ, robert1979, Romibrat, rovac, royst33, S2M, sakota79, savaskytec, Shinobi, Shufle, sickmouse, Skakac7, Skywhaler, Steeeefan, suton, t84dar, Toni, uruk, USSVoyager, vaso1, VJ, Voja1978, vsn111, wulfy, Zimbabwe, |_MeD_|