Možda tražite i:
Šta je Malwarebytes Anti-Malware
Malwarebytes Anti-Malware Mobile
Malwarebytes Anti-Malware VS MCShield

MyCity » Ambulanta -> Arhiva Ambulante » malware-i

malware-i

Napisano na dan: 12.12.2008

malware-i

Sledeća strana

Pagination

Odgovori

lealea Poslao: 12 Dec 2008 20:47 Idi na vrh
offline lealea Novi MyCity građanin Pridružio: 12 Dec 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cao , mislim da sam zakacila malware... tu je log sa combofix-a i hijackthis Logfile of HijackThis v1.99.1 Scan saved at 8:43:17 PM, on 12/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\winsvc32.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Lea\Desktop\ppff.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\DOCUME~1\Lea\LOCALS~1\Temp\init.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [advap32] c:\aixuthfa.exe/r O4 - HKLM\..\Run: [winsvc32] winsvc32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-4092908004-0688891281-679753908-2286\service.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll O9 - Extra 'Tools' menuitem: &Nastavi� prekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll O9 - Extra 'Tools' menuitem: Preloži� &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll O9 - Extra 'Tools' menuitem: Preloži� &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\ O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe ------------------------------------------------------------------------------------- ComboFix 08-12-11.06 - Lea 2008-12-12 20:26:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.727 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 25088 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\TDSSmvct.sys c:\windows\system32\TDSScrrx.dll c:\windows\system32\TDSSotxb.dll c:\windows\system32\TDSSwpyl.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSSERV.SYS -------\Legacy_TDSSSERV.SYS -------\Legacy_FCI -------\Service_FCI -------\Service_restore ((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 ))))))))))))))))))))))))))))))) . 2008-12-12 20:07 . 2008-12-12 20:07 <DIR> d-------- c:\program files\InCode Solutions 2008-12-12 19:48 . 2008-12-12 19:48 <DIR> d-------- c:\documents and settings\Administrator 2008-12-12 16:01 . 2008-12-12 16:01 2,707 --a------ c:\windows\system32\TDSSuxwm.dll 2008-12-07 22:05 . 2008-12-07 22:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-07 22:05 . 2008-12-07 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 15:24 --------- d-----w c:\documents and settings\Lea\Application Data\Skype 2008-12-12 15:01 --------- d-----w c:\documents and settings\Lea\Application Data\skypePM 2008-12-11 08:48 14,336 ----a-w c:\windows\system32\svchost.exe 2008-11-08 22:32 --------- d-----w c:\documents and settings\Lea\Application Data\vlc 2008-11-08 22:27 --------- d-----w c:\program files\VideoLAN 2008-11-01 17:18 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 17:18 --------- d-----w c:\program files\Olympus 2008-10-12 12:45 --------- d-----w c:\program files\PC Translator . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "12ZFG94-F641-2SF-K31P-5N1ER6H6L2"="c:\recycler\S-1-5-21-4092908004-0688891281-679753908-2286\service.exe" [2008-11-28 72704] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-11-01 118784] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-04 67128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3xfxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winho20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winho53.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winls42.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwe20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwf31.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwf74.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Lea^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Lea\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-09-18 21:29 166424 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-09-18 21:29 141848 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-09-18 21:29 137752 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Lea\\Local Settings\\Temp\\init.exe"= R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-09-05 222456] R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-08-28 193840] S0 Winho53;Winho53;c:\windows\system32\Drivers\Winho53.sys [] S0 Winls42;Winls42;c:\windows\system32\Drivers\Winls42.sys [] S0 Winwe20;Winwe20;c:\windows\system32\Drivers\Winwe20.sys [] S3 ati3xfxx;ati3xfxx;\??\c:\windows\System32\drivers\ati3xfxx.sys [] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2008-09-17 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2008-09-17 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2008-09-17 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2008-09-17 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2008-09-17 98568] S3 Winho20;Winho20;\??\c:\windows\System32\drivers\Winho20.sys [] S3 Winwf31;Winwf31;\??\c:\windows\System32\drivers\Winwf31.sys [] S3 Winwf74;Winwf74;\??\c:\windows\System32\drivers\Winwf74.sys [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17] . - - - - ORPHANS REMOVED - - - - HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://start.icq.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-12 20:28:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(25564) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\msi.dll c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\windows\system32\ping.exe [24340] c:\windows\system32\ping.exe c:\docume~1\Lea\LOCALS~1\Temp\init.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe c:\windows\system32\ping.exe . ************************************************************************ . Completion time: 2008-12-12 20:32:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-12 19:31:59 Pre-Run: 38,932,590,592 bytes free Post-Run: 38,875,815,936 bytes free 212

Profil

dr_Bora Poslao: 13 Dec 2008 02:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Potrebno je privremeno isključiti TeaTimer: Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti program sa ovog linka na Desktop. - Pokrenuti ga dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\TDSSuxwm.dll c:\docume~1\Lea\LOCALS~1\Temp\init.exe c:\recycler\S-1-5-21-4092908004-0688891281-679753908-2286\service.exe Driver:: Winho53 Winls42 Winwe20 ati3xfxx Winho20 Winwf31 Winwf74 Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "12ZFG94-F641-2SF-K31P-5N1ER6H6L2"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3xfxx.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winho20.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winho53.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winls42.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwe20.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwf31.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwf74.sys] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

lealea Poslao: 14 Dec 2008 21:28 Idi na vrh
offline lealea Novi MyCity građanin Pridružio: 12 Dec 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-11.06 - Lea 2008-12-14 21:18:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.546 [GMT 1:00] Running from: c:\documents and settings\Lea\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Lea\Desktop\CFSCRIPT.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\docume~1\Lea\LOCALS~1\Temp\init.exe c:\recycler\S-1-5-21-4092908004-0688891281-679753908-2286\service.exe c:\windows\system32\TDSSuxwm.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\TDSSuxwm.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ATI3XFXX -------\Service_ati3xfxx -------\Service_Winho20 -------\Service_Winho53 -------\Service_Winls42 -------\Service_Winwe20 -------\Service_Winwf31 -------\Service_Winwf74 ((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 ))))))))))))))))))))))))))))))) . 2008-12-12 20:42 . 2008-12-05 11:14 122,880 -r-hs---- c:\windows\winsvc32.exe 2008-12-12 20:07 . 2008-12-12 20:07 <DIR> d-------- c:\program files\InCode Solutions 2008-12-12 19:48 . 2008-12-12 19:48 <DIR> d-------- c:\documents and settings\Administrator 2008-12-07 22:05 . 2008-12-07 22:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-07 22:05 . 2008-12-07 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 20:09 --------- d-----w c:\documents and settings\Lea\Application Data\Skype 2008-12-14 14:19 --------- d-----w c:\documents and settings\Lea\Application Data\skypePM 2008-12-11 08:48 14,336 ----a-w c:\windows\system32\svchost.exe 2008-11-08 22:32 --------- d-----w c:\documents and settings\Lea\Application Data\vlc 2008-11-08 22:27 --------- d-----w c:\program files\VideoLAN 2008-11-01 17:18 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 17:18 --------- d-----w c:\program files\Olympus . ((((((((((((((((((((((((((((( snapshot@2008-12-12_20.30.24.04 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-12 18:52:52 39,992 ----a-w c:\windows\system32\perfc009.dat + 2008-12-14 20:19:27 40,394 ----a-w c:\windows\system32\perfc009.dat - 2008-12-12 18:52:52 311,604 ----a-w c:\windows\system32\perfh009.dat + 2008-12-14 20:19:27 312,172 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-11-01 118784] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-04 67128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Lea^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Lea\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-09-18 21:29 166424 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-09-18 21:29 141848 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-09-18 21:29 137752 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-09-05 222456] R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-08-28 193840] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2008-09-17 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2008-09-17 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2008-09-17 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2008-09-17 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2008-09-17 98568] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.icq.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Lea\Application Data\Mozilla\Firefox\Profiles\z9ba0nef.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-14 21:20:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************ . Completion time: 2008-12-14 21:22:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-14 20:22:16 ComboFix2.txt 2008-12-12 19:32:20 Pre-Run: 38,815,670,272 bytes free Post-Run: 38,808,096,768 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe 160 Evo log-a , hvala na pomoci

Profil

dr_Bora Poslao: 14 Dec 2008 22:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\winsvc32.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

lealea Poslao: 14 Dec 2008 22:30 Idi na vrh
offline lealea Novi MyCity građanin Pridružio: 12 Dec 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-11.06 - Lea 2008-12-14 22:24:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.549 [GMT 1:00] Running from: c:\documents and settings\Lea\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Lea\Desktop\cfscript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\winsvc32.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\winsvc32.exe . ((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 ))))))))))))))))))))))))))))))) . 2008-12-12 20:07 . 2008-12-12 20:07 <DIR> d-------- c:\program files\InCode Solutions 2008-12-12 19:48 . 2008-12-12 19:48 <DIR> d-------- c:\documents and settings\Administrator 2008-12-07 22:05 . 2008-12-07 22:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-07 22:05 . 2008-12-07 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 21:18 --------- d-----w c:\documents and settings\Lea\Application Data\Skype 2008-12-14 21:13 --------- d-----w c:\documents and settings\Lea\Application Data\skypePM 2008-12-11 08:48 14,336 ----a-w c:\windows\system32\svchost.exe 2008-11-08 22:32 --------- d-----w c:\documents and settings\Lea\Application Data\vlc 2008-11-08 22:27 --------- d-----w c:\program files\VideoLAN 2008-11-01 17:18 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 17:18 --------- d-----w c:\program files\Olympus . ((((((((((((((((((((((((((((( snapshot@2008-12-12_20.30.24.04 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-12 18:52:52 39,992 ----a-w c:\windows\system32\perfc009.dat + 2008-12-14 20:25:13 40,394 ----a-w c:\windows\system32\perfc009.dat - 2008-12-12 18:52:52 311,604 ----a-w c:\windows\system32\perfh009.dat + 2008-12-14 20:25:13 312,172 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-11-01 118784] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-04 67128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Lea^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Lea\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-09-18 21:29 166424 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-09-18 21:29 141848 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-09-18 21:29 137752 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-09-05 222456] R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-08-28 193840] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2008-09-17 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2008-09-17 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2008-09-17 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2008-09-17 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2008-09-17 98568] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.icq.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Lea\Application Data\Mozilla\Firefox\Profiles\z9ba0nef.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-14 22:24:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-12-14 22:25:48 ComboFix-quarantined-files.txt 2008-12-14 21:25:22 ComboFix2.txt 2008-12-14 20:22:29 ComboFix3.txt 2008-12-12 19:32:20 Pre-Run: 38,840,979,456 bytes free Post-Run: 38,831,104,000 bytes free 137

Profil

dr_Bora Poslao: 14 Dec 2008 23:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada izgleda ok. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve.

Profil

lealea Poslao: 16 Dec 2008 17:40 Idi na vrh
offline lealea Novi MyCity građanin Pridružio: 12 Dec 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala na pomoci Juce je nod32 pronasao ove viruse [code]12/15/2008 11:51:19 PM Real-time file system protection file C:\System Volume Information\_restore{1DFFA1A3-3F59-4005-AF22-EA87D9053C37}\RP88\A0013498.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe. 12/15/2008 9:36:59 PM Real-time file system protection file C:\System Volume Information\_restore{1DFFA1A3-3F59-4005-AF22-EA87D9053C37}\RP88\A0013497.dll Win32/Agent.OIK trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe. 12/15/2008 8:21:09 PM Real-time file system protection file C:\System Volume Information\_restore{1DFFA1A3-3F59-4005-AF22-EA87D9053C37}\RP88\A0013450.dll Win32/Agent.OIK trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe. 12/15/2008 6:53:53 PM Real-time file system protection file C:\System Volume Information\_restore{1DFFA1A3-3F59-4005-AF22-EA87D9053C37}\RP88\A0013449.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.

Profil

dr_Bora Poslao: 16 Dec 2008 23:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve se to nalazi u System Restore folderima a to znači da nisi ispratila uputstvo za deinstalaciju ComboFix-a (ili je skeniranje urađeno pre deinstalacije).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » malware-i

Ko je trenutno na forumu

Ukupno su 1091 korisnika na forumu :: 44 registrovanih, 7 sakrivenih i 1040 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, Apok, bojanM84, bokisha253, Centauro, crnitrn, d bos, Dannyboy, debeli, Denaya, Djokislav, Dorcolac, dushan, FOX, gasha, ikan, Karla, Lucije Kvint, maiden6657, Marko Marković, mercedesamg, Mercury, Metanoja, MiG-29M2, milanovic, Milos ZA, mnn2, mocnijogurt, operniki, radoznao, raptorsi, sevenino, Singidunumac, sokars, SR-3m, Srle993, Sumadija34, vathra, vladulns, x9, yufighter, Zimbabwe, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by