MyCity » Ambulanta -> Arhiva Ambulante » msn salje sam poruke ?

msn salje sam poruke ?

Napisano na dan: 17.6.2008
2

msn salje sam poruke ?
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 18 Jun 2008 23:03
Idi na vrh
offline
  • Pridružio: 10 Jan 2008
  • Poruke: 24
  • Gde živiš: Beograd

ComboFix 08-06-16.5 - jelena 2008-06-18 22:47:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.135 [GMT 2:00]
Running from: C:\Documents and Settings\jelena\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jelena\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\livemsngs.exe
C:\WINDOWS\system32\kbdcy.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About
C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\Bits bat.exe
C:\Documents and Settings\jelena\Application Data\Stop Atom
C:\Documents and Settings\jelena\Application Data\Stop Atom\0
C:\Documents and Settings\jelena\Application Data\Stop Atom\Four size iso bird.exe
C:\Documents and Settings\jelena\Application Data\Stop Atom\Move book.exe
C:\Documents and Settings\jelena\Application Data\Stop Atom\mquydzak.exe
C:\Documents and Settings\jelena\Application Data\Stop Atom\sistdiqh.exe
C:\Documents and Settings\jelena\Application Data\Stop Atom\vznchutp.exe
C:\WINDOWS\livemsngs.exe
C:\WINDOWS\system32\kbdcy.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-17 22:11 . 2008-06-17 22:11 <DIR> d-------- C:\deljob
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\WINDOWS\system32\restore
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\WINDOWS\srchasst
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-17 18:52 . 2008-06-17 18:52 <DIR> d-------- C:\Program Files\Real
2008-06-12 23:43 . 2008-06-13 20:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 23:43 . 2008-06-12 23:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 14:59 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:59 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-05-27 19:53 . 2008-05-27 19:53 <DIR> d-------- C:\Program Files\Stop Atom
2008-05-27 19:51 . 2008-05-27 19:55 <DIR> d-------- C:\Program Files\LimeWire
2008-05-27 19:51 . 2008-05-27 20:01 <DIR> d-------- C:\Documents and Settings\jelena\Application Data\LimeWire
2008-05-24 23:09 . 2008-05-24 23:09 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2008-05-20 23:48 . 2008-06-15 17:38 <DIR> d-------- C:\Documents and Settings\jelena\Application Data\BearShare
2008-05-20 23:48 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-20 23:47 . 2008-05-20 23:48 <DIR> d-------- C:\Program Files\BearShare Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:03 --------- d-----w C:\Documents and Settings\jelena\Application Data\OpenOffice.org2
2008-06-17 17:01 --------- d-----w C:\Program Files\MSN Messenger
2008-06-17 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-10 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-02 16:01 --------- d-----w C:\Program Files\Java
2008-05-30 15:43 --------- d-----w C:\Documents and Settings\jelena\Application Data\Ahead
2008-05-27 18:00 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 21:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-05 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2004-08-18 14:00 114,688 --sha-r C:\WINDOWS\system32\ajoy.dll
.

------- Sigcheck -------

2006-08-25 16:19 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 17:05:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 20:50:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"="C:\WINDOWS\system32\Npad.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-25 14:07 243072]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"ForKnob"="C:\DOCUME~1\jelena\APPLIC~1\STOPAT~1\Move book.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\jelena\OctoshapeClient.exe" [2006-02-13 18:33 214648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 13:27 65536]
"Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 04:37 121089]
"Device Detector"="DevDetect.exe" []
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 11:37 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 16:54 544768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 14:02 786521]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dog about manager team"="C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\Bits bat.exe" [ ]
"Windows MSN Live Messanger"="livemsngs.exe" []

C:\Documents and Settings\jelena\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"VIDC.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Octoshape Streaming Services\\jelena\\OctoshapeClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-09 22:47]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-09 22:47]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-08-14 05:40]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-09 08:15]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-09 08:15]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 20:00:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-06-18 22:50:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
.
**************************************************************************
.
Completion time: 2008-06-18 22:57:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 20:57:10
ComboFix2.txt 2008-06-17 19:23:15

Pre-Run: 20,048,384,000 bytes free
Post-Run: 20,042,371,072 bytes free

180 --- E O F --- 2008-06-12 20:46:43



Poslao: 19 Jun 2008 22:20
Idi na vrh
offline
  • Blue  Male
  • Elitni građanin
  • Pridružio: 06 Avg 2003
  • Poruke: 2214

mozda instalira neki antispyware i odmah krene sa ciscenjem polako ,....



Poslao: 19 Jun 2008 23:22
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jedna od infekcija pocinje instalacijom programa Lime Wire i Internet Download Manager, sto me dovodi do zakljucka da su skinute verzije pune adwarea.

Javljaju li se jos uvek oni simptomi sa MSN messengerom?
Javite mi to, pa da pocistimo ostatke i da deinstaliramo ComboFix.

Poslao: 20 Jun 2008 07:11
Idi na vrh
offline
  • Blue  Male
  • Elitni građanin
  • Pridružio: 06 Avg 2003
  • Poruke: 2214

msn je u redu,ne salje vise nista

Poslao: 20 Jun 2008 17:53
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\actskn45.ocx

Folder::
C:\Program Files\Stop Atom

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"=-
"ForKnob"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dog about manager team"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Nakon ovog postupka sledeci programi ce mozda prestati sa radom:
BearShare
LimeWire

Oba ta programa su na sistem instalirala adware koji smo mi upravo uklonili.
Preporucujem deinstalaciju ova dva programa i da sledeci put pazite koje programe instalirate.

Poslao: 20 Jun 2008 19:28
Idi na vrh
offline
  • Pridružio: 10 Jan 2008
  • Poruke: 24
  • Gde živiš: Beograd

ComboFix 08-06-16.5 - jelena 2008-06-20 19:06:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.124 [GMT 2:00]
Running from: C:\Documents and Settings\jelena\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jelena\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\actskn45.ocx
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Stop Atom
C:\WINDOWS\system32\actskn45.ocx

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-19 14:54 . 2004-08-18 16:00 114,688 -rahs---- C:\WINDOWS\system32\wmiwrop.dll
2008-06-17 22:11 . 2008-06-17 22:11 <DIR> d-------- C:\deljob
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\WINDOWS\system32\restore
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\WINDOWS\srchasst
2008-06-17 21:25 . 2008-06-17 21:25 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-17 18:52 . 2008-06-17 18:52 <DIR> d-------- C:\Program Files\Real
2008-06-12 23:43 . 2008-06-13 20:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 23:43 . 2008-06-12 23:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 14:59 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:59 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-05-27 19:51 . 2008-05-27 19:55 <DIR> d-------- C:\Program Files\LimeWire
2008-05-27 19:51 . 2008-05-27 20:01 <DIR> d-------- C:\Documents and Settings\jelena\Application Data\LimeWire
2008-05-24 23:09 . 2008-05-24 23:09 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2008-05-20 23:48 . 2008-06-15 17:38 <DIR> d-------- C:\Documents and Settings\jelena\Application Data\BearShare
2008-05-20 23:47 . 2008-05-20 23:48 <DIR> d-------- C:\Program Files\BearShare Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 14:08 --------- d-----w C:\Documents and Settings\jelena\Application Data\OpenOffice.org2
2008-06-17 17:01 --------- d-----w C:\Program Files\MSN Messenger
2008-06-17 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-10 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-02 16:01 --------- d-----w C:\Program Files\Java
2008-05-30 15:43 --------- d-----w C:\Documents and Settings\jelena\Application Data\Ahead
2008-05-27 18:00 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys
2008-05-07 21:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2008-05-05 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\DllCache\msjint40.dll
2004-08-18 14:00 114,688 --sha-r C:\WINDOWS\system32\ajoy.dll
2004-08-18 14:00 114,688 --sha-r C:\WINDOWS\system32\wmiwrop.dll
.

------- Sigcheck -------

2006-08-25 16:19 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 17:05:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 14:07:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-06-20 12:00:00 180,224 ----a-w C:\WINDOWS\system32\nqlsapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-25 14:07 243072]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\jelena\OctoshapeClient.exe" [2006-02-13 18:33 214648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 13:27 65536]
"Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 04:37 121089]
"Device Detector"="DevDetect.exe" []
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 11:37 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 16:54 544768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 14:02 786521]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Windows MSN Live Messanger"="livemsngs.exe" []

C:\Documents and Settings\jelena\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"= {0216364A-188A-4D2F-B5EE-32DDBCE2BF00} - C:\WINDOWS\system32\nqlsapi.dll [2003-06-20 14:00 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"VIDC.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Octoshape Streaming Services\\jelena\\OctoshapeClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-09 22:47]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-09 22:47]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-08-14 05:40]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-09 08:15]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-09 08:15]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85b83b2c-e861-11dc-a9e0-001d6015f2c4}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\\mqlugmgr.dll,InstallM

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 17:00:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-06-20 19:08:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-20 19:09:49
ComboFix-quarantined-files.txt 2008-06-20 17:09:45
ComboFix2.txt 2008-06-18 20:57:25
ComboFix3.txt 2008-06-17 19:23:15

Pre-Run: 20,052,291,584 bytes free
Post-Run: 20,048,130,048 bytes free

160 --- E O F --- 2008-06-12 20:46:43

Poslao: 20 Jun 2008 19:37
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Fino, dok mi resavamo jednu infekciju vi ste uspeli da nabacite novu Smile
Elem, sada imamo i crva koji se siri putem USB stickova.

Da li ste pozajmljivali neke USB stickove, MP3 plejere ili ste prikljucivali mobilne telefone na ovaj komp u vremenu od prethodnog do ovog zadnjeg loga?

Poslao: 20 Jun 2008 19:44
Idi na vrh
offline
  • Pridružio: 10 Jan 2008
  • Poruke: 24
  • Gde živiš: Beograd

sve! Smile ..........

Poslao: 20 Jun 2008 20:00
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Dajte mi i nov HijackThis log, pa da krenem od pocetka...

Poslao: 20 Jun 2008 20:42
Idi na vrh
offline
  • Pridružio: 10 Jan 2008
  • Poruke: 24
  • Gde živiš: Beograd

Logfile of HijackThis v1.99.1
Scan saved at 8:41:27 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Octoshape Streaming Services\jelena\OctoshapeClient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jelena\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows MSN Live Messanger] livemsngs.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\jelena\OctoshapeClient.exe" -inv:bootrun
O4 - Startup: CCC.lnk = ?
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &ieSpell Options - [Link mogu videti samo ulogovani korisnici]\Program Files\Utilities\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - [Link mogu videti samo ulogovani korisnici]\Program Files\Utilities\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Check &Spelling - [Link mogu videti samo ulogovani korisnici]\Program Files\Utilities\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: UpdateCheck - {0216364A-188A-4D2F-B5EE-32DDBCE2BF00} - C:\WINDOWS\system32\nqlsapi.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

MyCity » Ambulanta -> Arhiva Ambulante » msn salje sam poruke ?

Ko je trenutno na forumu
 

Ukupno su 1268 korisnika na forumu :: 77 registrovanih, 10 sakrivenih i 1181 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 13297 - dana 20 Jan 2026 17:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 04bokibole, 8u47, A.R.Chafee.Jr., alberto, aleksandar11332, Anunakiii, Apok, aramis s, Atomski čoban, babaroga, bestguarder, bojank, Botovac, Comyymoc, Daba75, Dambi, darkojbn, dearg, debeli, Despot Đurađ, dexteroza, djordje92sm, djuradj, Dogma21, doktor097, DonRumataEstorski, Duce, Dzuki, Folkstar, goran.vvv, grenadir, Hans Gajger, Igrutinovic, jarovitt, Kajzer Soze, kibihrchak, Koca Popovic, konstruktor, kreker, Kriglord, Laluvr, marat, Marko Marković, mercedesamg, Mickey91, miki kv, milanpb, Miletić Zoran, MilosKop, Miškić, Mićko, Moldovan, Mrav Obrad, nemkea71, nevjerna beba, nnovakis, oblivion, opt1, Orc, PlayerOne, Prometeus, SamostalniReferent, Shajlok, spalev, Speer, stefan95, stegonosa, stibium51, Stoilkovic, taomaster, Tila Painen, Vladimir90, Weah88, Witcher, zeo, Zukov, 223223