MyCity » Ambulanta -> Arhiva Ambulante » proces

proces

Napisano na dan: 21.2.2008

proces
Sledeća strana Pagination

Idi na vrh

Poslao: 21 Feb 2008 22:01
Idi na vrh
offline
  • Pridružio: 12 Okt 2007
  • Poruke: 158

evo otvaram temu zbog onog problema sa firefox.exe


Logfile of HijackThis v1.99.1
Scan saved at 9:56:42 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sladja\Desktop\New Folder\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0BF5B8-36DE-4B60-93E1-9A00162B5141}: NameServer = 10.5.0.197,10.5.0.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{8A0BF5B8-36DE-4B60-93E1-9A00162B5141}: NameServer = 10.5.0.197,10.5.0.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{8A0BF5B8-36DE-4B60-93E1-9A00162B5141}: NameServer = 10.5.0.197,10.5.0.200
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)



Poslao: 21 Feb 2008 22:11
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 21 Feb 2008 22:34
Idi na vrh
offline
  • Pridružio: 12 Okt 2007
  • Poruke: 158

ComboFix 08-02-22 - sladja 2008-02-21 22:22:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.708 [GMT 1:00]
Running from: C:\Documents and Settings\sladja\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-21 12:52 . 2008-02-21 12:52 40,850 --a------ C:\WINDOWS\FontData.fdb
2008-02-15 21:40 . 2008-02-15 21:40 1,720,086 --a------ C:\WINDOWS\system32\TmpA22771859
2008-02-15 21:29 . 2008-02-15 21:29 <DIR> d-------- C:\Program Files\ImTOO
2008-02-15 21:11 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-02-15 21:11 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-02-15 21:06 . 2008-02-15 21:11 <DIR> d-------- C:\Program Files\Image-Line
2008-02-14 20:57 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-02-11 22:58 . 2008-02-11 22:58 <DIR> d-------- C:\Program Files\MSN Messenger
2008-02-11 20:40 . 2008-02-11 20:40 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-11 20:40 . 2008-02-11 20:40 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-02-11 13:42 . 2008-02-11 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-02-11 13:41 . 2008-02-11 22:48 <DIR> d-------- C:\Program Files\Windows Live
2008-02-11 13:41 . 2008-02-11 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-10 12:36 . 2008-02-19 19:55 13,030 --ah----- C:\PDOXUSRS.NET
2008-02-10 12:34 . 2008-02-10 12:34 <DIR> d-------- C:\Program Files\MasterCom
2008-02-10 12:34 . 2008-02-10 12:34 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-02-10 12:34 . 1999-02-17 04:02 1,888,224 --a------ C:\WINDOWS\system32\VCL40.BPL
2008-02-10 12:34 . 1998-10-22 04:01 781,816 --a------ C:\WINDOWS\system32\VCLDB40.BPL
2008-02-10 12:33 . 2008-02-10 12:33 <DIR> d-------- C:\Documents and Settings\sladja\WINDOWS
2008-02-10 12:33 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-09 20:51 . 2008-02-09 20:51 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\URSoft
2008-02-09 20:50 . 2008-02-09 20:58 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-02-08 17:35 . 2008-02-21 20:10 <DIR> d-------- C:\Program Files\DivX
2008-02-07 22:11 . 2008-02-07 22:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-07 16:48 . 2008-02-21 20:19 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-07 16:32 . 2008-02-07 16:35 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\Ahead
2008-02-07 16:29 . 2008-02-07 16:29 <DIR> d-------- C:\Program Files\Nero
2008-02-07 16:29 . 2008-02-07 19:35 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-07 16:03 . 2008-02-07 16:03 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\Ashampoo
2008-02-07 16:03 . 2008-02-07 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-02-07 15:27 . 2008-02-07 15:27 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\CyberLink
2008-02-05 21:27 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-02-05 14:39 . 2008-02-05 14:39 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\ESET
2008-02-05 14:36 . 2008-02-07 17:25 <DIR> d-------- C:\Program Files\ESET
2008-02-05 14:36 . 2008-02-05 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-03 22:18 . 2008-02-03 22:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-03 22:18 . 2003-06-23 02:44 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-02-03 22:18 . 2006-04-20 16:00 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-03 22:18 . 2006-07-03 23:40 620,180 --a------ C:\WINDOWS\system32\divx.dll
2008-02-03 22:18 . 2006-08-17 14:46 591,890 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-02-03 22:18 . 2006-02-27 15:30 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-03 22:18 . 2006-05-13 23:16 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-02-03 22:18 . 2006-07-05 20:02 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-03 22:18 . 2005-02-24 18:56 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-03 17:49 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-03 17:49 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-03 14:38 . 2008-02-21 20:18 <DIR> d-------- C:\download
2008-02-03 13:23 . 2008-02-03 13:23 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\Uniblue
2008-02-03 13:17 . 2008-02-03 13:23 <DIR> d-------- C:\Program Files\Uniblue
2008-02-03 00:42 . 2008-02-04 21:40 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\Media Player Classic
2008-02-02 20:06 . 2008-02-21 20:08 <DIR> d-------- C:\Igre
2008-02-01 21:34 . 2004-10-11 18:21 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-02-01 21:28 . 2008-02-01 21:28 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-01 21:28 . 2004-12-14 19:16 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-02-01 21:14 . 2008-02-01 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-31 15:04 . 2008-02-21 12:52 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-01-31 15:04 . 2008-02-21 12:52 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\FBC7982402.sys
2008-01-31 14:58 . 2008-01-31 14:58 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-01-31 14:58 . 2008-01-31 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-01-31 14:55 . 2008-01-31 14:55 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-01-31 14:53 . 2008-01-31 14:53 <DIR> d-------- C:\Program Files\Corel
2008-01-27 18:12 . 2008-01-27 18:12 <DIR> d-------- C:\Program Files\Winamp
2008-01-27 18:12 . 2008-01-27 18:35 <DIR> d-------- C:\Documents and Settings\sladja\Application Data\Winamp
2008-01-25 16:06 . 2008-01-25 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-25 16:06 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-01-25 16:05 . 2008-02-07 16:25 <DIR> d-------- C:\Program Files\Ahead
2008-01-24 21:16 . 2008-01-24 21:16 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-24 16:50 . 2008-01-24 16:50 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-24 16:49 . 2008-02-11 20:40 <DIR> d-------- C:\WINDOWS\ShellNew

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 21:21 --------- d-----w C:\Program Files\FlashGet
2008-02-21 19:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 14:44 74,016 ----a-w C:\Documents and Settings\sladja\Application Data\GDIPFONTCACHEV1.DAT
2008-02-11 18:46 --------- d-----w C:\Program Files\Valve
2008-02-09 12:57 --------- d-----w C:\Program Files\CyberLink
2008-02-09 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-07 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-02 23:51 --------- d-----w C:\Program Files\Mv2Player
2008-02-02 12:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-01 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 20:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-31 14:04 --------- d-----w C:\Documents and Settings\sladja\Application Data\Corel
2008-01-30 22:45 --------- d-----w C:\Program Files\UltimateZip 2007
2008-01-26 14:22 --------- d-----w C:\Documents and Settings\sladja\Application Data\uTorrent
2008-01-22 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-19 21:46 --------- d-----w C:\Documents and Settings\sladja\Application Data\TuneUp Software
2008-01-19 17:09 --------- d-----w C:\Program Files\uTorrent
2008-01-08 12:40 --------- d-----w C:\Program Files\Lavalys
2008-01-07 11:56 --------- d-----w C:\Documents and Settings\sladja\Application Data\Image Zone Express
2008-01-07 11:55 --------- d-----w C:\Documents and Settings\sladja\Application Data\HP
2008-01-07 11:53 --------- d-----w C:\Program Files\HP
2008-01-07 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-07 11:52 --------- d-----w C:\Program Files\Common Files\HP
2008-01-07 11:51 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-07 11:50 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-01-04 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-04 16:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-04 16:42 --------- d-----w C:\Program Files\Bonjour
2008-01-04 16:35 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-02 15:57 --------- d-----w C:\Documents and Settings\sladja\Application Data\Nero
2008-01-02 13:28 --------- d-----w C:\Documents and Settings\sladja\Application Data\AdobeUM
2008-01-01 22:10 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-01 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-01 21:36 --------- d-----w C:\Program Files\ffdshow
2008-01-01 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-01 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-01 16:06 --------- d-----w C:\Program Files\SEC
2008-01-01 16:00 15,939 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-01 16:00 --------- d-----w C:\Program Files\Gigabyte
2008-01-01 15:55 --------- d-----w C:\Program Files\C-Media
2008-01-01 15:47 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22 7618560]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 17:22 86016]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GN-WPKG Utility.lnk - C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe [2008-01-01 17:00:34 524288]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sladja^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2003-03-20 07:21 1855488 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamWizard]
-r------- 2004-12-15 04:01 180224 C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2005-04-25 13:45 36040 C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-12-14 18:19 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

R0 rseb;rseb;C:\WINDOWS\system32\drivers\rseb.sys [2004-06-01 19:44]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2151060-E1E2-80EA-F7F8-E64DF249743C}]
C:\WINDOWS\system32:moth3r.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-15 13:18:08 C:\WINDOWS\Tasks\WebReg psc 1400 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-02-22 22:24:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32:moth3r.exe 18432 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-02-22 22:25:43
.
2008-01-08 14:20:33 --- E O F ---

Poslao: 22 Feb 2008 17:51
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2151060-E1E2-80EA-F7F8-E64DF249743C}]

ADS::
C:\WINDOWS\system32\


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 22 Feb 2008 22:36
Idi na vrh
offline
  • Pridružio: 12 Okt 2007
  • Poruke: 158

nisam uspela jer je zakucavao komp pa sam reinstalirala sys
problem resen

MyCity » Ambulanta -> Arhiva Ambulante » proces

Ko je trenutno na forumu
 

Ukupno su 1097 korisnika na forumu :: 214 registrovanih, 14 sakrivenih i 869 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _stipa_, abramac, airliners, aleksandar1888, Aleksandar1991, aleph_one, Alexa77, ALEXV, amstel, aramis s, ArchaBasha, ArmFPGA, asdfjklc, Asteker, Ba4e, baltazar01, bato_banjaluka, Baždaranac, blue, Bobrock1, Bojcca, bojcistv, bokisha253, Boris BM, Boris.A, Boroš, BORUTUS, brandža84, C-Gun, ceman, CHARLIE JA., chichabg, cifra, Colt D, comi, Corba, Cp6uH, Crazzer, cvrle312, cyprus, Darko Jovanovic, darkojbn, Darth Malak, dd11ll, debeli, dejan.7951, dekan.m, delboy, dendrit86, dexteroza, Dixtrix, djboj, Djole3621, djukapfc, DJUNTA, dozorni, draganca, draganche.rs, Dungorth, Dzoni70, eulereix, Feller, Filip1, foka106, FOX, Fructo, Gitzherai, Goran 0000, goran.vvv, GrammaticalAnalysis, Grandmaster1, hajduk1911, Hardenberg, hellenic, In_hero, IvanM1984, Jakonjveliki, Jan, Jecmendo, JK, jodzula, Joja, Jovan1983, Još malo pa deda, jugoslav.70, Kajzer Soze, Kalem, king111, Kobrim, Komanca, kondenzator, kori, Krusarac, Kum Ruzvelt, Kuroje, kybonacci, Leonov, Levi, Lieutenant, Lj_ubo, lord sir giga, Lošmi, Lucije Kvint, ludvig 78, Luke Pathfinder, Makarid, Mane88, marko.markovic, MarkoD, MarkoJ-Nis, Mcdado, mean_machine, medaTT, mercedesamg, metallac777, Metanoja, Miki 24pbr, Miki281, mile.ilic75, milenko crazy north, Miler88, mir, MiroslavD, Mldo, mm1811, Mozgonja, Mrav Obrad, MrG, mux, Naj-Turs, nerevar, Neutral, nizam, Nomica, Novakomp, operniki, paja69, Paki, Paklenica, panonski mornar, Papadubi, Parker, partyzan, pedja.st, Permaldar, ping15, pisac12, Povratak1912, Prašinar, RajkoB, rambod, raptorsi, razumihin, Redred, RileHerc, RJ, royst33, SamoGledam, sasics, Semberija, Sharpshooter, shone34, singa, Slingshot, Smajser, Sone0883, Srle993, Steeeefan, stegonosa, stokssone, styg, Su 57, synergia, Tastatura ratnik, TBoy, tecataki, Teodor60, The_new_Statesman, tomigun, tomo2, Tribal, trpche, TTN, tubular, uruk, US_Rank_0, Vanderx, VanZan, VaRvArI 85, Vasilije74, vathra, Vatreni Zmaj, Veless, vensla, vija, Vlad000, Vlada76, Vlada78, vladetije, vladulns, Vojvoda81, Vrač, vuksa72, wizzardone, x011, XBMC, yagosh, yip314, Zavulon, zdrebac, Zeljo980, zil10, zziko, Đak 22