spyware

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:57, on 23.2.2009
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AntiSpyware Pro\AntiSpyware Pro.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Цале и Санја\Desktop\HiJackThis.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AntiSpyware Pro] "C:\Program Files\AntiSpyware Pro\AntiSpyware Pro.exe" hide
O4 - HKLM\..\Run: [d0f1deac] rundll32.exe "C:\WINDOWS\system32\mfvopjix.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5069 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako ne valja:


Klikni desno dugme misa na ikonicu programa i odaberi opciju Rename:


Zadaj mu neko bezvezno ime, recimo GH5.EXE ili TR3.EXE, ili bilo sta drugo samo da se ne spominje HijackThis:


Skeniraj, i postavi mi log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:34, on 23.2.2009
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AntiSpyware Pro\AntiSpyware Pro.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Цале и Санја\Desktop\h.exe.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {025C56D6-7269-4FA4-92FB-80C998C582F4} - C:\WINDOWS\system32\ddcDstRL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2AABD0C3-1B64-4DE0-AE17-BBBE806197F2} - C:\WINDOWS\system32\ddcCUnoo.dll
O2 - BHO: AntiSpyware Pro Site Blocker Button - {66B643BE-5E94-4569-B93E-CE2636848AC8} - C:\Program Files\AntiSpyware Pro\ASProSB.dll
O2 - BHO: Windows Live помагач за пијављивање - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AntiSpyware Pro] "C:\Program Files\AntiSpyware Pro\AntiSpyware Pro.exe" hide
O4 - HKLM\..\Run: [d0f1deac] rundll32.exe "C:\WINDOWS\system32\mfvopjix.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcCUnoo - C:\WINDOWS\SYSTEM32\ddcCUnoo.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5905 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.

------------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-21.01 - Цале и Санја 2009-02-23 22:48:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2047.1357 [GMT 1:00]
Running from: c:\documents and settings\Цале и Санја\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AntiSpyware Pro
c:\program files\AntiSpyware Pro\AntiSpyware Pro.db
c:\program files\AntiSpyware Pro\AntiSpyware Pro.exe
c:\program files\AntiSpyware Pro\AntiSpywarePro.pkg
c:\program files\AntiSpyware Pro\ASProSB.dll
c:\program files\AntiSpyware Pro\ASpyProPUBlk.dll
c:\program files\AntiSpyware Pro\BlankActiveX.ocx
c:\program files\AntiSpyware Pro\prg.info
c:\program files\AntiSpyware Pro\Uninstall.exe
c:\windows\system32\ddcCUnoo.dll
c:\windows\system32\ddcDstRL.dll
c:\windows\system32\fpbffaov.dll
c:\windows\system32\gfeneyiv.ini
c:\windows\system32\LRtsDcdd.ini
c:\windows\system32\LRtsDcdd.ini2
c:\windows\system32\mfvopjix.dll
c:\windows\system32\voaffbpf.ini
c:\windows\system32\xijpovfm.ini

.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.

2009-02-23 22:13 . 2009-02-23 22:13 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-22 22:52 . 2009-02-22 22:53 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\AntiSpyware Pro
2009-02-22 22:52 . 2009-02-23 20:33 0 --ah----- c:\windows\.security
2009-02-22 22:52 . 2009-02-23 20:33 0 --ah----- C:\.security
2009-02-19 23:09 . 2009-02-23 22:51 <DIR> d-------- c:\documents and settings\Цале и Санја\Tracing
2009-02-19 23:09 . 2009-02-23 22:51 <DIR> d-------- c:\documents and settings\Цале и Санја\Tracing
2009-02-19 23:01 . 2004-03-12 00:53 26,624 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-19 23:00 . 2009-02-19 23:00 <DIR> d-------- c:\program files\Webteh
2009-02-19 23:00 . 2009-02-19 23:00 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\BSplayer PRO
2009-02-19 22:57 . 2009-02-19 22:57 <DIR> d-------- c:\program files\Winamp Toolbar
2009-02-19 22:57 . 2009-02-19 22:57 <DIR> d-------- c:\program files\Winamp Remote
2009-02-19 22:57 . 2009-02-19 22:57 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2009-02-19 22:57 . 2009-02-19 22:57 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\OrbNetworks
2009-02-19 22:54 . 2009-02-19 22:54 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\Macromedia
2009-02-19 22:54 . 2009-02-19 22:54 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\Adobe
2009-02-19 22:51 . 2009-02-19 22:58 <DIR> d-------- c:\program files\Winamp
2009-02-19 22:51 . 2009-02-19 22:58 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\Winamp
2009-02-19 22:44 . 2009-02-19 22:44 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\Mozilla
2009-02-19 22:44 . 2009-02-19 22:44 0 --a------ c:\windows\nsreg.dat
2009-02-19 22:43 . 2004-03-12 01:46 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-02-19 22:43 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-02-19 22:42 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-02-19 22:40 . 2009-02-19 21:48 <DIR> dr------- c:\documents and settings\All Users.WINDOWS\Documents
2009-02-19 22:39 . 2009-02-23 22:48 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS
2009-02-19 22:39 . 2009-02-19 21:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS
2009-02-19 22:38 . 2009-02-19 21:53 582 --a------ c:\windows\system32\$winnt$.inf
2009-02-19 22:37 . 2009-02-19 22:37 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\ESET
2009-02-19 22:36 . 2009-02-19 22:36 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ESET
2009-02-19 22:35 . 2009-02-19 22:35 <DIR> d-------- c:\windows\system32\3com_dmi
2009-02-19 22:35 . 2009-02-19 22:35 <DIR> d-------- c:\windows\system32\1031
2009-02-19 22:35 . 2009-02-19 22:35 <DIR> d-------- c:\windows\system32\1028
2009-02-19 22:35 . 2009-02-19 22:35 <DIR> d-------- c:\windows\system32\1025
2009-02-19 22:29 . 2009-02-19 22:33 <DIR> d-------- c:\program files\EXPERTool
2009-02-19 22:29 . 2007-03-16 10:11 12,256 --a------ c:\windows\system32\drivers\TBPanel.sys
2009-02-19 22:25 . 2009-02-19 22:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield
2009-02-19 22:25 . 2009-02-19 22:25 <DIR> d--h----- C:\ASUS.SYS
2009-02-19 22:25 . 2009-02-19 22:25 <DIR> d--h----- C:\ASUS.000
2009-02-19 22:24 . 1999-10-15 12:50 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2009-02-19 22:24 . 2006-07-22 19:37 49,152 --a------ c:\windows\system32\INETWH32.dll
2009-02-19 22:23 . 2009-02-19 22:24 <DIR> d-------- c:\program files\Ulead Systems
2009-02-19 22:23 . 2009-02-19 22:24 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2009-02-19 22:23 . 2009-02-19 22:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ulead Systems
2009-02-19 22:21 . 2009-02-19 22:21 <DIR> d-------- c:\program files\Atheros Communications Inc
2009-02-19 22:21 . 2009-02-19 22:21 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-02-19 22:12 . 2009-02-19 22:13 666 --a------ c:\windows\setup.iss
2009-02-19 22:10 . 2009-02-19 22:10 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-02-19 22:10 . 2009-02-19 22:10 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-02-19 22:07 . 2007-11-19 04:01 1,970,176 -ra------ c:\windows\system32\xRaidSetup.exe
2009-02-19 22:07 . 2008-03-19 03:54 151,552 -ra------ c:\windows\system32\xRaidAPI.dll
2009-02-19 22:07 . 2008-05-08 07:21 77,200 -ra------ c:\windows\system32\drivers\jraid.sys
2009-02-19 22:06 . 2006-08-01 08:02 49,152 -ra------ c:\windows\system32\ChCfg.exe
2009-02-19 22:06 . 2006-01-10 09:50 24,576 -ra------ c:\windows\system32\AsIO.dll
2009-02-19 22:06 . 2007-12-17 10:14 12,400 -ra------ c:\windows\system32\drivers\AsIO.sys
2009-02-19 22:06 . 2008-01-04 13:34 11,832 --a------ c:\windows\system32\drivers\AsInsHelp64.sys
2009-02-19 22:06 . 2008-01-04 13:34 10,216 --a------ c:\windows\system32\drivers\AsInsHelp32.sys
2009-02-19 22:06 . 2007-11-14 08:18 553 -r------- c:\windows\USetup.iss
2009-02-19 22:04 . 2008-03-05 11:07 520,192 -r------- c:\windows\RtlExUpd.dll
2009-02-19 22:04 . 2009-02-19 22:04 315,392 --a------ c:\windows\HideWin.exe
2009-02-19 22:04 . 2008-03-11 12:37 36,864 -ra------ c:\windows\system32\drivers\l1e51x86.sys
2009-02-19 21:58 . 2004-03-12 00:54 67,840 --a------ c:\windows\system32\drivers\pci.sys
2009-02-19 21:58 . 2004-03-12 00:54 67,840 --a--c--- c:\windows\system32\dllcache\pci.sys
2009-02-19 21:58 . 2008-03-26 04:15 53,248 -ra------ c:\windows\system32\CSVer.dll
2009-02-19 21:58 . 2001-08-17 13:58 35,840 --a------ c:\windows\system32\drivers\isapnp.sys
2009-02-19 21:58 . 2001-08-17 13:58 35,840 --a--c--- c:\windows\system32\dllcache\isapnp.sys
2009-02-19 21:57 . 2009-02-19 22:12 36,387 --a------ c:\windows\Ascd_log.ini
2009-02-19 21:57 . 2004-08-13 03:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys
2009-02-19 21:56 . 2009-02-19 22:11 35,422 --a------ c:\windows\Ascd_tmp.ini
2009-02-19 21:56 . 2007-12-28 08:22 10,296 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-02-19 21:55 . 2009-02-19 21:47 <DIR> d--h----- c:\documents and settings\Цале и Санја\Templates
2009-02-19 21:55 . 2009-02-19 21:47 <DIR> d--h----- c:\documents and settings\Цале и Санја\Templates
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> dr------- c:\documents and settings\Цале и Санја\Start Menu
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> dr------- c:\documents and settings\Цале и Санја\Start Menu
2009-02-19 21:55 . 2009-02-19 21:55 <DIR> dr-h----- c:\documents and settings\Цале и Санја\SendTo
2009-02-19 21:55 . 2009-02-19 21:55 <DIR> dr-h----- c:\documents and settings\Цале и Санја\SendTo
2009-02-19 21:55 . 2009-02-23 22:06 <DIR> dr-h----- c:\documents and settings\Цале и Санја\Recent
2009-02-19 21:55 . 2009-02-23 22:06 <DIR> dr-h----- c:\documents and settings\Цале и Санја\Recent
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> d--h----- c:\documents and settings\Цале и Санја\PrintHood
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> d--h----- c:\documents and settings\Цале и Санја\PrintHood
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> d--h----- c:\documents and settings\Цале и Санја\NetHood
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> d--h----- c:\documents and settings\Цале и Санја\NetHood
2009-02-19 21:55 . 2009-02-19 22:58 <DIR> dr------- c:\documents and settings\Цале и Санја\My Documents
2009-02-19 21:55 . 2009-02-19 22:58 <DIR> dr------- c:\documents and settings\Цале и Санја\My Documents
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> d--h----- c:\documents and settings\Цале и Санја\Local Settings
2009-02-19 21:55 . 2009-02-19 22:40 <DIR> d--h----- c:\documents and settings\Цале и Санја\Local Settings
2009-02-19 21:55 . 2009-02-19 21:55 <DIR> dr------- c:\documents and settings\Цале и Санја\Favorites
2009-02-19 21:55 . 2009-02-19 21:55 <DIR> dr------- c:\documents and settings\Цале и Санја\Favorites
2009-02-19 21:55 . 2009-02-23 22:47 <DIR> d-------- c:\documents and settings\Цале и Санја\Desktop
2009-02-19 21:55 . 2009-02-23 22:47 <DIR> d-------- c:\documents and settings\Цале и Санја\Desktop
2009-02-19 21:55 . 2009-02-23 22:51 <DIR> d---s---- c:\documents and settings\Цале и Санја\Cookies
2009-02-19 21:55 . 2009-02-23 22:51 <DIR> d---s---- c:\documents and settings\Цале и Санја\Cookies
2009-02-19 21:55 . 2009-02-19 23:09 <DIR> d---s---- c:\documents and settings\Цале и Санја\Application Data\Microsoft
2009-02-19 21:55 . 2009-02-19 21:55 <DIR> d-------- c:\documents and settings\Цале и Санја\Application Data\Identities
2009-02-19 21:55 . 2009-02-22 22:52 <DIR> dr-h----- c:\documents and settings\Цале и Санја\Application Data
2009-02-19 21:55 . 2009-02-22 22:52 <DIR> dr-h----- c:\documents and settings\Цале и Санја\Application Data
2009-02-19 21:55 . 2009-02-19 23:09 <DIR> d-------- c:\documents and settings\Цале и Санја
2009-02-19 21:55 . 2009-02-23 22:51 1,048,576 --ah----- c:\documents and settings\Цале и Санја\NTUSER.DAT
2009-02-19 21:55 . 2009-02-23 22:51 1,048,576 --ah----- c:\documents and settings\Цале и Санја\NTUSER.DAT
2009-02-19 21:54 . 2009-02-19 21:54 <DIR> d--hs---- c:\documents and settings\LocalService.NT AUTHORITY
2009-02-19 21:53 . 2009-02-19 21:53 <DIR> d--hs---- c:\documents and settings\NetworkService.NT AUTHORITY
2009-02-19 21:53 . 2009-02-19 21:53 8,192 --a------ c:\windows\REGLOCS.OLD
2009-02-19 21:51 . 2001-08-23 13:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-02-19 21:50 . 2009-02-19 22:56 <DIR> d--hs---- c:\documents and settings\All Users.WINDOWS\DRM
2009-02-19 21:50 . 2009-02-19 21:50 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-19 21:50 . 2009-02-19 21:50 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-19 21:50 . 2009-02-19 21:50 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-19 21:50 . 2009-02-19 21:50 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-19 21:50 . 2009-02-19 21:50 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-19 21:50 . 2009-02-19 21:50 749 -rah----- c:\windows\system32\cdplayer.exe.manifest
2009-02-19 21:50 . 2009-02-19 21:50 488 -rah----- c:\windows\system32\WindowsLogon.manifest
2009-02-19 21:50 . 2009-02-19 21:50 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-19 21:48 . 2004-03-12 00:18 4,256,768 --a--c--- c:\windows\system32\dllcache\wmm2res.dll
2009-02-19 21:47 . 2001-08-23 13:00 227,840 --a--c--- c:\windows\system32\dllcache\avtapi.dll
2009-02-19 21:46 . 2004-03-12 00:18 1,653,760 --a--c--- c:\windows\system32\dllcache\comsvcs.dll
2009-02-11 19:06 . 2009-02-11 19:06 <DIR> d-------- c:\program files\Ares
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-02 17:50 . 2009-02-02 17:50 <DIR> d-------- c:\documents and settings\No Name\Application Data\Apple Computer
2009-02-02 17:49 . 2009-02-02 17:49 <DIR> d-------- c:\program files\QuickTime
2009-02-02 17:49 . 2009-02-02 17:49 <DIR> d-------- c:\program files\iTunes
2009-02-02 17:49 . 2009-02-02 17:49 <DIR> d-------- c:\program files\iPod
2009-02-02 17:49 . 2009-02-02 17:49 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-02 17:49 . 2009-02-02 17:49 <DIR> d-------- c:\program files\Bonjour
2009-02-02 17:49 . 2009-02-02 17:49 <DIR> d-------- c:\program files\Apple Software Update
2009-02-01 16:37 . 2009-02-01 16:37 <DIR> d-------- c:\program files\Bandoo
2009-01-28 20:21 . 2009-01-28 20:21 <DIR> d-------- c:\program files\Google
2009-01-27 18:15 . 2009-01-27 18:15 <DIR> d-------- C:\INTRPLAY

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 21:56 --------- d-----w c:\program files\ESET
2009-02-19 21:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 21:24 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-19 21:20 --------- d-----w c:\program files\ASUS
2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-03-12 14336]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-07-10 2177576]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-09 1423360]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2008-05-09 1211904]
"Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-06-25 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-03-12 14336]

c:\documents and settings\Ґ РЁ · д ФЋ \Start Menu\Programs\Startup\
.security [2009-02-23 0]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
.security [2009-02-23 0]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-02-12 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-02-19 36864]
.
- - - - ORPHANS REMOVED - - - -

BHO-{025C56D6-7269-4FA4-92FB-80C998C582F4} - c:\windows\system32\ddcDstRL.dll
BHO-{66B643BE-5E94-4569-B93E-CE2636848AC8} - c:\program files\AntiSpyware Pro\ASProSB.dll
HKLM-Run-AntiSpyware Pro - c:\program files\AntiSpyware Pro\AntiSpyware Pro.exe


.
------- Supplementary Scan -------
.
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath - c:\documents and settings\Цале и Санја\Application Data\Mozilla\Firefox\Profiles\da6yoe87.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-23 22:51:40
Windows 5.1.2600 Service Pack 2, v.2096 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-02-23 22:52:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-23 21:52:38

Pre-Run: 305.927.389.184 bytes free
Post-Run: 306,570,584,064 bytes free

265

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljuci Antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\Цале и Санја\Start Menu\Programs\Startup\
.security
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
.security
c:\windows\.security
C:\.security

Folder::
c:\documents and settings\Цале и Санја\Application Data\AntiSpyware Pro
Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.