warnning you have security problem

1

warnning you have security problem

offline
  • Bodin 
  • Novi MyCity građanin
  • Pridružio: 24 Jan 2006
  • Poruke: 14

Ovo mi izlazi i mislim da je nesto ozbiljno. Ortak mi je 2 dana bio na kompu, njegov crkao i trebao mu komp da sprema diplomski. zanima me sta mu se desilo...
samo sto sam uzeo komp od njega, nema ni 10 minuta...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:10:04, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\VM_STI.EXE
F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Documents and Settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\Bodin\LOCALS~1\Temp\perce.jpg
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Bodin\LOCALS~1\Temp\systeminit.exe
F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\Program Files\mIRC\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = eko030.wordpress.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Bodin\LOCALS~1\Temp\perce.jpg.exe
O4 - HKCU\..\Run: [systeminit.exe] C:\DOCUME~1\Bodin\LOCALS~1\Temp\systeminit.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3392824890
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - earn2life.com/plugin/Earn2Life.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.157,85.255.112.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8862 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Da... imas aktivnu infekciju..

Uradi sledece :

Privremeno iskljuci sav zastitni softver i :

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Bodin 
  • Novi MyCity građanin
  • Pridružio: 24 Jan 2006
  • Poruke: 14

ComboFix 09-02-12.03 - Bodin 2009-02-14 10:14:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.589 [GMT 1:00]
Running from: c:\documents and settings\Bodin\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-12 23:11 . 2009-02-12 23:11 67,200 --ah----- c:\windows\system32\mlfcache.dat
2009-02-09 12:36 . 2009-02-09 12:36 <DIR> d-------- c:\documents and settings\Bodin\Application Data\Uniblue
2009-02-09 12:28 . 2009-02-09 12:28 <DIR> d-------- c:\program files\Uniblue
2009-02-09 12:27 . 2009-02-09 12:28 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-02-01 16:06 . 2008-04-14 05:42 712,704 --------- c:\windows\system32\windowscodecs.dll
2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\system32\scripting
2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\system32\en
2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\system32\bits
2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\l2schemas
2009-02-01 15:58 . 2008-04-13 22:06 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2009-02-01 15:58 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-02-01 15:56 . 2006-12-29 00:31 19,569 --a------ c:\windows\005545_.tmp
2009-01-31 10:31 . 2009-01-31 10:31 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-31 10:08 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-01-31 10:08 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-01-31 10:08 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-01-31 10:08 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-31 10:08 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-01-30 18:04 . 2009-01-30 18:04 <DIR> d--hs---- c:\documents and settings\Mama i Tata\PrivacIE
2009-01-24 22:42 . 2009-01-25 00:10 <DIR> d-------- C:\USBNoRisk
2009-01-17 20:41 . 2009-01-17 20:41 <DIR> d-------- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 09:16 29,587,488 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-14 01:20 --------- d-----w c:\documents and settings\Bodin\Application Data\mIRC
2009-02-14 00:30 --------- d-----w c:\program files\mIRC
2009-02-13 15:04 --------- d-----w c:\documents and settings\Bodin\Application Data\uTorrent
2009-02-13 14:55 2,934,784 ----a-w c:\windows\Internet Logs\xDB25.tmp
2009-02-13 14:55 2,233,344 ----a-w c:\windows\Internet Logs\xDB26.tmp
2009-02-12 19:14 353,132 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-12 09:26 --------- d-----w c:\program files\a-squared Anti-Malware
2009-02-09 15:35 --------- d-----w c:\documents and settings\Bodin\Application Data\SolidWorks
2009-02-07 17:56 --------- d-----w c:\documents and settings\Bodin\Application Data\Skype
2009-02-01 17:25 --------- d-----w c:\program files\MSN Messenger
2009-01-31 23:50 --------- d-----w c:\documents and settings\Bodin\Application Data\skypePM
2009-01-31 08:44 64,260 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_01_31_01_02_26_small.dmp.zip
2009-01-31 01:08 3,202,560 ----a-w c:\windows\Internet Logs\xDB24.tmp
2009-01-23 01:58 3,561,984 ----a-w c:\windows\Internet Logs\xDB22.tmp
2009-01-23 01:58 2,184,192 ----a-w c:\windows\Internet Logs\xDB23.tmp
2009-01-20 06:40 9,793,332 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-11 18:19 2,824,704 ----a-w c:\windows\Internet Logs\xDB21.tmp
2009-01-07 22:13 47,104 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2009-01-07 22:13 2,141,696 ----a-w c:\windows\Internet Logs\xDB20.tmp
2009-01-07 22:10 29,184 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2009-01-07 22:10 2,141,696 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2009-01-07 22:08 2,141,696 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2009-01-07 22:08 138,752 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2009-01-07 21:56 2,141,696 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2009-01-07 21:56 135,168 ----a-w c:\windows\Internet Logs\xDB19.tmp
2009-01-07 21:40 2,141,184 ----a-w c:\windows\Internet Logs\xDB18.tmp
2009-01-07 21:40 161,280 ----a-w c:\windows\Internet Logs\xDB17.tmp
2009-01-07 21:20 36,352 ----a-w c:\windows\Internet Logs\xDB15.tmp
2009-01-07 21:20 2,140,160 ----a-w c:\windows\Internet Logs\xDB16.tmp
2009-01-07 21:17 38,400 ----a-w c:\windows\Internet Logs\xDB13.tmp
2009-01-07 21:17 2,140,160 ----a-w c:\windows\Internet Logs\xDB14.tmp
2009-01-07 21:15 28,160 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-01-07 21:15 2,140,160 ----a-w c:\windows\Internet Logs\xDB12.tmp
2009-01-07 20:09 2,812,416 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-01-07 20:09 2,139,648 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-01-07 15:55 --------- d-----w c:\documents and settings\Bodin\Application Data\Hide IP NG
2009-01-03 17:01 3,431,936 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-01-03 17:01 2,097,664 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-12-15 21:26 --------- d-----w c:\documents and settings\Bodin\Application Data\AVS4YOU
2008-12-15 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-15 21:25 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-15 21:25 --------- d-----w c:\program files\AVS4YOU
2008-08-21 14:31 81,920 ----a-w c:\documents and settings\Bodin\Application Data\ezpinst.exe
2008-08-21 14:31 47,360 ----a-w c:\documents and settings\Bodin\Application Data\pcouffin.sys
2007-12-06 21:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{93344865-74BD-4873-BE65-56539D41A65C}"= "c:\windows\Downloaded Program Files\Earn2Life.dll" [2007-05-14 303104]

[HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-08 270128]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"CorelDRAW Graphics Suite 11b"="f:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"LabtecKB"="c:\program files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE" [2003-09-25 204800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMan"="SOUNDMAN.EXE" [2003-02-27 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/16/2007 8:36:36 PM 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Highlight Zone II.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Highlight Zone II.lnk
backup=c:\windows\pss\Highlight Zone II.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bodin^Start Menu^Programs^Startup^Registration Myst V]
path=c:\documents and settings\Bodin\Start Menu\Programs\Startup\Registration Myst V
backup=c:\windows\pss\Registration Myst VStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-12-12 14:09 167368 f:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LabtecKB]
--a------ 2003-09-25 09:18 204800 c:\program files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 15:48 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a--c--- 2007-08-31 16:46 1460560 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2003-02-27 14:29 47104 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Prime95 Service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"ERSvc"=2 (0x2)
"Autodata Limited License Service"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DefWatch"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"StarWindServiceAE"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [12/31/2007 3:30:10 PM 53760]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [12/29/2007 7:09:41 PM 137344]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [12/29/2007 7:09:40 PM 12032]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys --> c:\windows\system32\drivers\wf2kvcap.sys [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys --> c:\windows\system32\drivers\wf2ktunr.sys [?]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys --> c:\windows\system32\drivers\wf2kxbar.sys [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [11/19/2007 1:10:47 PM 5824]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S4 Prmotsgrnpnt;Prmotsgrnpnt;c:\windows\system32\netdde.exe [8/29/2002 4:41:28 AM 111104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c533576-98f9-11dc-bdab-000c6ed05503}]
\Shell\AutoRun\command - l:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - l:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-682003330-725345543-1003.job
- c:\documents and settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 12:50]

2009-02-14 c:\windows\Tasks\User_Feed_Synchronization-{28FFE4AA-5C91-4F08-9FF3-B4B29A9A724B}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0A58754D-A452-4CBB-B8A4-B2BDCC8A0A9C} - (no file)
HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
HKLM-Run-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe
Notify-wvuroon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://eko030.wordpress.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} - c:\windows\Downloaded Program Files\Earn2Life.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {93344865-74BD-4873-BE65-56539D41A65C} - hxxp://www.earn2life.com/plugin/Earn2Life.cab
FF - ProfilePath - c:\documents and settings\Bodin\Application Data\Mozilla\Firefox\Profiles\9z93p0j7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://eko030.worpress.com
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Bodin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-14 10:16:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-682003330-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:47,fd,1c,06,c8,dd,9f,1c,fb,dd,93,01,5f,c9,af,5d,bb,6a,fa,11,60,c6,d2,
db,cd,db,94,65,25,47,a1,d3,61,af,21,00,40,9e,b4,97,5e,de,68,a7,47,fd,28,f6,\
"??"=hex:d4,e2,c7,20,6c,2f,dc,27,c4,23,51,1c,29,66,76,1b

[HKEY_LOCAL_MACHINE\software\Autodata\CDX2]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-14 10:20:02
ComboFix-quarantined-files.txt 2009-02-14 09:18:44
ComboFix2.txt 2009-02-14 01:58:00
ComboFix3.txt 2009-01-24 13:21:28

Pre-Run: 1,063,784,448 bytes free
Post-Run: 1,048,530,944 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
269

Dopuna: 14 Feb 2009 10:28

Nasao sam sta je radio...
zadnji fail koji je skinuo je neki viewtubesoftware.40017.exe
bio je na nekom (film-za-odrasle)-o sajtu...ne vidim da je fail instaliran na kompu, zvacu ga da vidim sta je radio sa njim...

Dopuna: 14 Feb 2009 15:25

sad sam primetio da mi se ugasilo upozorenje i da ne iskace vise. Kada idem na IE vise me ne baca na stranice za skeniranje kompa...da li to znaci da se popravilo?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ti si i ranije pustao CF???

Okaci mi sledece logove :

ComboFix-quarantined-files.txt
ComboFix2.txt
ComboFix3.txt

Na C particiji se nalaze ...

Postavi ih preko opcije prikaci fajl

offline
  • Bodin 
  • Novi MyCity građanin
  • Pridružio: 24 Jan 2006
  • Poruke: 14

jesam...pre manje od 2 meseca

i danas sam bio pustio 2 puta, jer nisam ugasio bio spy guard ili tako ensto, nisam znao ni da imam to

Dopuna: 14 Feb 2009 17:13

nasao sam samo ovaj jedan fail u rootu c-a

Dopuna: 14 Feb 2009 17:14

mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Idi u sledeci folder na C particiji :

C:\QooBox\

i pgledaj dal tamo imas navedene logove i okaci ih...

offline
  • Bodin 
  • Novi MyCity građanin
  • Pridružio: 24 Jan 2006
  • Poruke: 14

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jel sad nemas vise problema?

offline
  • Bodin 
  • Novi MyCity građanin
  • Pridružio: 24 Jan 2006
  • Poruke: 14

nemam...hvala...znaci uvek da skinem CF da ga pokrenem i to je to?
I DA NEDAJEM ORTTAKU KOMP!!!

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ne, ne i ne... Combofix nikad nemoj da pokreces na svoju ruku...To sto si ga ti pokretao i sve je proslo u redu ne znaci da ce uvek tako biti.... Sta ako zakacis malware koji CF nije obrisao u potpunosti..? Znaci ako imas problema sa malware-om, dodji ovde....


Uradi sledece :

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Ko je trenutno na forumu
 

Ukupno su 1384 korisnika na forumu :: 34 registrovanih, 7 sakrivenih i 1343 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, Asparagus, babaroga, bojcistv, comi_pfc, Dorcolac, Dukelander, FileFinder, GandorCC, Georgius, kolle.the.kid, ljuba, Lošmi, Marko Marković, MB120mm, Mi lao shu, Milos ZA, Mixelotti, Motocar, nebkv, nenaddz, oganj123, procesor, RJ, rodoljub, royst33, S2M, Skywhaler, Trpe Grozni, Vatreni Zmaj, vladulns, YugoSlav, zlaya011