|
| |||||||
| Registracija | Mapa Spy | Member List | Donacije | Pretraživanje | Today's Posts | Označi Sve Forume Kao Pročitane | Forum Rules |
 |
 |
| | Thread Tools |
|
#1
23. lipnja 2009, 10:38
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! Nedavno sam preuzeli temu primjene. Nakon instalacije, Kaspersky šaptalac upozorenje rekavši računalo zaraženo MultiPacked.Multi.Generic štetnih sadržaja. Moj Kaspersky zaustavljen rad i moje prozore tema je otisla-Ja sam zaglavi sa klasičnim prozorima. Pomozite molim vas! |
|
#2
23. lipnja 2009, 11:25
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! Pokušajte uzimajući me bilo koji od trupaca možete odavde. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24. lipnja 2009, 11:44
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! Izgleda kao forume imao glitch. Molimo post ovih DDS logove. Download DDS iz | OVDJE | ili | OVDJE | ili | OVDJE | i spremite ju na radnu površinu. Vista korisnici desni klik na dds i odaberite Pokreni kao administrator (dobit ćete prompt UAC, molimo dopustiti) * XP korisnici Dvaput kliknite na dds da ga vode. * Ako vaš vatrozid ili protuvirusni pokušati blokirati DDS molimo dopustiti Internet to trčanje. * Kada završite, DDS će otvoriti dva (2) logove. 1) DDS.txt 2) Attach.txt * Spremite oba logove na Vašu radnu površinu. * Molimo Vas da kopirate i zalijepite cijeli sadržaj oba prijavljuje u sljedećoj odgovor. Napomena: DDS će narediti da se u post Attach.txt prijavite kao privitak. Molimo post samo ga kao što bi bilo koji drugi log by kopirajte i zalijepite ga u odgovor.
__________________ |
|
#4
24. lipnja 2009, 13:55
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! DDS (Ver_09-05 - 14,01) - NTFSx86 Trčanje po Miš na 16:53:23.36 o srijeda 06/24/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Sigurnost * U * onemogućen pristup skeniranje (Promjena) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Sigurnost omogućena * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) ============== Running Processes =============== C: \ WINDOWS \ system32 \ Svchost-k DcomLaunch Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ Svchost.exe-k WudfServiceGroup Svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Windows \ System32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ programa ~ 1 \ MICROS ~ 4 \ rapimgr.exe Svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ Svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ zabavni centar \ EAXLoadr.exe C: \ Program Files \ glediąta \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ Svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com ============== Pseudo HJT Report =============== Page uStart = hxxp: / / google.com / uInternet Postavke, ProxyOverride = *. lokalne BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Program Files \ zajedničko Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype dodati-na (kapacitet): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ toolbar \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Klasa: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky LAB \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-in 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Klasa: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ veoh mrežama \ veoh \ plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - Ne File uRun: [Ctfmon.exe] c: \ windows \ system32 \ Ctfmon.exe uRun: [H / PC Connection agentu] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ kreativne \ zvuka Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ kreativne \ shared files \ module loader \ DLLML.exe" * RCSystem-Startup mRun: [AudioDrvEmulator] "C: \ Program Files \ kreativne \ shared files \ module loader \ dllml.exe" -1 audiodrvemulator "c: \ program files \ kreativne \ shared files \ module loader \ audio emulator \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ kreativne \ zvuka Blaster X-Fi \ volume panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky LAB \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Program Files \ zajedničko Files \ Apple \ mobilni uređaj podržava \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky LAB \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & zvezi u Microsoft Excel - C: \ programa ~ 1 \ micros ~ 2 \ office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky LAB \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ programa ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ programa ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ toolbar \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML parser za Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminal / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: cdo - (CD00020A-8B95-11D1-82DB-00C04FB1625D) - C: \ Program Files \ zajedničke datoteke \ Microsoft dijeli \ web mape \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ programa ~ 1 \ zajedničkim ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Obavijesti:! SASWinLogon - C: \ Program Files \ superantispyware \ SASWINLO.DLL Obavijesti: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ programa ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, c: \ programa ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ adialhk.dll, c: \ programa ~ 1 \ kaspe r ~ 1 \ kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - c: \ windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Klasa: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ superantispyware \ SASSEH.DLL ================= FireFox =================== FF - ProfilePath -- ============= USLUGE / Vozači =============== R0 kl1; Kl1; c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Driver, c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver, c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL; c: \ program files \ superantispyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 avp; Kaspersky Internet Sigurnost; C: \ Program Files \ Kaspersky LAB \ Kaspersky Internet Security 2009 \ avp.exe-r -> C: \ Program Files \ Kaspersky LAB \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 glediąta Manager Service; glediąta Manager Service; c: \ program files \ glediąta \ zajedničko \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM; c: \ program files \ superantispyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV; c: \ program files \ superantispyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53; c: \ windows \ syste m32 \ Drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Created Posljednjih 30 ================ 2009-06-17 13:58 <DIR> - D ----- C: \ Program Files \ LSoft Tehnologije 2009-06-13 12:32 <DIR> - D ----- C: \ Program Files \ iPod 2009-06-13 12:32 <DIR> - D ----- C: \ Program Files \ iTunes ==================== Find3M ==================== ============= FINISH: 16:54:12.42 =============== Osim ako POSEBNO uputama, NE OVAJ POST LOG. Ako to zatraže, ZIP privitak IT UP & IT DDS (Ver_09-05 - 14,01) Microsoft Windows XP Professional Boot Device: \ Device \ HarddiskVolume1 Instalacija Datum: 5/12/2008 2:38:20 PM Produženje rada sustava: 6/24/2009 12:33:35 PM (4 months ago) Matične ploče: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) Processor: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Particije diska ========================= A: je Prenosno C: je fiksni (NTFS) - 128 GIB ukupno 60,146 GIB besplatno. D: ne riješi (NTFS) - 69 GIB ukupno 60,479 GIB besplatno. E: je CDROM (CDFS) F: je CDROM (CDFS) G: Da li je fiksni (NTFS) - GIB ukupno 245, 138,326 GIB besplatno. H: Je CDROM () I: je CDROM () J: je CDROM () K: se CDROM () ==== Onemogućene Device Manager Stavke ============= Klasa GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Opis: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Proizvođač: Realtek Poluvodički Corp Ime: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Usluga: RTL8023xp Klasa GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Opis: MAC Bridge Miniport Device ID: root \ MS_BRIDGEMP \ 0000 Proizvođač: Microsoft Ime: MAC Bridge Miniport PNP Device ID: root \ MS_BRIDGEMP \ 0000 Usluga: BridgeMP ==== System Restore Points =================== RP202: 3/26/2009 6:14:01 PM - Sistem prijelaz RP203: 3/27/2009 9:06:08 PM - Sistem prijelaz RP204: 3/30/2009 12:43:20 PM - Sistem prijelaz RP205: 4/1/2009 5:11:23 PM - Sistem prijelaz RP206: 4/3/2009 3:31:49 PM - Sistem prijelaz RP207: 4/6/2009 11:30:33 AM - Sistem prijelaz RP208: 4/8/2009 1:48:55 AM - Odstranjena MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Instalirana MapleStory. RP210: 4/8/2009 2:00:33 AM - Odstranjena MapleStory. RP211: 4/8/2009 2:12:11 AM - Instalirana MapleStory. RP212: 4/9/2009 1:53:58 PM - Sistem prijelaz RP213: 4/11/2009 6:22:36 AM - Sistem prijelaz RP214: 4/14/2009 11:18:28 AM - Sistem prijelaz RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3,0 RP216: 4/18/2009 1:32:37 AM - Sistem prijelaz RP217: 4/21/2009 2:37:36 PM - Sistem prijelaz RP218: 4/22/2009 5:07:27 PM - Sistem prijelaz RP219: 4/24/2009 2:41:28 PM - Sistem prijelaz RP220: 4/25/2009 10:07:27 PM - Sistem prijelaz RP221: 4/28/2009 6:48:10 AM - Instalirana Java (tm) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - Sistem prijelaz RP223: 5/3/2009 11:36:18 PM - Sistem prijelaz RP224: 5/5/2009 2:29:10 PM - Sistem prijelaz RP225: 5/6/2009 8:29:33 PM - Sistem prijelaz RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3,0 RP227: 5/7/2009 11:16:03 AM - Instalirani Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - Sistem prijelaz RP229: 5/10/2009 5:10:12 PM - Sistem prijelaz RP230: 5/11/2009 9:02:07 PM - Sistem prijelaz RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3,0 RP232: 5/14/2009 2:28:00 PM - Odstranjena Zu-Online RP233: 5/15/2009 2:47:49 PM - Sistem prijelaz RP234: 5/17/2009 1:28:31 AM - Sistem prijelaz RP235: 5/17/2009 4:58:00 PM - Instalirana LG USB modem driver RP236: 5/19/2009 11:34:48 AM - Sistem prijelaz RP237: 5/20/2009 12:47:48 PM - Sistem prijelaz RP238: 5/23/2009 10:08:08 AM - Sistem prijelaz RP239: 6/1/2009 10:03:10 AM - Sistem prijelaz RP240: 6/2/2009 10:03:30 AM - Sistem prijelaz RP241: 6/3/2009 11:47:56 AM - Sistem prijelaz RP242: 6/5/2009 11:10:53 PM - Sistem prijelaz RP243: 6/7/2009 2:46:24 PM - Sistem prijelaz RP244: 6/9/2009 11:32:41 AM - Sistem prijelaz RP245: 6/10/2009 5:52:30 PM - Sistem prijelaz RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3,0 RP247: 6/12/2009 12:14:34 PM - Sistem prijelaz RP248: 6/13/2009 1:12:33 PM - Sistem prijelaz RP249: 6/14/2009 9:20:14 PM - Sistem prijelaz RP250: 6/15/2009 9:53:46 PM - Sistem prijelaz RP251: 6/17/2009 12:27:01 AM - Sistem prijelaz RP252: 6/21/2009 7:28:06 PM - Sistem prijelaz RP253: 6/22/2009 8:08:50 PM - Sistem prijelaz RP254: 6/23/2009 2:54:41 PM - Odstranjena Garmin City Navigator North America NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Odstranjena palmOne RP256: 6/24/2009 3:58:18 PM - Sistem prijelaz ==== Instaliranih programa ====================== ==== Event Viewer poruke iz Prošli tjedan ======== ==== Kraj datoteke =========================== |
|
#5
24. lipnja 2009, 14:05
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! Download ComboFix © by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop. Link # 1 Link # 2 ** Napomena: Važno je da se sprema izravno na svoj Desktop NE pokrenite ga još! Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava Izbriši ove datoteke / mape, kako slijedi: 1. Idi na Početak > Pokrenuti > Tip Notepad.exe i kliknite U redu otvoriti Notepad. To morati biti Notepad, WordPad ne. 2. Kopiraj tekst ispod u okvir code by označavanje svih tekstualnih i pritiskom na Ctrl + C Code: KillAll:: DDS: uInternet Postavke, ProxyOverride = *. lokalne EB: (32683183-48a0-441b-a342-7c2a440a9478) - Ne File IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver: glediąta Service Manager Folder:: C: \ Program Files \ glediąta 4. Zatim kliknite na Datoteka > Spremiti 5. Ime datoteke CFScript.txt - Spremi datoteku na svoj Desktop 6. Zatim povucite CFScript (držite lijevu tipku miša dok povučete datoteku), a pad je (otpustite lijevu tipku miša) u ComboFix.exe kao što vidite na sliki ispod. Važno: Obavi ovo uputstvo pažljivo!  ComboFix će se početi izvršavati, samo slijedite upute. Nakon što ponovno podizanje sustava (u slučaju da ga zatraži ponovno podizanje sustava), on će proizvesti prijava za vas. Pošta koja log (Combofix.txt) u sljedeći odgovor. Napomena: Ne mouseclick ComboFix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem za zamrzavanje
__________________ |
|
#6
25. lipnja 2009, 08:45
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Naredba prekidači koji se koriste:: C: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Sigurnost * U * onemogućen pristup skeniranje (Promjena) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Sigurnost omogućena * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ glediąta c: \ čistač \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ čistač \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ glediąta \ Common \ ViewpointService.exe C: \ Program Files \ glediąta \ Common \ VistaBoot.sdll C: \ Program Files \ glediąta \ glediąta Media Player \ AxMetaStream.dll C: \ Program Files \ glediąta \ glediąta Media Player \ ClassIDs.ini C: \ Program Files \ glediąta \ glediąta Media Player \ ComponentMgr.dll C: \ Program Files \ glediąta \ glediąta Media Player \ MetaStreamID.ini C: \ Program Files \ glediąta \ glediąta Media Player \ MtsAxInstaller.exe C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ AOLUserShell.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ Cursors.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ JpegReader.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ Mts3Reader.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ SceneComponent.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ SreeDMMX.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ SWFView.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ VETScriptInterpreter.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ VMPSpeech.dll C: \ Program Files \ glediąta \ glediąta Media Player \ NewComponents \ VMPVideo2.dll C: \ Program Files \ glediąta \ glediąta Media Player \ npViewpoint.dll C: \ Program Files \ glediąta \ glediąta Media Player \ npViewpoint.xpt c: \ čistač \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ desktop.ini c: \ čistač \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ čistač \ S-1-5-21-789336058-2025429265-1644491937-1003 \ desktop.ini c: \ čistač \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ codec \ 7zAES.dll c: \ windows \ system32 \ codec \ AES.dll c: \ windows \ system32 \ codec \ Branch.dll c: \ windows \ system32 \ codec \ BZip2.dll c: \ windows \ system32 \ codec \ Copy.dll c: \ windows \ system32 \ codec \ Deflate.dll c: \ windows \ system32 \ codec \ LZMA.dll c: \ windows \ system32 \ codec \ PPMd.dll c: \ windows \ system32 \ codec \ Rar29.dll c: \ windows \ system32 \ codec \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formati \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Driveri / Usluge )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Service Manager ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Files Created from 2009/05/24 da 2009/06/24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Tehnologije 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-C ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-C ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Mreše 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- D --- AW-c: \ Documents and Settings \ All Users \ Application Data \ Temp 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ program files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. ------ 2008-05-16 21:18 81920 w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-c: \ Documents and Settings \ Mouse \ Application Data \ nedjelja \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ Move Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon] 2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ Services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Usluga" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Neron BackItUp Planer 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ Fear \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Croatian \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Omogućen: Aplikacija ActiveSync "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Mediji pobuđivač "58398: UDP" = 58398: UDP: Pando Mediji pobuđivač R0 klbg; Kaspersky Lab Boot Guard Driver, c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Other Services / Vozači u spomen --- NewlyCreated * * - SASDIFSV . Sadržaj je 'Scheduled Tasks' folder 2009/06/13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/24 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ programa ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - Orphans Odstranjena - - - -- SafeBoot-AVG Anti-Spyware Vozač SafeBoot-AVG Anti-Spyware Guard . ------- Supplementary Scan ------- . Page uStart = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & zvezi u Microsoft Excel - C: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML parser za Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2009-06-24 19:25 5/1/2600 Windows Service Pack 3 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . --------------------- --------------------- Zaključana registarske ključeve [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = heksadecimalna: 2e, e8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, D1, 34, d2, D9, C8, 28,51, af, b0, 29, A3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = heksadecimalna: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, E4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, AA, e9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = heksadecimalna: 25, da, ec, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, C2, 62,83,25, da, EC, 7e, 55,20, C9, 26, A3, f2, 65, ed, 80,3 E, E4, F6, FF, 7c, 85, E0 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = heksadecimalna: 3e, 1e, 9e, E0, 57,5 a, 93,61, f2, A1, B4, 61,82, bb, AB, D5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, EC, 4f, E7, 8d, 86,8 c, 21,01, biti, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = heksadecimalna: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = heksadecimalna: DF, 20,58,62, 78,6 b, cf, C8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, b0, 18, ed, A7, 3f, 8d, 37, A4, 29, B5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = heksadecimalna: 31,77, E1, ba, B1, F8, 68,02,09, d4, 0b, F3, 53, BC, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, de, C6, 98,79, 54,2 c, FB, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = heksadecimalna: 01,3 A, 48, FC, e8, 04,4 a, F1, df, 00, D5, 43, FF, F8, 0f, F3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, e8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = heksadecimalna: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = heksadecimalna: 3d, CE, EA, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8 a, C9, 90,04, B1, cd, 45,5 a, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = heksadecimalna: 2a, b7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, D5, eb, BC, 2f, 6b, E1, 69,31, AC, dd, ba, 7f, 02,2 a, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = heksadecimalna: fa, EA, 66,7 f, d4, 3b, 6b, 70, A5, 97,0 a, 6e, 8a, usp, 52,73, fa, EA, 66,7 f, d4, 3b, 6b, 70,30,24, EA, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | GGGG ¤ • € | U • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- Loaded DLL datoteke koje Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ programa ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ zabavni centar \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Completion time: 2009-06-24 19:29 - stroj je ponovno podizanje sustava ComboFix-u karanteni-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 bytes free Post-Run: 67799437312 bytes free WindowsXP-KB310994-SP2-Pro-Bootdisk-enu.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Current = 3 default = 3 Failed = 1 LastKnownGood Kompleti = 4 = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25. lipnja 2009, 09:58
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! Izbriši ove datoteke / mape, kako slijedi: 1. Idi na Početak > Pokrenuti > Tip Notepad.exe i kliknite U redu otvoriti Notepad. To morati biti Notepad, WordPad ne. 2. Kopiraj tekst ispod u okvir code by označavanje svih tekstualnih i pritiskom na Ctrl + C Code: KillAll:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | GGGG ¤ • € | U • A ~ *] 4. Zatim kliknite na Datoteka > Spremiti 5. Ime datoteke CFScript.txt - Spremi datoteku na svoj Desktop 6. Zatim povucite CFScript (držite lijevu tipku miša dok povučete datoteku), a pad je (otpustite lijevu tipku miša) u ComboFix.exe kao što vidite na sliki ispod. Važno: Obavi ovo uputstvo pažljivo! ComboFix će se početi izvršavati, samo slijedite upute. Nakon što ponovno podizanje sustava (u slučaju da ga zatraži ponovno podizanje sustava), on će proizvesti prijava za vas. Pošta koja log (Combofix.txt) u sljedeći odgovor. Napomena: Ne mouseclick ComboFix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem za zamrzavanje ---------- Također javite mi kako je računalo trčanje zatim. .
__________________ |
|
#8
25. lipnja 2009, 16:17
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Naredba prekidači koji se koriste:: C: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Sigurnost * U * onemogućen pristup skeniranje (Promjena) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Sigurnost * * onemogućen (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created from 2009/05/25 da 2009/06/25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- DC ---- W-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Tehnologije 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-C ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-C ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- AW-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Mreše 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- D --- AW-c: \ Documents and Settings \ All Users \ Application Data \ Temp 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ program files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. ------ 2008-05-16 21:18 81920 w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-c: \ Documents and Settings \ Mouse \ Application Data \ nedjelja \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ Windows \ System32 \ Drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ Windows \ System32 \ Drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ Windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ Windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ Windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ Windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ Windows \ system32 \ dllcache \ cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ Windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ Windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ Windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ Windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ Windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ System32 \ Drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 C: \ Windows \ System32 \ Drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ Kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon] 2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ Services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Usluga" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Neron BackItUp Planer 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ Fear \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Croatian \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Omogućen: Aplikacija ActiveSync "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Mediji pobuđivač "58398: UDP" = 58398: UDP: Pando Mediji pobuđivač R0 klbg; Kaspersky Lab Boot Guard Driver, c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Sadržaj je 'Scheduled Tasks' folder 2009/06/13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/25 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ programa ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . Page uStart = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & zvezi u Microsoft Excel - C: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML parser za Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2009-06-25 19:11 5/1/2600 Windows Service Pack 3 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . --------------------- --------------------- Zaključana registarske ključeve [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = heksadecimalna: 2e, e8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, D1, 34, d2, D9, C8, 28,51, af, b0, 29, A3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = heksadecimalna: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, E4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, AA, e9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = heksadecimalna: 25, da, ec, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, C2, 62,83,25, da, EC, 7e, 55,20, C9, 26, A3, f2, 65, ed, 80,3 E, E4, F6, FF, 7c, 85, E0 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = heksadecimalna: 3e, 1e, 9e, E0, 57,5 a, 93,61, f2, A1, B4, 61,82, bb, AB, D5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, EC, 4f, E7, 8d, 86,8 c, 21,01, biti, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = heksadecimalna: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = heksadecimalna: DF, 20,58,62, 78,6 b, cf, C8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, b0, 18, ed, A7, 3f, 8d, 37, A4, 29, B5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = heksadecimalna: 31,77, E1, ba, B1, F8, 68,02,09, d4, 0b, F3, 53, BC, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, de, C6, 98,79, 54,2 c, FB, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = heksadecimalna: 01,3 A, 48, FC, e8, 04,4 a, F1, df, 00, D5, 43, FF, F8, 0f, F3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, e8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = heksadecimalna: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = heksadecimalna: 3d, CE, EA, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8 a, C9, 90,04, B1, cd, 45,5 a, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = heksadecimalna: 2a, b7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, D5, eb, BC, 2f, 6b, E1, 69,31, AC, dd, ba, 7f, 02,2 a, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = heksadecimalna: fa, EA, 66,7 f, d4, 3b, 6b, 70, A5, 97,0 a, 6e, 8a, usp, 52,73, fa, EA, 66,7 f, d4, 3b, 6b, 70,30,24, EA, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | GGGG ¤ • € | U • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- Loaded DLL datoteke koje Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ zabavni centar \ EAXLoadr.exe c: \ programa ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Completion time: 2009-06-25 19:14 - stroj je ponovno podizanje sustava ComboFix-u karanteni-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 bytes free Post-Run: 67883995136 bytes free Current = 3 default = 3 Failed = 1 LastKnownGood Kompleti = 4 = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25. lipnja 2009, 18:13
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! Nažalost ja previdjeti nešto. Izbriši ove datoteke / mape, kako slijedi: 1. Idi na Početak > Pokrenuti > Tip Notepad.exe i kliknite U redu otvoriti Notepad. To morati biti Notepad, WordPad ne. 2. Kopiraj tekst ispod u okvir code by označavanje svih tekstualnih i pritiskom na Ctrl + C Code: KillAll:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ userdata \ LocalSystem \ Components \ h-€ | GGGG ¤ • € | U • A ~ *] 4. Zatim kliknite na Datoteka > Spremiti 5. Ime datoteke CFScript.txt - Spremi datoteku na svoj Desktop 6. Zatim povucite CFScript (držite lijevu tipku miša dok povučete datoteku), a pad je (otpustite lijevu tipku miša) u ComboFix.exe kao što vidite na sliki ispod. Važno: Obavi ovo uputstvo pažljivo! ComboFix će se početi izvršavati, samo slijedite upute. Nakon što ponovno podizanje sustava (u slučaju da ga zatraži ponovno podizanje sustava), on će proizvesti prijava za vas. Pošta koja log (Combofix.txt) u sljedeći odgovor. Napomena: Ne mouseclick ComboFix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem za zamrzavanje ---------- Također javite mi kako je računalo trčanje zatim. .
__________________ |
|
#10
26. lipnja 2009, 00:59
| |||
| |||
| Zaraženo MultiPacked.Multi.Generic štetni sadržaj! ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Naredba prekidači koji se koriste:: C: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Sigurnost * U * onemogućen pristup skeniranje (Promjena) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Sigurnost * * onemogućen (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created from 2009/05/26 da 2009/06/26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- DC ---- W-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Tehnologije 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-C ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-C ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- AW-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Mreše 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- D --- AW-c: \ Documents and Settings \ All Users \ Application Data \ Temp 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ program files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. ------ 2008-05-16 21:18 81920 w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-c: \ Documents and Settings \ Mouse \ Application Data \ nedjelja \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ Windows \ System32 \ Drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ Windows \ System32 \ Drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ Windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ Windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ Windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ Windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ Windows \ system32 \ dllcache \ cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ Windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ Windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ Windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ Windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ Windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ System32 \ Drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 C: \ Windows \ System32 \ Drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ Kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon] 2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ Services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Usluga" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Neron BackItUp Planer 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ Fear \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Ubojica je vjerovanje \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Croatian \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Omogućen: Aplikacija ActiveSync "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Mediji pobuđivač "58398: UDP" = 58398: UDP: Pando Mediji pobuđivač R0 klbg; Kaspersky Lab Boot Guard Driver, c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Sadržaj je 'Scheduled Tasks' folder 2009/06/13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/26 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ programa ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . Page uStart = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & zvezi u Microsoft Excel - C: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML parser za Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2009-06-26 03:54 5/1/2600 Windows Service Pack 3 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . --------------------- --------------------- Zaključana registarske ključeve [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = heksadecimalna: 2e, e8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, D1, 34, d2, D9, C8, 28,51, af, b0, 29, A3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = heksadecimalna: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, E4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, AA, e9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = heksadecimalna: 25, da, ec, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, C2, 62,83,25, da, EC, 7e, 55,20, C9, 26, A3, f2, 65, ed, 80,3 E, E4, F6, FF, 7c, 85, E0 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = heksadecimalna: 3e, 1e, 9e, E0, 57,5 a, 93,61, f2, A1, B4, 61,82, bb, AB, D5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, EC, 4f, E7, 8d, 86,8 c, 21,01, biti, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = heksadecimalna: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = heksadecimalna: DF, 20,58,62, 78,6 b, cf, C8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, b0, 18, ed, A7, 3f, 8d, 37, A4, 29, B5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = heksadecimalna: 31,77, E1, ba, B1, F8, 68,02,09, d4, 0b, F3, 53, BC, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, de, C6, 98,79, 54,2 c, FB, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = heksadecimalna: 01,3 A, 48, FC, e8, 04,4 a, F1, df, 00, D5, 43, FF, F8, 0f, F3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, e8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = heksadecimalna: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = heksadecimalna: 3d, CE, EA, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8 a, C9, 90,04, B1, cd, 45,5 a, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = heksadecimalna: 2a, b7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, D5, eb, BC, 2f, 6b, E1, 69,31, AC, dd, ba, 7f, 02,2 a, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartman" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = heksadecimalna: fa, EA, 66,7 f, d4, 3b, 6b, 70, A5, 97,0 a, 6e, 8a, usp, 52,73, fa, EA, 66,7 f, d4, 3b, 6b, 70,30,24, EA, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | GGGG ¤ • € | U • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- Loaded DLL datoteke koje Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ zabavni centar \ EAXLoadr.exe c: \ programa ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Completion time: 2009-06-26 3:57 - stroj je ponovno podizanje sustava ComboFix-u karanteni-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 bytes free Post-Run: 67888648192 bytes free Current = 3 default = 3 Failed = 1 LastKnownGood Kompleti = 4 = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Bookmarks |
Slične teme | ||||
| Nit | Temu Započeo | Forum | Odgovori | Zadnji Post |
| Problem s Trojanski konj Downloader Generic 9 | ÖGB | Virus, Spyware i sigurnost | 7 | 21 studeni 2009 13:06 |
| Multi Desktop? | Haun | Općenito Software Chat | 6 | 31. ožujak 2009 01:30 |
| Trojanski Generic Heur | kathymer | Virus, Spyware i sigurnost | 10 | 29. studeni 2008 12:58 |
| Zaraženo Heur.trojan.generic Molimo Pomoć | ruffryder2k7 | Virus, Spyware i sigurnost | 17 | 6. studeni 2008 10:39 |
| Jeste li u mogućnosti to sync generički mp3 player [ne iPod] sa iTunes? | reyrey_angulo | Zvuk, Speakers & MP3 Playeri | 1 | 18. ožujak 2007 15:39 |
| Thread Tools | |
| |
