|
| |||||||
| Registracija | Mapa Spy | Member List | Donacije | Pretraživanje | Today's Posts | Označi Sve Forume Kao Pročitane | Forum Rules |
 |
 |
| | Thread Tools |
|
#1
9. rujna 2008, 10:31
| |||
| |||
| Pozdrav svima, Jako sam novi na Vašem sučelju, ali nevjerojatno zahvalni da ste ovdje. Posrnuo sam na njoj, zbog nedavne infekcije na moj mama's laptopi (dijelimo ga), a ja sam nesigurna kako ga riješiti. Oko četiri dana, IE prozora sa pop-up oglasima bi iznenada dogodilo s balonom na moj deskbar koji glasi: "Otkrili Spyware! Kliknite ovdje za download anti-spyware" I ran Symantecovu I Spybot S & D Cijeli skenira (ne znam kako taj virus iščašenje oba ta), a oni nisu pronašli ništa! Tada sam počeo googling i skinuti Malwarebyte's Anti-zaštita od zlonamjernih programa i ran to. To pronašao neke stvari, ali nisu riješili problem. Ja skinuti PrevxCSI ali nemate dovoljno $ $ $ još kupiti licence (ali ću ako zatreba), te ga navodi sljedeće: C: \ WINDOWS \ system32 \ ds fmon.dll - zlonamjernog softvera C: \ WINDOWS \ system32 \ CSRLT.exe - štetni sadržaji pipeta C: \ WINDOWS \ MSBLT.exe - štetni sadržaji pipeta C: \ WINDOWS \ system32 \ LSASSMGR.exe - Cloaked zaštita od zlonamjernih programa C: \ Program Files \ Mozilla Firefox \ firefoxe.exe - Cloaked zaštita od zlonamjernih programa C: \ Program Files \ Internet Explorer \ iexplor.exe - Cloaked zaštita od zlonamjernih programa C: \ WINDOWS \ system32 \ spool.exe - Cloaked zaštita od zlonamjernih programa C: \ WINDOWS \ system32 \ srtsrv32.exe - Cloaked zaštita od zlonamjernih programa C: \ WINDOWS \ system32 \ LSSMON.exe - štetni sadržaji pipeta C: \ WINDOWS \ divx32.dll - štetni sadržaji pipeta C: \ WINDOWS \ system32 \ msupd32.exe - štetni sadržaji pipeta C: \ WINDOWS \ system32 \ upd01.exe - štetni sadržaji pipeta To izgleda i zvuči kao puno na mene i ja sam jako zabrinuta.  Se bilo tko imati bilo kakve korisne prijedloge za mene? Ja će morati potrošiti puno novca da ovo popraviti?Thank you so much! |
|
#2
9. rujna 2008, 11:32
| |||
| |||
| Pozdrav teddynicholas. Dobrodošli na CJ. Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop. Link # 1 Link # 2 ** Napomena: Važno je da se sprema izravno na svoj Desktop Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix. Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih. Dvaput kliknite combofix.exe i slijedite upute. Kada završite ComboFix će proizvesti prijava za vas. Objaviti ComboFix log u sljedećem odgovoru. Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti. Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.
__________________  |
|
#3
16. Ruj 2008, 14:27
| |||
| |||
| ComboFix 08-09-15.02 - Teddy 2008-09-16 16:34:04.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00] Running from: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe * Created novu točku vraćanja UPOZORENJE-ovaj stroj nema Recovery Console Installed! . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt C: \ Documents and Settings \ Teddy \ Cookies \ teddy@ad.yieldmanager [1]. Txt C: \ WINDOWS \ Downloaded Program Files \ setup.inf C: \ WINDOWS \ system32 \ spool.exe . ((((((((((((((((((((((((( Files Created from 2008/08/16 da 2008/09/16 ))))))))))) )))))))))))))))))))) . 2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak 2008-09-16 13:23. 2008-09-16 13:23 <DIR> d -------- C: \ WINDOWS \ LastGood 2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iTunes 2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iPod 2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple 2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover 2008-09-08 15:45. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ system32 \ LSSMON.EXE 2008-09-08 15:45. 2008-09-04 21:59 17.920 - a ------ C: \ WINDOWS \ system32 \ LSASSMGR.EXE 2008-09-07 22:34. 2008-09-02 00:16 38.528 - a ------ C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys 2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa 2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008-09-02 00:16 17.200 - a ------ C: \ Windows \ System32 \ Drivers \ mbam.sys 2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx 2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts 2008-09-05 10:44. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ system32 \ msupd32.exe 2008-09-04 21:59. 2008-09-07 12:59 741.376 - a ------ C: \ WINDOWS \ system32 \ upd01.exe 2008-09-04 21:59. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ divx32.dll 2008-09-04 21:59. 2008-09-04 21:59 17.920 - a ------ C: \ WINDOWS \ system32 \ srtsrv32.exe 2008-09-04 21:59. 2008-09-16 16:24 5.903 - a ------ C: \ WINDOWS \ system32 \ mssc32.dll 2008-09-04 21:59. 2008-09-16 16:24 5.903 - a ------ C: \ WINDOWS \ system32 \ bsc32.dll 2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI 2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI 2008-09-02 13:23. 2008-09-02 13:23 17.408 - a ------ C: \ Windows \ System32 \ Drivers \ pxark.sys 2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ Temp 2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc 2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll 2008-08-31 01:46. 2007-02-20 16:04 190.696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe 2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia 2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia 2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour 2008-08-29 14:33. 2006-09-18 17:55 109.744 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.SYS 2008-08-29 14:33. 2006-09-18 17:55 48.816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ Windows \ System32 \ DNS-sd.exe 2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll 2008-08-27 04:05. 2008-04-07 05:38 45.392-RA ------ C: \ WINDOWS \ system32 \ AdobePDF.dll 2008-08-27 04:05. 2008-04-07 05:38 22.872-RA ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-09-16 20:53 --------- d ----- w C: \ Program Files \ Symantec AntiVirus 2008-09-13 17:17 --------- d ----- w C: \ Program Files \ QuickTime 2008-09-13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update 2008-09-08 18:53 249.956 AW ---- C: \ WINDOWS \ system32 \ dsfMon.dll 2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-09-01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-08-30 05:24 --------- d ----- w C: \ Program Files \ Common Files \ Adobe 2008-08-29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared 2008-08-29 18:33 --------- d ----- w C: \ Program Files \ Symantec 2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2 2008-08-13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight 2008-08-12 02:46 --------- d ----- w C: \ Program Files \ PHM 2008-07-26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2,4 2008-07-26 08:54 --------- d ----- w C: \ Program Files \ Java 2008-07-19 02:10 94.920 AW ---- C: \ WINDOWS \ system32 \ cdm.dll 2008-07-19 02:10 53.448 AW ---- C: \ WINDOWS \ system32 \ wuauclt.exe 2008-07-19 02:09 563.912 AW ---- C: \ WINDOWS \ system32 \ wuapi.dll 2008-07-19 02:09 325.832 AW ---- C: \ WINDOWS \ system32 \ wucltui.dll 2008-07-19 02:09 205.000 AW ---- C: \ WINDOWS \ system32 \ wuweb.dll 2008-07-19 02:09 1.811.656 AW ---- C: \ WINDOWS \ system32 \ Wuaueng.dll 2008-07-07 20:32 253.952 AW ---- C: \ WINDOWS \ system32 \ es.dll 2008-06-24 22:12 295.936 w ------ C: \ WINDOWS \ system32 \ wmpeffects.dll 2008-06-24 16:23 74.240 AW ---- C: \ WINDOWS \ system32 \ mscms.dll 2008-06-23 16:57 826.368 AW ---- C: \ WINDOWS \ system32 \ Wininet.dll 2008-06-20 17:41 245.248 AW ---- C: \ WINDOWS \ system32 \ mswsock.dll 2008-04-19 16:57 32 AW ---- C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360] "IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136] "SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768] "RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536] "RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488] "SIS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856] "SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496] "Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "DSFHost" = "C: \ Program Files \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301] "Sinkronizacija Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360] "Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664] "NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352] "Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896] "vptray" = "C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168] "Layersecurity Servicemonitor" = "C: \ WINDOWS \ system32 \ LSSMON.EXE" [2008-09-06 741376] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576] "SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE] "AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe] "SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll] C: \ Documents and Settings \ Teddy \ Start Menu \ Programs \ Startup \ Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe [2005-03-16 113664] OneNote 2007 i Screen Clipper Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Windows Desktop Search.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows] "AppInit_DLLs" = acaptuser32.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ firefox.exe] "Razbubnik" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ iexplore.exe] "Razbubnik" = C: \ Program Files \ Internet Explorer \ iexplor.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ spoolsv.exe] "Razbubnik" = C: \ WINDOWS \ system32 \ spool.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ BitLord \ \ BitLord.exe" = "C: \ \ Program Files \ \ Soulseek \ \ slsk.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ StubInstaller.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ AIM \ \ aim.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Omogućen: Aplikacija ActiveSync "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ \ Program Files \ \ Isadora \ \ isadora.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22009 "1500: TCP" = 1500: TCP: siguran pristup Agent Port "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Service * Nedavno Created Service * - CATCHME * Nedavno Created Service * - PROCEXP90 . Sadržaj je 'Scheduled Tasks' folder . - - - - Orphans Odstranjena - - - -- HKLM-Run-CSRLT.EXE - C: \ WINDOWS \ system32 \ CSRLT.EXE . ------- Supplementary Scan ------- . FireFox -: Profil - C: \ Documents and Settings \ Teddy \ Application Data \ Mozilla \ Firefox \ Profiles \ 6xzfp0sa.default \ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q = . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2008-09-16 16:51:46 5/1/2600 Windows Service Pack 2 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . Completion time: 2008-09-16 17:15:59 ComboFix-u karanteni-files.txt 2008-09-16 21:15:16 Pre-Run: 10478669824 bytes free Post-Run: 10446106624 bytes free 190 --- EOF --- 2008-09-11 20:07:51 |
|
#4
16. Ruj 2008, 14:45
| |||
| |||
| Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava Izbriši ove datoteke / mape, kako slijedi: 1. Idi na Početak > Pokrenuti > Tip Notepad.exe i kliknite U redu otvoriti Notepad. To morati biti Notepad, WordPad ne. 2. Kopiraj tekst ispod u okvir code by označavanje svih tekstualnih i pritiskom na Ctrl + C Code: KillAll:: File:: C: \ Program Files \ Easy SpyRemover C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ upd01.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ bsc32.dll Registry:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ iexplore.exe] "razbubnik" =- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ spoolsv.exe] "razbubnik" =- 4. Zatim kliknite na Datoteka > Spremiti 5. Ime datoteke CFScript.txt - Spremi datoteku na svoj Desktop 6. Zatim povucite CFScript (držite lijevu tipku miša dok povučete datoteku), a pad je (otpustite lijevu tipku miša) u ComboFix.exe kao što vidite na sliki ispod. Važno: Obavi ovo uputstvo pažljivo!  ComboFix će se početi izvršavati, samo slijedite upute. Nakon što ponovno podizanje sustava (u slučaju da ga zatraži ponovno podizanje sustava), on će proizvesti prijava za vas. Pošta koja log (Combofix.txt) u sljedeći odgovor. Napomena: Ne mouseclick ComboFix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem za zamrzavanje
__________________ |
|
#5
16. Ruj 2008, 15:32
| |||
| |||
| ComboFix 08-09-15.02 - Teddy 2008-09-16 17:49:20.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -4:00] Running from: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe Naredba prekidači koji se koriste:: C: \ Documents and Settings \ Teddy \ Desktop \ CFScript.txt * Created novu točku vraćanja UPOZORENJE-ovaj stroj nema Recovery Console Installed! . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ system32 \ bsc32.dll C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ spool.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ upd01.exe . ((((((((((((((((((((((((( Files Created from 2008/08/16 da 2008/09/16 ))))))))))) )))))))))))))))))))) . 2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak 2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iTunes 2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iPod 2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple 2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover 2008-09-07 22:34. 2008-09-02 00:16 38.528 - a ------ C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys 2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa 2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008-09-02 00:16 17.200 - a ------ C: \ Windows \ System32 \ Drivers \ mbam.sys 2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx 2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts 2008-09-04 21:59. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ divx32.dll 2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI 2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI 2008-09-02 13:23. 2008-09-02 13:23 17.408 - a ------ C: \ Windows \ System32 \ Drivers \ pxark.sys 2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ Temp 2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc 2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll 2008-08-31 01:46. 2007-02-20 16:04 190.696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe 2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia 2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia 2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour 2008-08-29 14:33. 2006-09-18 17:55 109.744 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.SYS 2008-08-29 14:33. 2006-09-18 17:55 48.816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ Windows \ System32 \ DNS-sd.exe 2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll 2008-08-27 04:05. 2008-04-07 05:38 45.392-RA ------ C: \ WINDOWS \ system32 \ AdobePDF.dll 2008-08-27 04:05. 2008-04-07 05:38 22.872-RA ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-09-16 21:33 --------- d ----- w C: \ Program Files \ Symantec AntiVirus 2008-09-13 17:17 --------- d ----- w C: \ Program Files \ QuickTime 2008-09-13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update 2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-09-01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-08-30 05:24 --------- d ----- w C: \ Program Files \ Common Files \ Adobe 2008-08-29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared 2008-08-29 18:33 --------- d ----- w C: \ Program Files \ Symantec 2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2 2008-08-13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight 2008-08-12 02:46 --------- d ----- w C: \ Program Files \ PHM 2008-07-26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2,4 2008-07-26 08:54 --------- d ----- w C: \ Program Files \ Java 2008-04-19 16:57 32 AW ---- C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat . ((((((((((((((((((((((((((((( Snapshot@2008-09-16_17.03.48.82 )))))))))) ))))))))))))))))))))))))))))))) . - 2007-07-30 23:18:40 33.624-c - AW C: \ WINDOWS \ system32 \ dllcache \ wups.dll + 2008-07-19 02:10:20 36.552-c - AW C: \ WINDOWS \ system32 \ dllcache \ wups.dll - 2007-07-30 23:18:40 33.624 AW ---- C: \ WINDOWS \ system32 \ wups.dll + 2008-07-19 02:10:20 36.552 AW ---- C: \ WINDOWS \ system32 \ wups.dll - 2007-07-30 23:19:12 43.352 AW ---- C: \ WINDOWS \ system32 \ wups2.dll + 2008-07-19 02:10:40 45.768 AW ---- C: \ WINDOWS \ system32 \ wups2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360] "IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136] "SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768] "RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536] "RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488] "SIS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856] "SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496] "Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "DSFHost" = "C: \ Program Files \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301] "Sinkronizacija Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360] "Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664] "NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352] "Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896] "vptray" = "C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576] "CSRLT.EXE" = "C: \ WINDOWS \ system32 \ CSRLT.EXE" [BU] "SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE] "AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe] "SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll] C: \ Documents and Settings \ Teddy \ Start Menu \ Programs \ Startup \ Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe [2005-03-16 113664] OneNote 2007 i Screen Clipper Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Windows Desktop Search.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows] "AppInit_DLLs" = acaptuser32.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ firefox.exe] "Razbubnik" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ BitLord \ \ BitLord.exe" = "C: \ \ Program Files \ \ Soulseek \ \ slsk.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ StubInstaller.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ AIM \ \ aim.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Omogućen: Aplikacija ActiveSync "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ \ Program Files \ \ Isadora \ \ isadora.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22009 "1500: TCP" = 1500: TCP: siguran pristup Agent Port "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Omogućen: ActiveSync Service R0 pxark; pxark; C: \ Windows \ System32 \ Drivers \ pxark.sys [2008-09-02 17408] R2 CSIScanner; CSIScanner; C: \ Program Files \ PrevxCSI \ prevxcsi.exe [2008-09-02 618040] R2 SafeAccessAgent; siguran pristup Agent; C: \ Program Files \ StillSecure \ siguran pristup Agent \ SAService.exe [2006-01-27 880640] R2 glediąta Manager Service; glediąta Manager Service; C: \ Program Files \ glediąta \ Common \ ViewpointService.exe [2007-01-04 24652] S3 HwIOctl; HwIOctl; C: \ Documents and Settings \ Owner \ Desktop \ HwIOctl.sys [] S3 Ktp3; Elantech TouchPad (KTP3); C: \ Windows \ System32 \ Drivers \ Ktp3.sy s [2004-09-22 24704] S3 Memctl; Memctl; C: \ Documents and Settings \ Owner \ Desktop \ Memctl.sys [] . Sadržaj je 'Scheduled Tasks' folder . - - - - Orphans Odstranjena - - - -- HKLM-Run-Layersecurity Servicemonitor - C: \ WINDOWS \ system32 \ LSSMON.EXE HKLM-RunOnce-MSBLT.EXE - C: \ WINDOWS \ MSBLT.EXE ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2008-09-16 18:00:27 5/1/2600 Windows Service Pack 2 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... ************************************************** ************************ . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe C: \ WINDOWS \ system32 \ IoctlSvc.exe C: \ WINDOWS \ system32 \ MsPMSPSv.exe C: \ WINDOWS \ system32 \ searchindexer.exe C: \ Program Files \ glediąta \ glediąta Manager \ ViewMgr.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ programa ~ 1 \ MICROS ~ 3 \ rapimgr.exe C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ Playlist.exe C: \ Program Files \ Apoint2K \ ApntEx.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ system32 \ searchprotocolhost.exe C: \ WINDOWS \ system32 \ searchfilterhost.exe . ************************************************** ************************ . Completion time: 2008-09-16 18:24:56 - machine je ponovno podizanje sustava ComboFix-u karanteni-files.txt 2008-09-16 22:23:49 ComboFix2.txt 2008-09-16 21:16:14 Pre-Run: 10626510848 bytes free Post-Run: 10616803328 bytes free 205 --- EOF --- 2008-09-11 20:07:51 |
|
#6
16. Ruj 2008, 15:50
| |||
| |||
| Preuzimanje TrendMicro HijackThis.exe (HJT) na radnoj površini.
__________________ |
|
#7
23. Ruj 2008, 09:24
| |||
| |||
| Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 12:21:04, dana 9/23/2008 Platforma: Windows XP SP2 (Winnt 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe C: \ Program Files \ PrevxCSI \ prevxcsi.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe C: \ WINDOWS \ system32 \ IoctlSvc.exe C: \ Program Files \ StillSecure \ siguran pristup Agent \ SAService.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ glediąta \ Common \ ViewpointService.exe C: \ WINDOWS \ system32 \ MsPMSPSv.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ PrevxCSI \ prevxcsi.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe C: \ WINDOWS \ SOUNDMAN.EXE C: \ WINDOWS \ system32 \ keyhook.exe C: \ Program Files \ Apoint2K \ Apoint.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ Staples \ easyprint \ dsfhost.exe C: \ Program Files \ Zune \ ZuneLauncher.exe C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Apoint2K \ Apntex.exe C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe C: \ programa ~ 1 \ MICROS ~ 3 \ rapimgr.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ glediąta \ glediąta Manager \ ViewMgr.exe C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ AcroTray.exe C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe C: \ WINDOWS \ system32 \ taskmgr.exe C: \ WINDOWS \ lsass.exe C: \ WINDOWS \ system32 \ SPOOLER.EXE C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe C: \ WINDOWS \ system32 \ SearchProtocolHost.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.averatec.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://oqaserver-a/ R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ GRA8E1 ~ 1.DLL O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AOL Toolbar 2,0 \ aoltb.dll O2 - BHO: glediąta Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ glediąta \ glediąta Toolbar \ 3.8.0 \ ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: SmartSelect - (F4971EE7-DAA0-4053-9964-665D8EE6A077) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar2.dll O3 - Toolbar: AOL Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AOL Toolbar 2,0 \ aoltb.dll O3 - Toolbar: glediąta Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ glediąta \ Toolbar Runtime \ 3.8.0 \ IEViewBar.dll O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" O4 - HKLM \ .. \ Run: [RoxioEngineUtility] "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" O4 - HKLM \ .. \ Run: [RoxioAudioCentral] "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent O4 - HKLM \ .. \ Run: [Windows SIS KeyHook] C: \ WINDOWS \ system32 \ keyhook.exe O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [DSFHost] C: \ Program Files \ Staples \ easyprint \ dsfhost.exe O4 - HKLM \ .. \ Run: [Sinkronizacija Manager]% SystemRoot% \ system32 \ mobsync.exe / prijava O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Program Files \ Zune \ ZuneLauncher.exe" O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" O4 - HKLM \ .. \ Run: [Adobe Acrobat Speed Launcher] "C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ Acrobat_sl.exe" O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [vptray] C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] C: \ WINDOWS \ system32 \ LSSMON.EXE O4 - HKLM \ .. \ Run: [Ispis red čekanja] C: \ WINDOWS \ system32 \ SPOOLER.EXE O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKCU \ .. \ Run: [H / PC Connection agentu] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F -39A1E5104020 O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater \ AdobeUpdater.exe O4 - HKLM \ .. \ Policies \ Explorer \ Run: [LocalSecurityAuthoritySubsystem] C: \ WINDOWS \ lsass.exe O4 - Startup: Adobe Gamma.lnk = C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper i Launcher.lnk = C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe O8 - Extra kontekst meni stavka: & AOL Toolbar Search - C: \ Program Files \ AOL \ AOL toolbar 2,0 \ resurse \ en-us \ Local \ search.html O8 - Extra kontekst meni stavka: Priložena Link Target postojećim PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html O8 - Extra kontekst meni stavka: Priložena postojećim PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppend.html O8 - Extra kontekst meni stavka: Link Target Pretvori u Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html O8 - Extra kontekst meni stavka: Convert to Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECapture.html O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ ONBttnIE.dll O9 - Extra button: Create Mobilna Najdraži - (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - C: \ programa ~ 1 \ MICROS ~ 3 \ INetRepl.dll O9 - Extra button: (no name) - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ programa ~ 1 \ MICROS ~ 3 \ INetRepl.dll O9 - Extra 'Tools' MENUITEM: Napravite Mobilna Omiljeni ... - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ programa ~ 1 \ MICROS ~ 3 \ INetRepl.dll O9 - Extra button: AOL Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ AOL Toolbar 2,0 \ aoltb.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL O9 - Extra button: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O14 - IERESET.INF: START_PAGE_URL = http://www.averatec.com O16 - DPF: (0D6BB8B8-0257-420C-B9EB-CFA90DB1026C) -- http://svrnsec01.purchase.edu:88/setup.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1096453339343 O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ GR99D3 ~ 1.DLL O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Planer - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE O23 - Service: Nero BackItUp Planer 3 - Nero AG - C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - plodan Technology Inc - C: \ WINDOWS \ system32 \ IoctlSvc.exe O23 - Service: siguran pristup Agent (SafeAccessAgent) - StillSecure - C: \ Program Files \ StillSecure \ siguran pristup Agent \ SAService.exe O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe O23 - Service: glediąta Manager Service - vidikovac Corporation - C: \ Program Files \ glediąta \ Common \ ViewpointService.exe -- End of file - 14719 bytes |
|
#8
23. Ruj 2008, 10:25
| |||
| |||
| Preuzimanje Malwarebytes' Anti-zaštita od zlonamjernih programa (MBAM)
Extra Napomena: Ako MBAM susrete datoteku koja je teško ukloniti, bit će predstavljen sa 1 of 2 upitom, kliknite U redu da biste bilo i nek MBAM nastaviti s procesom dezinfekcije, ako je zatraženo da ponovo pokrenete računalo, učinite to odmah. ---------- Sada pokrenite novu HijackThis skeniranja i post zapisnik uz MBAM log.
__________________ |
