|
|
|||||||
| Registracija | Mapa Spy | Member List | Donacije | Pretraživanje | Today's Posts | Označi Sve Forume Kao Pročitane | Forum Rules |
|
 |
|
|
Thread Tools |
|
#1
31. listopada 2008, 03:00
|
|||
|
|||
|
Mama skinuti nešto
Bok,
Pa, moja mama i skinuti nešto vatrozida je došao gore sa neki poruku. Nekako ga je dobio prije instaliran rekla mi. Dakle, scans radite sada, to bi moglo potrajati neko vrijeme, jer je spor kompjuter. Ne znam što ga je pozvao da, to je sve čudne simbole, a nečitak. Imaš HijackThis log ipak, barem jednu stvar ne duga ... Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 8:53:31, na 31/10/2008 Platforma: Windows XP SP3 (Winnt 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ Windows \ System32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ Windows \ System32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ programa ~ 1 \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ Program Files \ pecati \ DAP.EXE C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbam.exe C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Avast4 \ ashSimpl.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe C: \ Program Files \ Avast4 \ Setup \ avast.setup R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer koje Administrator Kevin R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = lokalnih R3 - URLSearchHook: (no name) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file) O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download i Record Plugin za Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-zaštita od zlonamjernih programa] C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbamgui.exe / install / tihe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: Æô ¶ ¶ ¹ ¯ ÉËÙÍÁ. Lnk =? O8 - Extra kontekst meni stavka: Clean & Tragovi - C: \ Program Files \ pecati \ privatnosti Package \ dapcleanerie.htm O8 - Extra kontekst meni stavka: & & s pecati Download - C: \ Program Files \ pecati \ dapextie.htm O8 - Extra kontekst meni stavka: Download & all s pecati - C: \ Program Files \ pecati \ dapextie2.htm O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown vlasnika - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- End of file - 7692 bytes _______________________________________________ Bilo kakva pomoć je dobrodošla. BTW. Ne mogu pronaći ikonu koja izgleda kao 'deinstalirali' za mene, pa neće biti deinstaliranju opciju ...
__________________
HI:) |
|
#2
31. listopada 2008, 15:21
|
|||
|
|||
|
Mama skinuti nešto
Pa. Sam napustio scans pokrenuti preko noći, ali SuperAntiSpyware držati na nailazeći problemi i zatvoreno ... Imam MalwareBytes prijaviti ovdje:
Malwarebytes' Anti-zaštita od zlonamjernih programa 1,30 Database Version: 1343 5/1/2600 Windows Service Pack 3 1/11/2008 9:19:03 AM mbam-log-2008-11-01 (09-19-03). txt Scan type: Full Scan (C: \ | D: \ | E: \ |) Objekti skenirane: 190626 Proteklo vrijeme: 3 sata (a), 56 minute (s), 28 Drugi (a / e) Memory Processes zaraženih: 0 Memorijske module zaraženih: 0 Ključevi registra zaraženih: 0 Registry Values zaraženih: 0 Registry Data Items zaraženih: 0 Mape zaraženih: 0 Zaražene datoteke: 2 Memory Processes zaraženih: (Nema stavki otkrivenih zlonamjernih) Memorijske module zaraženih: (Nema stavki otkrivenih zlonamjernih) Ključevi registra zaraženih: (Nema stavki otkrivenih zlonamjernih) Registry Values zaraženih: (Nema stavki otkrivenih zlonamjernih) Registry Data Items zaraženih: (Nema stavki otkrivenih zlonamjernih) Mape zaraženih: (Nema stavki otkrivenih zlonamjernih) Zaražene datoteke: C: \ WINDOWS \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> karanteni i uspješno izbrisan.
__________________
HI:) |
|
#3
31. listopada 2008, 15:24
|
||||||||||||
|
||||||||||||
|
Mama skinuti nešto
Bok
__________________
Nastaviti sa scans imate, a zatim slijedite ove upute. Preuzimanje ComboFix iz jedne od tih lokacija: Link 1 Link 2 Link 3 * VAŽNO! Spremi ComboFix.exe na svoj Desktop
 Nakon što je Microsoft Windows Recovery Console je instaliran korištenjem ComboFix, trebali biste vidjeti slijedeću poruku:  Kliknite na Da, Da i dalje skeniranje za štetne sadržaje. Kada završite, ComboFix će proizvoditi dnevnik za vas. Molimo uključite C: \ ComboFix.txt u sljedećem odgovoru, alog s drugim dnevnicima. My System: To je sve moje ...
|
|
#4
31. listopada 2008, 15:52
|
|||
|
|||
|
Mama skinuti nešto
Iz nekog razloga, ComboFix zatvoreno SuperAntiSpyware dok je skeniranje, tako da je sada ponovo pokrenuti. I avast! ne pokrene na zadanu više ... Ja otvorite program, ali je još uvijek nije u programskoj traci stvar ... I taj program da je moja mama preuzeto je postavljen za prikazivanje na početni ... Prijavite se ovdje anyway:
ComboFix 08-10-30.13 - VIP 2008-11-01 9:36:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [11:00 GMT] Running from: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe * Created novu točku vraćanja . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ Warcraft III \ _desktop.ini C: \ WINDOWS \ system32 \ _005058_.tmp.dll C: \ WINDOWS \ system32 \ _005059_.tmp.dll C: \ WINDOWS \ system32 \ _005060_.tmp.dll C: \ WINDOWS \ system32 \ _005061_.tmp.dll C: \ WINDOWS \ system32 \ _005068_.tmp.dll C: \ WINDOWS \ system32 \ _005070_.tmp.dll C: \ WINDOWS \ system32 \ _005071_.tmp.dll C: \ WINDOWS \ system32 \ _005072_.tmp.dll C: \ WINDOWS \ system32 \ _005073_.tmp.dll C: \ WINDOWS \ system32 \ _005074_.tmp.dll C: \ WINDOWS \ system32 \ _005075_.tmp.dll C: \ WINDOWS \ system32 \ _005076_.tmp.dll C: \ WINDOWS \ system32 \ _005077_.tmp.dll C: \ WINDOWS \ system32 \ _005078_.tmp.dll C: \ WINDOWS \ system32 \ _005079_.tmp.dll C: \ WINDOWS \ system32 \ _005080_.tmp.dll C: \ WINDOWS \ system32 \ _005081_.tmp.dll C: \ WINDOWS \ system32 \ _005082_.tmp.dll C: \ WINDOWS \ system32 \ _005084_.tmp.dll C: \ WINDOWS \ system32 \ _005087_.tmp.dll C: \ WINDOWS \ system32 \ _005088_.tmp.dll C: \ WINDOWS \ system32 \ _005092_.tmp.dll C: \ WINDOWS \ system32 \ _005093_.tmp.dll C: \ WINDOWS \ system32 \ _005094_.tmp.dll C: \ WINDOWS \ system32 \ _005095_.tmp.dll C: \ WINDOWS \ system32 \ _005096_.tmp.dll C: \ WINDOWS \ system32 \ _005097_.tmp.dll C: \ WINDOWS \ system32 \ _005098_.tmp.dll C: \ WINDOWS \ system32 \ _005099_.tmp.dll C: \ WINDOWS \ system32 \ _005100_.tmp.dll C: \ WINDOWS \ system32 \ _005102_.tmp.dll C: \ WINDOWS \ system32 \ _005103_.tmp.dll C: \ WINDOWS \ system32 \ _005104_.tmp.dll C: \ WINDOWS \ system32 \ _005106_.tmp.dll C: \ WINDOWS \ system32 \ _005107_.tmp.dll C: \ WINDOWS \ system32 \ _005108_.tmp.dll C: \ WINDOWS \ system32 \ _005109_.tmp.dll C: \ WINDOWS \ system32 \ _005110_.tmp.dll C: \ WINDOWS \ system32 \ _005111_.tmp.dll C: \ WINDOWS \ system32 \ _005112_.tmp.dll C: \ WINDOWS \ system32 \ _005115_.tmp.dll C: \ WINDOWS \ system32 \ _005116_.tmp.dll C: \ WINDOWS \ system32 \ _005117_.tmp.dll C: \ WINDOWS \ system32 \ _005118_.tmp.dll C: \ WINDOWS \ system32 \ _005119_.tmp.dll C: \ WINDOWS \ system32 \ _005121_.tmp.dll C: \ WINDOWS \ system32 \ _005122_.tmp.dll C: \ WINDOWS \ system32 \ _005123_.tmp.dll C: \ WINDOWS \ system32 \ _005125_.tmp.dll C: \ WINDOWS \ system32 \ _005128_.tmp.dll C: \ WINDOWS \ system32 \ _005129_.tmp.dll C: \ WINDOWS \ system32 \ _005133_.tmp.dll C: \ WINDOWS \ system32 \ _005134_.tmp.dll C: \ WINDOWS \ system32 \ _005136_.tmp.dll C: \ WINDOWS \ system32 \ _005137_.tmp.dll C: \ WINDOWS \ system32 \ _005139_.tmp.dll C: \ WINDOWS \ system32 \ _005141_.tmp.dll C: \ WINDOWS \ system32 \ _005142_.tmp.dll C: \ WINDOWS \ system32 \ _005143_.tmp.dll C: \ WINDOWS \ system32 \ _005144_.tmp.dll C: \ WINDOWS \ system32 \ _005147_.tmp.dll C: \ WINDOWS \ system32 \ _005148_.tmp.dll C: \ WINDOWS \ system32 \ _005149_.tmp.dll C: \ WINDOWS \ system32 \ _005150_.tmp.dll C: \ WINDOWS \ system32 \ _005151_.tmp.dll C: \ WINDOWS \ system32 \ _005156_.tmp.dll C: \ WINDOWS \ system32 \ _005158_.tmp.dll C: \ WINDOWS \ system32 \ Cache C: \ WINDOWS \ system32 \ Cfx32.lic C: \ WINDOWS \ system32 \ cfx32.ocx . ((((((((((((((((((((((((((((((((((((((( Driveri / Usluge )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_NPF ((((((((((((((((((((((((( Files Created from 2008/09/28 da 2008/10/31 ))))))))))) )))))))))))))))))))) . 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes 2008-10-31 20:33. 2008-10-31 20:33 <DIR> d -------- C: \ Program Files \ Tudou 2008-10-24 12:04. 2008-10-16 03:34 337.408 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ netapi32.dll 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe 2008-09-18 19:05. 2008-10-31 20:52 <DIR> d -------- C: \ Program Files \ Avast4 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa 2008-10-31 09:32 --------- d --- AW C: \ Documents and Settings \ All Users \ Application Data \ Temp 2008-10-22 05:10 38.496 AW ---- C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 AW ---- C: \ Windows \ System32 \ Drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ ispred 2008-09-08 10:41 333.824 AW ---- C: \ Windows \ System32 \ Drivers \ srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e Xe" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] C: \ Documents and Settings \ Vip \ Start Menu \ Programs \ Startup \ ' "Ôîú ÓëÖμôû.lnk - C: \ Program Files \ Tudou \ Ú ÓëTudou \ TudouVa.exe [2008-07-06 3248128] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon] "UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU" = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ BitTorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ LimeWire Na Startup.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Na Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ PowerReg Planer V3.exe] backup = C: \ WINDOWS \ PSS \ PowerReg Planer V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Registracija Tom Clancy's Rainbow Six] backup = C: \ WINDOWS \ PSS \ Registration Tom Clancy's Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ SpeedFan.lnk] backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ WordWeb.lnk] backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BitTorrent HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Boss Key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ swg HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Adobe Photo Downloader] - a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ ispred \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ demon Alati] - a ------ 2005-12-11 01:57 133016 C: \ Program Files \ demon Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LanguageShortcut] - a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task] - a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl] - a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Parna] - a ------ 2008-03-29 09:39 1271032 C: \ Ventil \ Parna \ Steam.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent] - a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent] - a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ C-Media mixer] - a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ Services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Obavijest Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "MDM" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "Pml Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ pecati \ \ DAP.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "<NO Name>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" = "C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = "C: \ \ Program Files \ \ Tudou \ \ ÉËÙTudou \ \ TudouVa.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Onemogućene: @ xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Onemogućene: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Onemogućene: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Onemogućene: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Onemogućene: BitComet 6555 UDP R1 aswSP; avast! Self Protection; C: \ Windows \ System32 \ Drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Trake Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk; C: \ Windows \ System32 \ Drivers \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT; C: \ Windows \ System32 \ Drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT; C: \ Windows \ System32 \ Drivers \ SBKUPN T. sys [2001-07-13 14976] S3 motccgp; Motorola USB Composite Device Driver; C: \ Windows \ System32 \ Drivers \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService; C: \ WINDOWS \ system32 \ DRI Vers \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc USB uređaja; C: \ Windows \ System32 \ Drivers \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 adapter NT Vozač, C: \ Windows \ System32 \ Drivers \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042; C: \ WINDOWS \ system32 \ XDva042.sys [] . Sadržaj je 'Scheduled Tasks' folder 2008/10/01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008/10/27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007/05/14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008/10/25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . - - - - Orphans Odstranjena - - - -- URLSearchHooks-0A94B116 (-4504-4e26-AB05-E61E474AA38B) - (no file) ShellIconOverlayIdentifiers-heksadecimalna (2): 7b, 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 d, 34,30,32,39,2 d, 39, 35,38, \ - (no file) ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (no file) MSConfigStartUp-COMODO Firewall Pro - C: \ Program Files \ COMODO \ Firewall \ cfp.exe MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Faks Rješenja \ fm3032.exe MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe . ------- Supplementary Scan ------- . FireFox -: Profil - C: \ Documents and Settings \ Vip \ Application Data \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com / . . File Associations ------- ------- . txtfile = C: \ WINDOWS \ NOTEPAD.EXE% 1 . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2008-11-01 09:42:02 5/1/2600 Windows Service Pack 3 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . ------------------------ Other Running Processes ----------------------- -- . C: \ WINDOWS \ system32 \ ati2evxx.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ ati2evxx.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ system32 \ searchindexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ system32 \ imapi.exe . ************************************************** ************************ . Completion time: 2008-11-01 9:47:03 - stroj je ponovno podizanje sustava ComboFix-u karanteni-files.txt 2008-10-31 22:46:53 Pre-Run: 17476198400 bytes free Post-Run: 17429176320 bytes free WindowsXP-KB310994-SP2-Pro-Bootdisk-enu.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] C: \ CMDCONS \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect 335 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________________________________ EDIT: Bio sam i ja da kliknete oko pronašao ikonu da izgledao kao deinstalirati. Ja kliknuo i počelo deinstaliranju (ili barem ja se nadam da je), jer je u čudne simbole.
__________________
HI:) |
|
#5
31. listopada 2008, 18:39
|
|||
|
|||
|
Mama skinuti nešto
SuperAntiSpyware log. Morao sam to skenirati brzo, jer bi uvijek dolazi do pogrešku kada sam u punoj scan.
SUPERAntiSpyware Scan Prijava http://www.superantispyware.com Generirano 11/01/2008 at 11:45 Application Version: 4/21/1004 Core Pravila Database Version: 3618 Trace Pravila Database Version: 1603 Scan type: Quick Scan Ukupno Scan Vrijeme: 00:35:28 Memorija predmeta skenirane: 490 Memorija prijetnje otkrivena: 0 Registry stavke skenirane: 436 Matični prijetnje otkrivena: 0 File skenirane podatke: 33788 File prijetnje otkrivena: 2 Trojan.Vundo-Varijanta / F C: \ Windows \ System32 \ AZIPCONTMN.DLL C: \ Windows \ System32 \ SYSFOLDERAZIPCNT.DLL
__________________
HI:) |
|
#6
1. studenog 2008, 10:16
|
|||
|
|||
|
Mama skinuti nešto
Bok ponovo
Molimo vas da ne klikaju na nešto više ili pokrenite bilo koji skenira, osim ako mi savjetujemo Vam da na taj način. Ono što čini samo zbunjujuće za mene - ja vidim stavku u jedan zapisnik, ali je otišao od sljedećeg i tako dalje - hvala. JA ono što je sumnjivo ovaj je problem C: \ Program Files \ Tudou ako vaš mama je fan od kineskog verziju YouTube.  Želim da imaju pogled na one dvije datoteke pronađeno po SAS. Molimo idi na: VirusTotal
C: \ Windows \ System32 \ SYSFOLDERAZIPCNT.DLL Combofix
Code:
Folder: C: \ Program Files \ Tudou  Spremi kao CFScript.txt, Na istom mjestu kao ComboFix.exe  Osvrchuchi se na slici gore, povucite CFScript na ComboFix.exe. Kada završite, on će proizvesti prijava za Vas "C: \ ComboFix.txt" Ne mouseclick combofix's prozor dok je pokrenut. Ovaj svibanj uzrokovati da se zatajiti. OPREZ! Bilo tko drukčije misli koristeći gore original to čini na vlastitu odgovornost - vi svibanj kraj gore što nećete morati ponovo instalirati sustav Windows? Molimo, prijavite se post C: \ ComboFix.txt , U VirusTotal rezultate i svježeg HijackThis Log za daljnje razmatranje. |
|
#7
1. studenog 2008, 16:53
|
|||
|
|||
|
Mama skinuti nešto
Pa moja mama gleda neki kineski video ... Nisam mogao naći datoteka prilikom pregledavanja u VirusTotal. Čak sam išao na njih u Explorer, a nije mogla naći oboje. Dobio logs:
ComboFix: ComboFix 08-11-01.01 - VIP 2008-11-02 10:36:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [11:00 GMT] Running from: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe Naredba prekidači koji se koriste:: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt * Created novu točku vraćanja . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ Tudou . ((((((((((((((((((((((((( Files Created from 2008/10/01 da 2008/11/01 ))))))))))) )))))))))))))))))))) . 2008-11-01 09:55. 2008-11-01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Uniblue 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes 2008-10-24 12:04. 2008-10-16 03:34 337.408 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ netapi32.dll 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-10-31 09:52 --------- d ----- w C: \ Program Files \ Avast4 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa 2008-10-31 09:32 --------- d --- AW C: \ Documents and Settings \ All Users \ Application Data \ Temp 2008-10-22 05:10 38.496 AW ---- C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 AW ---- C: \ Windows \ System32 \ Drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ ispred 2008-09-15 12:12 1.846.400 AW ---- C: \ WINDOWS \ system32 \ Win32k.sys 2008-09-08 10:41 333.824 AW ---- C: \ Windows \ System32 \ Drivers \ srv.sys 2008-08-28 07:46 74.752 AW ---- C: \ WINDOWS \ system32 \ msw3prt.dll 2008-08-28 07:46 104.960 AW ---- C: \ WINDOWS \ system32 \ win32spl.dll 2008-08-26 07:24 826.368 AW ---- C: \ WINDOWS \ system32 \ Wininet.dll 2008-08-14 10:11 2.189.184 AW ---- C: \ WINDOWS \ system32 \ ntoskrnl.exe 2008-08-14 09:33 2.066.048 AW ---- C: \ WINDOWS \ system32 \ Ntkrnlpa.exe 2008-07-29 12:05 32.768 - SHA-w C: \ Windows \ System32 \ Config \ systemprofile \ Local Settings \ Povijest \ History.IE5 \ MSHist012008072920080 730 \ Index.dat . ((((((((((((((((((((((((((((( Hitac @ 2008-11-01_ 9.46.14.14 ))))))))))) )))))))))))))))))))))))))))))) . - 2008-10-31 22:41:26 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat + 2008-11-01 23:26:02 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e Xe" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] "avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon] "UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU" = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ BitTorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ LimeWire Na Startup.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Na Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ PowerReg Planer V3.exe] backup = C: \ WINDOWS \ PSS \ PowerReg Planer V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Registracija Tom Clancy's Rainbow Six] backup = C: \ WINDOWS \ PSS \ Registration Tom Clancy's Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ SpeedFan.lnk] backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ Startup ^ WordWeb.lnk] backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BitTorrent HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Boss Key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ swg HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Adobe Photo Downloader] - a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ ispred \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ demon Alati] - a ------ 2005-12-11 01:57 133016 C: \ Program Files \ demon Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LanguageShortcut] - a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task] - a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl] - a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Parna] - a ------ 2008-03-29 09:39 1271032 C: \ Ventil \ Parna \ Steam.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent] - a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent] - a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ C-Media mixer] - a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ Services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Obavijest Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "MDM" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "Pml Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ pecati \ \ DAP.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "<NO Name>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" = "C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Onemogućene: @ xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Onemogućene: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Onemogućene: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Onemogućene: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Onemogućene: BitComet 6555 UDP R1 aswSP; avast! Self Protection; C: \ Windows \ System32 \ Drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Trake Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk; C: \ Windows \ System32 \ Drivers \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT; C: \ Windows \ System32 \ Drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT; C: \ Windows \ System32 \ Drivers \ SBKUPN T. sys [2001-07-13 14976] S3 motccgp; Motorola USB Composite Device Driver; C: \ Windows \ System32 \ Drivers \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService; C: \ WINDOWS \ system32 \ DRI Vers \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc USB uređaja; C: \ Windows \ System32 \ Drivers \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 adapter NT Vozač, C: \ Windows \ System32 \ Drivers \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042; C: \ WINDOWS \ system32 \ XDva042.sys [] . Sadržaj je 'Scheduled Tasks' folder 2008/10/01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008/10/27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007/05/14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008/10/25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2008-11-02 10:39:31 5/1/2600 Windows Service Pack 3 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . Completion time: 2008-11-02 10:41:44 ComboFix-u karanteni-files.txt 2008-11-01 23:41:32 ComboFix2.txt 2008-10-31 22:47:05 Pre-Run: 17222828032 bytes free Post-Run: 17200967680 bytes free 233 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________ HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 10:50:19, dana 2/11/2008 Platforma: Windows XP SP3 (Winnt 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = lokalnih O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download i Record Plugin za Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [avast] C: \ Program Files \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O8 - Extra kontekst meni stavka: Clean & Tragovi - C: \ Program Files \ pecati \ privatnosti Package \ dapcleanerie.htm O8 - Extra kontekst meni stavka: & & s pecati Download - C: \ Program Files \ pecati \ dapextie.htm O8 - Extra kontekst meni stavka: Download & all s pecati - C: \ Program Files \ pecati \ dapextie2.htm O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown vlasnika - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- End of file - 6734 bytes
__________________
HI:) |
|
#8
2. studenoga 2008, 05:29
|
|||
|
|||
|
Mama skinuti nešto
Bok
Te dvije datoteke nisu našli po combofix, tako da nisam stvarno očekujete da se tamo. Kako je sustav pokrenut sada? Let's pokrenuti online scan. Obavi online scan sa Panda ActiveScan
|
|
#9
3. studeni 2008, 03:07
|
|||
|
|||
|
Mama skinuti nešto
Quote:
__________________
HI:) |
|
#10
5. studenog 2008, 07:45
|
|||
|
|||
|
Mama skinuti nešto
Bok ponovo
Isprike za ne dobivanje natrag na vas ranije - u stvarnom životu je prilično zauzet u ovom trenutku. Kako je sustav pokrenut sada? Jedini predmet je PowerRegScheduler - možete ukloniti ako želite. |
