Poslao: 06 Jan 2009 20:19
|
offline
- Acid_Burn
- Moderator foruma
- Glavni moderator foruma Zabava
- Hellraiser
- Demon to some. Angel to others
- Pridružio: 07 Jan 2005
- Poruke: 25503
- Gde živiš: Beneath the Black Sky
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:36, on 1/6/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AltBinz\altbinz.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Siki\AppData\Local\Temp\nro.tmp\"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Keyboard\KMWDSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
--
End of file - 6446 bytes
|
|
|
|
Poslao: 06 Jan 2009 20:24
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Mislis na ovo:
C:\Windows\system32\conime.exe
Kada ti se to pojavilo? To moze da bude i legitimno.
Citat:Conime.exe is also the name of a legitimate Windows file located in the system32 folder. It's the Microsoft Console IME (Input Method Editor). It executes whenever a command prompt is opened, so it seems that it’s used for Asian language input support in the command prompt.
“This entry is used only when the locale of the computer is set to 932 (Japanese), 936 (Chinese), 949 (Korean Unified Hangul), or 950 (Chinese Big5 Extended).”
|
|
|
|
Poslao: 06 Jan 2009 20:30
|
offline
- Acid_Burn
- Moderator foruma
- Glavni moderator foruma Zabava
- Hellraiser
- Demon to some. Angel to others
- Pridružio: 07 Jan 2005
- Poruke: 25503
- Gde živiš: Beneath the Black Sky
|
Da na to...
Pojavilo se pre nekih 4 dana odprilike
|
|
|
|
Poslao: 06 Jan 2009 20:32
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Mozda je glupo pitanje ali, da nisi mozda presao na Kineski ili Japanski
I sta uopste to radi? Nisam to nikada video?
|
|
|
|
|
|
Poslao: 06 Jan 2009 21:16
|
offline
- Acid_Burn
- Moderator foruma
- Glavni moderator foruma Zabava
- Hellraiser
- Demon to some. Angel to others
- Pridružio: 07 Jan 2005
- Poruke: 25503
- Gde živiš: Beneath the Black Sky
|
ComboFix 09-01-05.05 - Siki 2009-01-06 20:54:59.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.3071.2180 [GMT 1:00]
Running from: c:\users\Siki\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090106-0] *On-access scanning disabled* (Updated)
FW: Vista Firewall Control *enabled*
.
ADS - Windows: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\installer.exe
.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.
2009-01-03 00:27 . 2009-01-03 00:28 <DIR> d-------- c:\program files\Nero 9
2009-01-02 23:45 . 2009-01-02 23:45 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-02 23:19 . 2009-01-02 23:19 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-01-02 23:19 . 2009-01-02 23:19 <DIR> d-------- c:\programdata\TuneUp Software
2009-01-02 23:19 . 2009-01-02 23:20 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-02 23:19 . 2009-01-02 23:19 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-02 23:19 . 2009-01-02 23:19 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-02 23:19 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-02 23:19 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-02 23:18 . 2009-01-02 23:18 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-02 23:18 . 2009-01-02 23:18 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-02 22:35 . 2009-01-02 22:35 <DIR> d-------- c:\program files\RegCleaner
2009-01-02 22:28 . 2009-01-02 22:28 <DIR> dr------- c:\users\Siki\Documents
2009-01-02 22:15 . 2009-01-03 00:28 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-01 21:30 . 2009-01-02 22:30 <DIR> d-------- c:\users\All Users\SlySoft
2009-01-01 21:30 . 2009-01-02 22:30 <DIR> d-------- c:\programdata\SlySoft
2009-01-01 21:27 . 2009-01-01 21:27 <DIR> d-------- c:\program files\Elaborate Bytes
2008-12-31 12:44 . 2008-12-31 12:44 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 11:49 . 2008-12-19 23:08 <DIR> d-------- c:\program files\Hamachi
2008-12-19 11:49 . 2008-12-19 11:49 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2008-12-18 16:25 . 2009-01-02 22:31 27,928 --a------ c:\windows\System32\ClipData.dat
2008-12-17 20:32 . 2008-12-17 20:32 <DIR> dr------- c:\users\Public\Videos
2008-12-17 14:29 . 2008-11-04 19:12 39,409,064 --a------ c:\windows\System32\ashampoo_burning_studio_8_804_sm.exe
2008-12-17 07:20 . 2008-12-17 07:20 <DIR> d-------- c:\users\All Users\ashampoo
2008-12-17 07:20 . 2008-12-17 07:20 <DIR> d-------- c:\programdata\ashampoo
2008-12-15 18:37 . 2008-12-15 18:37 65,536 --------- c:\windows\SPInstall.etl
2008-12-14 11:03 . 2008-12-14 11:03 174 --a------ c:\windows\wininit.ini
2008-12-09 20:15 . 2009-01-02 23:26 <DIR> d-------- c:\program files\DiskTrix
2008-12-08 21:21 . 2008-12-08 21:21 <DIR> d-------- c:\users\Public\Pictures
2008-12-07 11:32 . 2008-12-07 11:32 15,561,728 --a------ c:\windows\System32\imageres.dll
2008-12-07 11:25 . 2008-12-07 11:25 <DIR> d-------- c:\users\All Users\Stardock
2008-12-07 11:25 . 2008-12-07 11:25 <DIR> d-------- c:\programdata\Stardock
2008-12-07 11:25 . 2007-06-05 11:26 567,040 --a------ c:\windows\System32\wbocx.ocx
2008-12-07 11:25 . 2007-06-05 11:26 56,496 --a------ c:\windows\System32\wbhelp2.dll
2008-12-07 10:11 . 2008-12-07 10:11 <DIR> d-------- c:\users\All Users\{60727955-924B-4A9F-9506-5104848B6673}
2008-12-07 10:11 . 2008-12-07 10:11 <DIR> d-------- c:\programdata\{60727955-924B-4A9F-9506-5104848B6673}
2008-12-07 10:11 . 2008-12-07 10:11 <DIR> d-------- c:\program files\Trust
2008-12-07 10:11 . 2007-03-29 15:00 17,024 --a------ c:\windows\System32\drivers\KMWDFilter.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 17:14 --------- d-----w c:\programdata\DVD Shrink
2009-01-03 22:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-03 13:39 --------- d-----w c:\program files\totalcmd
2009-01-03 08:22 --------- d-----w c:\program files\Common Files\Adobe
2009-01-02 22:40 --------- d-----w c:\programdata\Nero
2009-01-02 21:40 --------- d---a-w c:\programdata\TEMP
2008-12-29 12:24 --------- d-----w c:\program files\Unlocker
2008-12-18 15:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 10:25 --------- d-----w c:\program files\Stardock
2008-12-07 00:51 --------- d-----w c:\program files\Mozilla Sunbird
2008-12-07 00:50 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-05 14:50 --------- d-----w c:\program files\FlashGet
2008-12-04 15:52 --------- d-----w c:\program files\7-Zip
2008-12-02 19:45 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-30 01:21 --------- d-----w c:\programdata\Lavasoft
2008-11-30 01:20 --------- d-----w c:\program files\Lavasoft
2008-11-30 00:55 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-30 00:53 --------- d-----w c:\program files\VistaCodecPack
2008-11-28 08:43 --------- d-----w c:\program files\Common Files\GTK
2008-11-28 08:21 262,144 ----a-w c:\programdata\ntuser.dat
2008-11-28 08:20 573,096 ----a-w c:\windows\System32\CEmLSP.dll
2008-11-27 21:04 --------- d-----w c:\program files\KellySoftware
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-24 14:32 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-11-23 23:36 2,942,464 ----a-w c:\windows\Matrix_ks.SCR
2008-11-19 17:21 93,128 ----a-w c:\windows\System32\ElbyCDIO.dll
2008-11-19 07:31 --------- d-----w c:\programdata\Ahead
2008-11-13 07:32 682,280 ----a-w c:\windows\System32\pbsvc.exe
2008-11-12 08:39 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\divx.dll
2008-10-28 21:22 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-28 20:34 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-19 11:35 319,488 ----a-w c:\windows\HideWin.exe
2008-10-19 11:35 319,456 ----a-w c:\windows\DIFxAPI.dll
2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-16 398992]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"VistaFirewallControl"="c:\program files\VistaFirewallControl\VistaFirewallControl.exe" [2008-07-11 716800]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
c:\users\Siki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
altbinz.lnk - c:\program files\AltBinz\altbinz.exe [2007-09-27 1069568]
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-03-01 118784]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-18 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DynDNS Updater.lnk
backup=c:\windows\pss\DynDNS Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^emSwapAP2.EXE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\emSwapAP2.EXE.lnk
backup=c:\windows\pss\emSwapAP2.EXE.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^etMon.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\etMon.exe.lnk
backup=c:\windows\pss\etMon.exe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 14:51 212992 c:\program files\Trust\Trust R-Series Keyboard\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 92704 c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-02 13:32 1004136 c:\program files\Windows Defender\MSASCui.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71EC5819-C52F-4849-95D9-F4C5B9140BEF}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0938F56B-1AB7-48B8-AA84-BA23462ACCCF}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{D185DBE2-6D47-4CA1-B1E1-73DA11A1047C}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{27803391-C27F-495E-892B-FF59FD4D3E04}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{4B8A793E-C1EC-4C37-9D73-0830BA3E2F31}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{EAB7D644-C478-4B73-84B4-DD0ED9CF65D7}"= UDP:65000:utorrent
"TCP Query User{C005D234-FCBF-425E-87EC-0F73EDEEA1CC}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{EFD3746D-31D5-4DA7-8A6D-474F511AF6B6}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{EE9F60F9-19ED-4843-B243-38995205C2BC}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CE57D70C-947B-4674-A262-F5C3974EE883}e:\\games\\activision\\call of duty - world at war\\codwaw.exe"= UDP:e:\games\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{3E512C55-FDEA-4E2F-BF53-D3847F76D89E}e:\\games\\activision\\call of duty - world at war\\codwaw.exe"= TCP:e:\games\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{A1AB4C31-D57A-4DE5-803B-5A868D868305}"= Disabled:UDP:c:\program files\Internet Explorer\iexplore.exe:iexplore
"{8293248D-C5A2-4921-8E0A-40604C90863C}"= Disabled:TCP:c:\program files\Internet Explorer\iexplore.exe:iexplore
"{3DDF30A3-ED8A-4D12-8E1E-AEDA5D133E82}"= UDP:21:ftp
"{F3C619DB-546A-4217-9519-121A2C80E867}"= TCP:21:ftp
"{0050F536-8975-4024-AD94-BB154E9EEC9D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{89D6DC24-9497-4769-9F02-AEE787C68BF2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-10-18 111184]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2008-10-18 15504]
R3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;c:\windows\System32\drivers\slnt.sys [2008-10-18 18004]
R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-10-18 20560]
R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-10-18 51792]
R4 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Keyboard\KMWDSrv.exe [2007-04-05 208896]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-18 172688]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-10-18 809296]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-02 603904]
R4 VistaFirewallService;VistaFirewallService;c:\program files\VistaFirewallControl\VistaFirewallService.exe [2008-10-27 286720]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-01-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-cl_rate - c:\windows\system32\installer.exe
MSConfigStartUp-etMonitor - c:\windows\etMon.exe
MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe
MSConfigStartUp-Google Update - c:\users\Siki\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Siki\AppData\Roaming\Mozilla\Firefox\Profiles\c7f2h23x.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 21:07:00
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-06 21:08:45
ComboFix-quarantined-files.txt 2009-01-06 20:08:43
Pre-Run: 1,335,095,296 bytes free
Post-Run: 1,311,694,848 bytes free
225
|
|
|
|
Poslao: 06 Jan 2009 22:17
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Nadji sledecu liniju:
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Siki\AppData\Local\Temp\nro.tmp\"
selektuj je i klikni FIX CHECKED
Resetuj komp i postavi mi novi HJT log.
|
|
|
|
Poslao: 07 Jan 2009 07:24
|
offline
- Acid_Burn
- Moderator foruma
- Glavni moderator foruma Zabava
- Hellraiser
- Demon to some. Angel to others
- Pridružio: 07 Jan 2005
- Poruke: 25503
- Gde živiš: Beneath the Black Sky
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:18:15, on 1/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AltBinz\altbinz.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Keyboard\KMWDSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
--
End of file - 5333 bytes
|
|
|
|
|