MyCity » Ambulanta -> Arhiva Ambulante » Shontavi DESK TOP

Shontavi DESK TOP

Napisano na dan: 26.6.2008
1

Shontavi DESK TOP
Sledeća strana Pagination

Idi na vrh

Poslao: 26 Jun 2008 20:45
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

...ljudi imam nekakvi virus ili shta vec (poshto imam kaspersky 2009 ali on ne nalzai nikakve viruse) u kompu... problem mi previ poshto mi se na desktopu mjeshaju ikonice... blokira i usporava kompjuter....

poshto kasperski e moze da pomogne...imate li vi kakve savjetee...????



Poslao: 26 Jun 2008 20:48
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Uradi kako se ovde kaze:

[Link mogu videti samo ulogovani korisnici]



Poslao: 26 Jun 2008 20:56
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

Logfile of HijackThis v1.99.1
Scan saved at 20:51:37, on 26.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Programmi\Boot Camp\KbdMgr.exe
C:\Programmi\Java\jre1.6.0\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmi\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmi\TechSmith\SnagIt 8\SnagPriv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\iTunes\iTunes.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\User\Desktop\AMBULANTA\TRT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Programmi\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: CabBuilder - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Servizio orario Apple (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe

Dopuna: 26 Jun 2008 20:56

evo sam uradio kako je nardjeno =) sad pomazite....

p.s. problem je bio u tome shto mi se mjeshaju ikonice na destkopu i kompjuter usporava i blookira !!!

Poslao: 26 Jun 2008 21:17
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 27 Jun 2008 10:54
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

ComboFix 08-06-20.4 - User 2008-06-26 22:37:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1426 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\AMBULANTA\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-05-26 al 2008-06-26 )))))))))))))))))))))))))))))))))))
.

2008-06-23 14:36 . 2008-06-23 14:36 268 --ah----- C:\sqmdata14.sqm
2008-06-23 14:36 . 2008-06-23 14:36 244 --ah----- C:\sqmnoopt14.sqm
2008-06-22 16:01 . 2008-06-22 16:01 <DIR> d-------- C:\Programmi\TechSmith
2008-06-22 15:59 . 2008-06-22 15:59 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-19 21:23 . 2008-06-19 21:29 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-19 21:23 . 2008-06-19 21:29 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-19 21:22 . 2008-06-19 21:22 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-06-19 21:22 . 2008-06-26 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-19 21:22 . 2008-06-26 22:39 3,985,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-19 21:22 . 2008-06-26 22:39 417,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-19 21:22 . 2008-06-26 22:39 32,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-19 21:22 . 2008-06-26 22:39 2,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-19 14:50 . 2008-06-26 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 14:50 . 2008-06-19 14:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 09:56 . 2008-06-19 09:56 <DIR> d-------- C:\Programmi\QuickTime
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-18 16:19 . 2008-06-18 16:19 <DIR> d-------- C:\WINDOWS\Counter-Strike Source Non-Steam
2008-06-18 13:47 . 2008-06-18 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-06-16 23:53 . 2008-06-17 22:45 <DIR> d-------- C:\Programmi\eMule AdunanzA
2008-06-16 23:53 . 2008-06-16 23:53 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\eMule AdunanzA
2008-06-15 22:46 . 2008-06-15 22:46 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-15 22:09 . 2008-06-15 22:09 8,439,274 --a------ C:\zlaka canterl.EPS
2008-06-11 16:03 . 2008-04-22 09:42 625,664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-11 16:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:01 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:19 . 2007-05-22 11:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-06-10 18:15 . 2008-06-10 18:15 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 13:09 . 2008-06-09 14:02 424 --a------ C:\WINDOWS\ODBC.INI
2008-06-08 20:56 . 2008-06-08 20:56 <DIR> d-------- C:\Programmi\TVAnts
2008-06-05 20:52 . 2008-06-05 20:52 <DIR> d-------- C:\Programmi\Sports Interactive
2008-06-04 20:49 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-04 20:47 . 2008-06-19 01:46 <DIR> d-------- C:\Programmi\ESET
2008-05-27 21:24 . 2008-02-26 13:48 297,984 --------- C:\WINDOWS\system32\dllcache\msctf.dll
2008-05-26 10:47 . 2008-05-26 10:47 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\ESET
2008-05-26 10:46 . 2008-05-26 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 05:12 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-06-22 02:11 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\dvdcss
2008-06-18 00:40 --------- d-----w C:\Programmi\Winamp
2008-06-18 00:39 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-06-18 00:39 --------- d-----w C:\Programmi\Valve Hammer Editor
2008-06-14 20:14 --------- d-----w C:\Programmi\ApexDC++
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:19 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Abvent
2008-06-10 16:17 --------- d-----w C:\Programmi\Graphisoft
2008-06-10 16:15 --------- d-----w C:\Programmi\Java
2008-06-04 18:51 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-04 18:18 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Autodesk
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-21 03:15 --------- d-----w C:\Programmi\turbo squid tentacles
2008-05-21 03:11 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-21 03:11 --------- d-----w C:\Programmi\Autodesk
2008-05-10 00:19 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-05-09 23:27 --------- d-----w C:\Programmi\Webteh
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:02 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBUKEY
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBU-SYSTEMS
2008-05-06 10:16 --------- d-----w C:\Programmi\Google
2008-05-01 18:41 --------- d-----w C:\Programmi\SopCast
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-02 16:06 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-23 16:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007112320071124\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Microsoft©"="C:\WINDOWS\system32\dllcache\iexplore.exe" [2008-04-22 09:42 625664]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 00:48 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"IRW"="C:\WINDOWS\system32\IRW.exe" [2007-10-08 21:56 147456]
"Apple_KbdMgr"="C:\Programmi\Boot Camp\KbdMgr.exe" [2007-10-08 23:06 419120]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0\bin\jusched.exe" [2008-06-10 18:15 77824]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 06:16 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 06:43:54 11000]
SnagIt 8.lnk - C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe [2006-11-07 23:51:26 6366792]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"=
"C:\\Programmi\\ApexDC++\\ApexDC.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\WIBUKEY\\Server\\WkSvW32.exe"=
"C:\\Programmi\\Valve\\hlds.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"C:\\Programmi\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"C:\\Programmi\\Valve\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\system32\AppleOSSMgr.exe [2007-10-08 23:04]
R2 AppleTimeSrv;Servizio orario Apple;C:\WINDOWS\system32\AppleTimeSrv.exe [2007-10-08 23:05]
R2 KeyAgent;KeyAgent;C:\WINDOWS\system32\drivers\KeyAgent.sys [2007-10-08 21:56]
R2 MacHALDriver;Mac HAL;C:\WINDOWS\system32\drivers\MacHALDriver.sys [2007-10-08 21:56]
R3 aapltctp;Apple Trackpad Enabler;C:\WINDOWS\system32\DRIVERS\aapltctp.sys [2007-10-08 21:56]
R3 aapltp;Apple Trackpad;C:\WINDOWS\system32\DRIVERS\aapltp.sys [2007-10-08 21:56]
R3 applebt;Apple Built-in Bluetooth;C:\WINDOWS\system32\DRIVERS\applebt.sys [2007-10-08 21:56]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2007-10-08 21:56]
R3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2007-10-08 21:56]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 BthKicker;Apple Bluetooth Device Driver;C:\WINDOWS\system32\DRIVERS\BthKicker.sys [2007-10-08 21:56]
S3 iSightUpdate;iSight Update Driver;C:\WINDOWS\system32\DRIVERS\iSightUP.sys [2007-10-08 21:56]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Programmi\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027d1783-b0ce-11dc-9648-0017f2be917f}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c8e248d-c601-11dc-9656-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b0d288-cfea-11dc-9668-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f51558c-392a-11dd-978d-0017f2be917f}]
\Shell\AutoRun\command - e.cmd
\Shell\explore\Command - e.cmd
\Shell\open\Command - e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b7b9c37-9e6f-11dc-9634-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73944c5a-f2e4-11dc-96c9-0017f2be917f}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bb45fe-ea33-11dc-96ad-0017f2be917f}]
\Shell\AutoRun\command - E:\3wcxx91.cmd
\Shell\explore\Command - E:\3wcxx91.cmd
\Shell\open\Command - E:\3wcxx91.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed033586-9ae4-11dc-962c-0017f2be917f}]
\Shell\AutoRun\command - E:\t9peum02.exe
\Shell\explore\Command - E:\t9peum02.exe
\Shell\open\Command - E:\t9peum02.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-24 17:07:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 19:17:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-26 18:39:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-06-26 20:41:30 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-06-26 22:41:33
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\TechSmith\SnagIt 8\TscHelp.exe
C:\Programmi\TechSmith\SnagIt 8\SnagPriv.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-26 22:46:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 20:46:04

9 Directory 4,367,962,112 byte disponibili
11 Directory 8,896,143,360 byte disponibili

232 --- E O F --- 2008-06-20 14:38:34


a sad ?!? =)

Dopuna: 27 Jun 2008 10:54

doktoree...shto je bilo...nema mu lijekaa ??? =)

Poslao: 27 Jun 2008 11:55
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Boga mi, tesko ce ovo ici.

Moracu jos nesto da se konsultujem. Nadam se da cu do uvece naci nacina da pomognem.

Poslao: 27 Jun 2008 19:04
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

zazash da se toliko zarazio...

Dopuna: 27 Jun 2008 19:04

doktoree...shto je bilo...nema mu lijekaa ??? =)

Poslao: 27 Jun 2008 19:21
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Vidim da dizes pobunu, pa se bojim da ne ostanem bez pacijenta Laughing

Zarazen si i preko nekog Flasha.

Uradi kako se kaze:

Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.


Restartuj racunar i postavi mi novi ComboFix log.

Poslao: 27 Jun 2008 19:26
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

hihi...necesh necesh...necu se ja vishe mjeshat...=) postujem chim zavrshim hvala...

Dopuna: 27 Jun 2008 19:26

p.s. imam fleshku koju koristim i ponekad koristim iPOD...da li znachi da odradim i sa fleshkom i sa iPOD-om..pa da ti poshaljem log ili posebno jedno posebno drugo ???

Poslao: 27 Jun 2008 19:32
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Prvo uradi sa Fleskom, kasnije cemo da vidimo za iPod.

Flash Disinfector ne pravi logove, samo da znas.

Vec ComboFix.

MyCity » Ambulanta -> Arhiva Ambulante » Shontavi DESK TOP

Ko je trenutno na forumu
 

Ukupno su 1118 korisnika na forumu :: 62 registrovanih, 8 sakrivenih i 1048 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Aleksandar Tomić, alexbr, Avalon015, Bane san, bpop, Bubi, cifra, Clouseau, darkojbn, Dolinc, Dorcolac, dradex, ElGenius, esx66, GveX, HrcAk47, hyla, ikan, Ir, ivan1973, jackreacher011011, janezek67, JankoS, Jaz, Jezekijel, kib, komsija1, kutija11, ladro, Lazarus, ljuba, lord sir giga, M74AB3, Magistar78, MarkoD, Marky, mikidragi, Miloskec, milutin134, nuke92, opt1, Pero, Pilence, Pilipenda, Plavi1, PMsnow, powSrb, PrincipL, proka89, raf87, raster12, stegonosa, synergia, Tafocus, Tribal, Trpe Grozni, Visionary, Vlada1389, zdrebac, Zorge, Đole64, 800077