MyCity » Ambulanta -> Arhiva Ambulante » Trojanci :S

Trojanci :S

Napisano na dan: 26.9.2008

Strana:
1
2
3
4

Trojanci :S

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

Janki90 Poslao: 26 Sep 2008 20:35 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Danas mi je pc izbacio ovu sliku (tj slika no1) , juce je nod pronaso neki trojan download-er sprint.dll , danas je pronasao v2messen.exe ...Probao sam cistiti ceo komp , ali izgleda da je ipak nesto ostalo... (posto sad posle ciscenja , opet mi izbacio prvu sliku...) evo log file sa hijackthis Unapred hvala Logfile of HijackThis v1.99.1 Scan saved at 8:23:29 PM, on 9/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\RivaTuner v2.09\RivaTuner.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Borland\InterBase\bin\ibguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ALCFDRTM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Borland\InterBase\bin\ibserver.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Janki\Desktop\hhh.exe O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FED74750-F77B-4734-8094-EB6A31216EAD}: NameServer = 10.10.2.69,10.10.2.79,208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Profil

helen1 Poslao: 26 Sep 2008 20:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------ Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Janki90 Poslao: 26 Sep 2008 20:39 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sad sam pronasao na netu da : C:\WINDOWS\system32\wuauclt.exe moze biti virus (posto imam iskljucen auto update za win...)

Profil

helen1 Poslao: 26 Sep 2008 20:40 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Janki90 ::sad sam pronasao na netu da : C:\WINDOWS\system32\wuauclt.exe moze biti virus (posto imam iskljucen auto update za win...) Za ovo ne brini. Uradi ono gore.

Profil

Janki90 Poslao: 26 Sep 2008 20:45 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo log: ComboFix 08-09-25.07 - Janki 2008-09-26 20:38:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1538 [GMT 2:00] Running from: C:\Documents and Settings\Janki\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx . ((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-26 15:11 . 2008-09-26 15:15 <DIR> d-------- C:\Program Files\a-squared Free 2008-09-26 15:10 . 2008-09-26 16:10 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-09-26 13:11 . 2008-09-26 20:18 110,592 --a------ C:\WINDOWS\system32\sprint.dll 2008-09-18 20:16 . 2008-09-18 20:16 <DIR> d-------- C:\Program Files\Safer Networking 2008-09-18 20:11 . 2008-09-18 20:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-18 20:11 . 2008-09-26 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-18 12:31 . 2008-09-18 12:33 <DIR> d-------- C:\Program Files\Magic Swf2Avi 2008 2008-09-18 00:51 . 2008-09-18 00:54 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\SWF.max 2008-09-17 19:34 . 2008-09-17 19:34 <DIR> d-------- C:\Program Files\SWF.max 2008-09-17 19:27 . 2008-09-17 19:29 <DIR> d-------- C:\Program Files\FlashGet 2008-09-16 22:53 . 2008-09-26 20:30 250 --a------ C:\WINDOWS\gmer.ini 2008-09-08 16:38 . 2008-09-08 16:38 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-09-08 16:37 . 2008-09-08 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-09-08 16:37 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-08 16:36 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-09-08 16:35 . 2008-09-08 16:36 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-09-08 16:35 . 2008-09-08 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-09-08 15:30 . 2008-09-08 15:30 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Program Files\Binaryfish 2008-09-03 17:22 . 2008-09-03 17:22 <DIR> d-------- C:\Program Files\Muff 2008-08-30 13:04 . 2008-08-30 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-26 18:20 --------- d-----w C:\Documents and Settings\Janki\Application Data\uTorrent 2008-09-26 13:11 --------- d-----w C:\Documents and Settings\Janki\Application Data\Orbit 2008-09-25 17:27 --------- d-----w C:\Program Files\ICQ6 2008-09-23 11:02 --------- d-----w C:\Documents and Settings\Janki\Application Data\OpenOffice.org2 2008-09-19 15:00 --------- d-----w C:\Program Files\SpeedFan 2008-09-12 12:07 --------- d-----w C:\Program Files\TQ Defiler 2008-09-08 14:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-09-08 14:36 --------- d-----w C:\Program Files\Common Files\Logitech 2008-09-08 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-08 13:57 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-09-03 22:56 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-08-30 11:02 --------- d-----w C:\Program Files\ATI Technologies 2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\skypePM 2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\Skype 2008-08-24 18:33 --------- d-----w C:\Documents and Settings\Janki\Application Data\MyPhoneExplorer 2008-08-23 13:56 --------- d-----w C:\Program Files\Lavalys 2008-08-19 22:09 --------- d-----w C:\Documents and Settings\Janki\Application Data\Winamp 2008-08-13 17:50 --------- d-----w C:\Program Files\Western Digital 2008-08-08 04:23 --------- d-----w C:\Program Files\Recuva 2008-08-03 02:24 --------- d-----w C:\Program Files\Skype 2008-08-03 02:24 --------- d-----w C:\Program Files\Common Files\Skype 2008-08-03 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-08-02 14:52 --------- d-----w C:\Program Files\Opera 2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-07-14 07:07 714 ----a-w C:\ma477.bin 2008-07-09 21:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-07-09 21:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-06-30 18:08 692,058 ----a-w C:\WINDOWS\system32\unins000.exe 2008-03-09 05:25 236 ----a-w C:\Program Files\Common Files\dx.reg . ------- Sigcheck ------- 2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-04 02:56 57856 dbc194be82732d43f9712dc7beb41611 C:\WINDOWS\system32\spoolsv.exe 2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\system32\dllcache\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-09-03 267056] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-10 2645528] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 C:\WINDOWS\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -r------- 2007-05-25 06:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared] --a------ 2008-07-31 14:46 2131600 C:\Program Files\a-squared Anti-Malware\a2guard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall] --a------ 2007-02-22 19:53 2209224 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2008-07-16 16:57 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "D:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696] R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2006-04-13 8192] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-10 1386008] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 3712] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 GPU-Z;GPU-Z;C:\DOCUME~1\Janki\LOCALS~1\Temp\GPU-Z.sys [ ] S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-08 354560] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5ecb81-5739-11dd-b5bc-00055dd3fac7}] \Shell\AutoRun\command - I:\Programs\totalcmd\TCPowerPack.exe . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AtiTrayTools - C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe MSConfigStartUp-Google Update - C:\Documents and Settings\Janki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe MSConfigStartUp-Sony Ericsson PC Suite - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Janki\Application Data\Mozilla\Firefox\Profiles\f0srcxv9.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 20:39:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . Completion time: 2008-09-26 20:39:39 ComboFix-quarantined-files.txt 2008-09-26 18:39:36 Pre-Run: 8,794,304,512 bytes free Post-Run: 8,906,625,024 bytes free 209

Profil

helen1 Poslao: 26 Sep 2008 21:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi sledeci fajl: C:\WINDOWS\system32\sprint.dll preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

Janki90 Poslao: 27 Sep 2008 13:33 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduvao sam taj file (zipovao sam ga).Koliko se secam (i koliko pise u nod32 log-u) taj file je bio izbrisan iz mog racunara o.O (nod ga je detektovao kao virus)... Dopuna: 27 Sep 2008 13:33 Koliko sam primetio , ove fajlove (na slici) se uvek ponavljaju (tj uvek ih obrisem a posle restarta , opet se pojave :

Profil

helen1 Poslao: 27 Sep 2008 14:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zasto ih sve brises? Iskljuci AV, pa onda: Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti program sa ovog linka na Desktop. - Pokrenuti ga dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\sprint.dll DirLook:: C:\Program Files\Muff` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Janki90 Poslao: 27 Sep 2008 16:33 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jedino ativvax ne brisem...za ove dots.exe , sprint.dll i fntcache na netu pise da su virusi/spyware....uradio sam sve kako si rekao (btw ona prva slika koju sam uploadovao se uvek pojavljuje (na svakih ~60 min) ).. evo log ComboFix 08-09-26.06 - Janki 2008-09-27 16:28:28.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1611 [GMT 2:00] Running from: C:\Documents and Settings\Janki\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Janki\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\sprint.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\sprint.dll . ((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 ))))))))))))))))))))))))))))))) . 2008-09-27 12:58 . 2008-09-27 16:25 0 --a------ C:\WINDOWS\system32\ativvaxx.cap 2008-09-27 12:47 . 2008-09-27 12:47 151,552 --a------ C:\WINDOWS\system32\dots.exe 2008-09-26 23:04 . 2008-09-26 23:04 <DIR> d-------- C:\Documents and Settings\Administrator 2008-09-26 21:30 . 2008-09-26 21:30 <DIR> d---s---- C:\WINDOWS\Cookies 2008-09-26 20:53 . 2008-09-26 21:31 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\BSplayer PRO 2008-09-26 15:11 . 2008-09-26 15:15 <DIR> d-------- C:\Program Files\a-squared Free 2008-09-26 15:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-09-18 20:16 . 2008-09-18 20:16 <DIR> d-------- C:\Program Files\Safer Networking 2008-09-18 20:11 . 2008-09-18 20:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-18 20:11 . 2008-09-27 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-18 12:31 . 2008-09-18 12:33 <DIR> d-------- C:\Program Files\Magic Swf2Avi 2008 2008-09-18 00:51 . 2008-09-27 03:51 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\SWF.max 2008-09-17 19:34 . 2008-09-17 19:34 <DIR> d-------- C:\Program Files\SWF.max 2008-09-17 19:27 . 2008-09-17 19:29 <DIR> d-------- C:\Program Files\FlashGet 2008-09-16 22:53 . 2008-09-26 20:30 250 --a------ C:\WINDOWS\gmer.ini 2008-09-08 16:38 . 2008-09-08 16:38 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-09-08 16:37 . 2008-09-08 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-09-08 16:37 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-08 16:36 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-09-08 16:35 . 2008-09-08 16:36 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-09-08 16:35 . 2008-09-08 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-09-08 15:30 . 2008-09-08 15:30 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Program Files\Binaryfish 2008-09-03 17:22 . 2008-09-03 17:22 <DIR> d-------- C:\Program Files\Muff 2008-08-30 13:04 . 2008-08-30 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-27 14:24 --------- d-----w C:\Documents and Settings\Janki\Application Data\uTorrent 2008-09-27 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-27 10:17 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-09-27 10:16 --------- d-----w C:\Program Files\TQ Defiler 2008-09-27 10:11 --------- d-----w C:\Documents and Settings\Janki\Application Data\My Games 2008-09-27 02:01 --------- d-----w C:\Documents and Settings\Janki\Application Data\Orbit 2008-09-26 19:49 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-09-25 17:27 --------- d-----w C:\Program Files\ICQ6 2008-09-23 11:02 --------- d-----w C:\Documents and Settings\Janki\Application Data\OpenOffice.org2 2008-09-19 15:00 --------- d-----w C:\Program Files\SpeedFan 2008-09-08 14:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-09-08 14:36 --------- d-----w C:\Program Files\Common Files\Logitech 2008-09-08 13:57 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-30 11:02 --------- d-----w C:\Program Files\ATI Technologies 2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\skypePM 2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\Skype 2008-08-24 18:33 --------- d-----w C:\Documents and Settings\Janki\Application Data\MyPhoneExplorer 2008-08-23 13:56 --------- d-----w C:\Program Files\Lavalys 2008-08-19 22:09 --------- d-----w C:\Documents and Settings\Janki\Application Data\Winamp 2008-08-13 17:50 --------- d-----w C:\Program Files\Western Digital 2008-08-08 04:23 --------- d-----w C:\Program Files\Recuva 2008-08-03 02:24 --------- d-----w C:\Program Files\Skype 2008-08-03 02:24 --------- d-----w C:\Program Files\Common Files\Skype 2008-08-03 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-08-02 14:52 --------- d-----w C:\Program Files\Opera 2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-07-14 07:07 714 ----a-w C:\ma477.bin 2008-07-09 21:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-07-09 21:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-06-30 18:08 692,058 ----a-w C:\WINDOWS\system32\unins000.exe 2008-03-09 05:25 236 ----a-w C:\Program Files\Common Files\dx.reg . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Program Files\Muff ---- 2004-09-20 16:29 174498 --a------ C:\Program Files\Muff\SPVInvaders\invaders.CAB 2004-09-10 12:17 160 --a------ C:\Program Files\Muff\SPVInvaders\invaders.ini ------- Sigcheck ------- 2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-04 02:56 57856 5274e48efcd5a464b7d17424debc3d6d C:\WINDOWS\system32\spoolsv.exe 2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\system32\dllcache\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-09-03 267056] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-10 2645528] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 C:\WINDOWS\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -r------- 2007-05-25 06:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall] --a------ 2007-02-22 19:53 2209224 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2008-07-16 16:57 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "D:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696] R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2006-04-13 8192] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-10 1386008] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 3712] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 GPU-Z;GPU-Z;C:\DOCUME~1\Janki\LOCALS~1\Temp\GPU-Z.sys [ ] S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-08 354560] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5ecb81-5739-11dd-b5bc-00055dd3fac7}] \Shell\AutoRun\command - I:\Programs\totalcmd\TCPowerPack.exe . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-a-squared - C:\Program Files\a-squared Anti-Malware\a2guard.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-27 16:29:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . Completion time: 2008-09-27 16:29:58 ComboFix-quarantined-files.txt 2008-09-27 14:29:54 ComboFix2.txt 2008-09-26 18:39:39 Pre-Run: 19,501,412,352 bytes free Post-Run: 19,490,086,912 bytes free 212

Profil

Janki90 Poslao: 27 Sep 2008 18:53 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pa i meni je sumnjiv taj fajl... procitaj pravila za ovaj deo foruma http://www.mycity.rs/Ambulanta/Pravila-ovog-dela-foruma.html

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojanci :S

Ko je trenutno na forumu

Ukupno su 752 korisnika na forumu :: 7 registrovanih, 1 sakriven i 744 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Dogma21, milenko crazy north, opt1, pacika, RED4G-304, Rogan33, tubular

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by