MyCity » Ambulanta -> Arhiva Ambulante » Worm/ Autoit.MCJ

Worm/ Autoit.MCJ

Napisano na dan: 15.1.2009

Strana:
1
2
3

Worm/ Autoit.MCJ

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Zokaa Poslao: 15 Jan 2009 11:50 Idi na vrh
offline Zokaa Građanin Pridružio: 15 Jan 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:14, on 15.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EXPERTool\TBPanel.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\Documents and Settings\Zorica\Desktop\pomoc\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7899 bytes AVG mi je pronasao worm kada sam ubacila usb Worm/Autorun u fajlu na usb-u Autorun.inf i u isto vreme mi je prijavio i Worm/ Autoit.MCJ u C:/WINDOWS/szstem32/csrcs.exe (ne znam da li su ova dva fajla povezana, ali sam ipak napisala. AVG ih je obrisao i nakon sledeceg paljenja kompa mi se pojavio error da windows ne moze da nade csrcs.exe Molim vas za pomoc.

Profil

helen1 Poslao: 15 Jan 2009 13:44 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, molim te sledeci put ne upadaj u tudje teme. Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Priloži dobijeni izveštaj uz poruku korišćenjem opcije Prikači fajl.

Profil

Zokaa Poslao: 15 Jan 2009 17:38 Idi na vrh
offline Zokaa Građanin Pridružio: 15 Jan 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo i tebi i izvini sto sam se ubacila u tudu temu. Zurila sam pa nisam procitala pravila. Uradila sam sto si mi napisao, ali kad pokrenem program da skenira blokira mi se ceo komp. Probala sam 3 puta i uvek isto. Sta da radim? Hvala sto si mi brzo odgovorio.

Profil

helen1 Poslao: 15 Jan 2009 17:53 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ----------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Zokaa Poslao: 15 Jan 2009 18:33 Idi na vrh
offline Zokaa Građanin Pridružio: 15 Jan 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trazio je da instaliram Windows recovery console - uradila i evo ga log: ComboFix 09-01-13.04 - Zorica 2009-01-15 18:15:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1054 [GMT 1:00] Running from: d:\programi\Combofix\ComboFix.exe AV: AVG Internet Security On-access scanning disabled (Updated) FW: AVG Firewall enabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ogacheckcontrol.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVG ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-15 10:52 . 2009-01-15 10:52 <DIR> d-------- c:\documents and settings\Zorica\Application Data\Uniblue 2009-01-15 10:21 . 2009-01-15 10:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-01-15 06:05 . 2009-01-15 06:05 <DIR> d-------- c:\program files\Real 2009-01-15 06:05 . 2009-01-15 06:05 <DIR> d-------- c:\program files\Common Files\xing shared 2009-01-15 06:05 . 2009-01-15 06:05 <DIR> d-------- c:\program files\Common Files\Real 2009-01-15 05:34 . 2009-01-15 05:50 <DIR> d-------- c:\program files\The KMPlayer 2009-01-14 23:42 . 2009-01-14 23:43 <DIR> d-------- c:\program files\Nero 9 2009-01-10 21:01 . 2009-01-15 03:13 <DIR> d-------- c:\program files\Picasa2 2009-01-10 18:23 . 2009-01-10 18:23 0 -rahs---- C:\khs 2009-01-10 18:14 . 2009-01-14 23:02 <DIR> d-------- c:\program files\Ahead 2009-01-10 17:50 . 2009-01-10 17:50 <DIR> d-------- c:\windows\Performance 2009-01-10 17:50 . 2009-01-10 17:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation 2009-01-06 23:16 . 2009-01-06 23:16 <DIR> d-------- c:\program files\Yahoo! 2008-12-23 18:06 . 2008-12-23 18:06 <DIR> d-------- c:\windows\system32\AGEIA 2008-12-23 18:06 . 2008-12-23 18:06 <DIR> d-------- c:\program files\AGEIA Technologies 2008-12-23 18:03 . 2009-01-15 18:17 200,819 --a------ c:\windows\system32\nvapps.xml 2008-12-23 18:02 . 2008-12-23 18:02 <DIR> d-------- c:\windows\nview 2008-12-23 18:02 . 2008-10-21 11:14 453,152 --a------ c:\windows\system32\nvudisp.exe 2008-12-23 18:02 . 2008-10-21 11:14 18,477 --a------ c:\windows\system32\nvdisp.nvu 2008-12-23 18:01 . 2008-12-23 18:01 <DIR> d-------- c:\program files\EXPERTool 2008-12-23 18:01 . 2007-03-16 10:11 12,256 --a------ c:\windows\system32\drivers\TBPanel.sys 2008-12-21 14:48 . 2008-12-21 14:50 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-12-21 14:48 . 2008-12-21 14:48 <DIR> d-------- c:\documents and settings\Zorica\Application Data\SystemRequirementsLab 2008-12-20 01:52 . 2008-12-20 01:52 <DIR> d-------- c:\program files\NOS 2008-12-20 01:52 . 2008-12-20 01:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-12-19 00:15 . 2008-12-19 00:15 <DIR> d-------- c:\program files\TimeAdjuster 2008-12-17 23:11 . 2008-12-17 23:27 <DIR> d-------- c:\program files\GameFace Messenger 2008-12-17 23:11 . 2008-12-17 23:11 737,280 --a------ c:\windows\iun6002.exe 2008-12-17 22:52 . 2008-12-17 22:52 <DIR> d-------- C:\ATI 2008-12-17 04:02 . 2009-01-10 18:06 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-12-17 04:02 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll 2008-12-15 23:10 . 2004-09-20 16:00 802,816 --a------ c:\windows\FeedingFrenzy.scr 2008-12-15 23:10 . 2005-01-07 11:39 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr 2008-12-15 00:44 . 2008-12-15 00:44 <DIR> d-------- c:\documents and settings\Zorica\Application Data\URSoft 2008-12-15 00:44 . 2008-12-15 00:45 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 16:03 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-15 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-14 22:43 --------- d-----w c:\program files\Common Files\Nero 2009-01-14 22:43 --------- d-----w c:\documents and settings\Zorica\Application Data\Nero 2009-01-10 17:15 --------- d-----w c:\documents and settings\Zorica\Application Data\Ahead 2009-01-10 17:06 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-01-10 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-01-08 00:33 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-01-08 00:33 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-12-23 17:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-23 16:55 --------- d-----w c:\documents and settings\Zorica\Application Data\ATI 2008-12-20 17:55 --------- d-----w c:\documents and settings\Zorica\Application Data\Wildfire 2008-12-18 01:49 --------- d-----w c:\program files\ASUS 2008-12-17 22:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-14 19:08 --------- d-----w c:\program files\Realtek 2008-12-14 18:35 --------- d-----w c:\program files\Driver-Soft 2008-12-12 00:43 --------- d-----w c:\documents and settings\Zorica\Application Data\Darwin 2008-12-12 00:40 --------- d-----w c:\documents and settings\Zorica\Application Data\Thinstall 2008-12-11 22:40 --------- d-----w c:\documents and settings\Zorica\Application Data\AdobeUM 2008-12-11 22:30 --------- d-----w c:\program files\Common Files\Adobe 2008-12-11 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Phenomedia 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 02:29 --------- d-----w c:\documents and settings\Zorica\Application Data\AVGTOOLBAR 2008-12-11 00:15 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys 2008-12-11 00:06 --------- d-----w c:\program files\Canon 2008-12-10 04:40 --------- d-----w c:\program files\MSXML 4.0 2008-12-09 23:45 --------- d-----w c:\program files\AVG 2008-12-09 23:42 --------- d-----w c:\program files\ESET 2008-12-09 20:51 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-09 01:56 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth 2008-12-09 01:50 --------- d-----w c:\program files\IVT Corporation 2008-12-08 23:56 --------- d-----w c:\program files\Java 2008-12-08 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-08 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8(2) 2008-12-08 02:51 --------- d-----w c:\documents and settings\Zorica\Application Data\aAvgApi 2008-12-08 02:08 241,664 ----a-w c:\windows\system32\config\systemprofile\NTUSER(2).DAT 2008-12-07 21:18 --------- d-----w c:\program files\Rockstar Games 2008-12-07 21:18 --------- d-----w c:\documents and settings\Zorica\Application Data\InstallShield Installation Information 2008-12-05 15:48 --------- d-----w c:\documents and settings\Zorica\Application Data\XnView 2008-12-04 22:44 --------- d-----w c:\program files\Microsoft 2008-12-02 09:55 --------- d-----w c:\documents and settings\Zorica\Application Data\Canon 2008-11-26 23:41 --------- d-----w c:\documents and settings\Zorica\Application Data\Media Player Classic 2008-11-25 15:37 4,952,576 ----a-w c:\windows\system32\drivers\RtkHDAud.sys 2008-11-24 02:14 --------- d-----w c:\program files\Winamp 2008-11-24 02:14 --------- d-----w c:\documents and settings\Zorica\Application Data\Winamp 2008-11-24 01:43 --------- d-----w c:\program files\K-Lite Codec Pack 2008-11-24 00:31 --------- d-----w c:\documents and settings\Zorica\Application Data\CyberLink 2008-11-24 00:31 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2008-11-24 00:27 --------- d-----w c:\program files\CyberLink 2008-11-23 22:18 --------- d-----w c:\program files\Microsoft ActiveSync 2008-11-23 22:14 --------- d-----w c:\program files\Microsoft.NET 2008-11-23 22:09 --------- d-----w c:\documents and settings\Zorica\Application Data\TuneUp Software 2008-11-23 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-11-23 22:04 --------- d-----w c:\program files\Webteh 2008-11-23 21:49 --------- d-----w c:\program files\My Company Name 2008-11-23 21:44 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-23 21:29 --------- d-----w c:\program files\microsoft frontpage 2008-11-17 15:08 17,676,288 ----a-w c:\windows\RTHDCPL.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-10-21 2177576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-21 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-21 86016] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-02-05 135168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185872] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 c:\windows\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2008-10-21 c:\windows\system32\nwiz.exe] c:\documents and settings\Zorica\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-12-09 1183744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-08 01:34 10520 c:\windows\system32\avgrsstx.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\CTFMON.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"=c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-10 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-10 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-10 107272] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-11-23 2831232] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-10 29208] R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-08 903960] R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264] R4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-10 29208] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-20 33752] S3 zlportio;zlportio;\??\c:\program files\UltraStar Deluxe\zlportio.sys --> c:\program files\UltraStar Deluxe\zlportio.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d9199-ca2d-11dd-92b9-001617b18f2c}] \Shell\AutoRun\command - F:\jkcthn.exe \Shell\explore\Command - F:\jkcthn.exe \Shell\open\Command - F:\jkcthn.exe . Contents of the 'Scheduled Tasks' folder 2009-01-02 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09] . - - - - ORPHANS REMOVED - - - - HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe Notify-AtiExtEvent - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Zorica\Application Data\Mozilla\Firefox\Profiles\u2mmkfgc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-15 18:18:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** "ImagePath"="\"c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\000c\|\023\00\00\00\00\00E\02\18î\|\00\00\00\00~\00\00\00?Öë\02’“€\|~\00\00\00x\01\15\00 O [\00E\1d€\|ö\1b€\|\00\00Ýs1?f\|" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\windows\ATKKBService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\progra~1\AVG\AVG8\avgam.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe . ************************************************************************ . Completion time: 2009-01-15 18:19:19 - machine was rebooted [Zorica] ComboFix-quarantined-files.txt 2009-01-15 17:19:17 Pre-Run: 10.348.195.840 bytes free Post-Run: 13,409,542,144 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 237 --- E O F --- 2009-01-13 22:29:49

Profil

helen1 Poslao: 15 Jan 2009 20:43 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo iskljuci Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d9199-ca2d-11dd-92b9-001617b18f2c}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Zokaa Poslao: 15 Jan 2009 21:18 Idi na vrh
offline Zokaa Građanin Pridružio: 15 Jan 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-13.04 - Zorica 2009-01-15 20:52:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1018 [GMT 1:00] Running from: d:\programi\Combofix\ComboFix.exe Command switches used :: c:\documents and settings\Zorica\Desktop\CFScript.txt AV: AVG Internet Security On-access scanning disabled (Updated) FW: AVG Firewall enabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVG ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-15 10:52 . 2009-01-15 10:52 <DIR> d-------- c:\documents and settings\Zorica\Application Data\Uniblue 2009-01-15 10:21 . 2009-01-15 10:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-01-15 06:05 . 2009-01-15 06:05 <DIR> d-------- c:\program files\Real 2009-01-15 06:05 . 2009-01-15 06:05 <DIR> d-------- c:\program files\Common Files\xing shared 2009-01-15 06:05 . 2009-01-15 06:05 <DIR> d-------- c:\program files\Common Files\Real 2009-01-14 23:42 . 2009-01-14 23:43 <DIR> d-------- c:\program files\Nero 9 2009-01-10 21:01 . 2009-01-15 03:13 <DIR> d-------- c:\program files\Picasa2 2009-01-10 18:23 . 2009-01-10 18:23 0 -rahs---- C:\khs 2009-01-10 18:14 . 2009-01-14 23:02 <DIR> d-------- c:\program files\Ahead 2009-01-10 17:50 . 2009-01-10 17:50 <DIR> d-------- c:\windows\Performance 2009-01-10 17:50 . 2009-01-10 17:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation 2009-01-06 23:16 . 2009-01-06 23:16 <DIR> d-------- c:\program files\Yahoo! 2008-12-23 18:06 . 2008-12-23 18:06 <DIR> d-------- c:\windows\system32\AGEIA 2008-12-23 18:06 . 2008-12-23 18:06 <DIR> d-------- c:\program files\AGEIA Technologies 2008-12-23 18:03 . 2009-01-15 20:54 200,819 --a------ c:\windows\system32\nvapps.xml 2008-12-23 18:02 . 2008-12-23 18:02 <DIR> d-------- c:\windows\nview 2008-12-23 18:02 . 2008-10-21 11:14 453,152 --a------ c:\windows\system32\nvudisp.exe 2008-12-23 18:02 . 2008-10-21 11:14 18,477 --a------ c:\windows\system32\nvdisp.nvu 2008-12-23 18:01 . 2008-12-23 18:01 <DIR> d-------- c:\program files\EXPERTool 2008-12-23 18:01 . 2007-03-16 10:11 12,256 --a------ c:\windows\system32\drivers\TBPanel.sys 2008-12-21 14:48 . 2008-12-21 14:50 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-12-21 14:48 . 2008-12-21 14:48 <DIR> d-------- c:\documents and settings\Zorica\Application Data\SystemRequirementsLab 2008-12-20 01:52 . 2008-12-20 01:52 <DIR> d-------- c:\program files\NOS 2008-12-20 01:52 . 2008-12-20 01:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-12-19 00:15 . 2008-12-19 00:15 <DIR> d-------- c:\program files\TimeAdjuster 2008-12-17 23:11 . 2008-12-17 23:27 <DIR> d-------- c:\program files\GameFace Messenger 2008-12-17 23:11 . 2008-12-17 23:11 737,280 --a------ c:\windows\iun6002.exe 2008-12-17 22:52 . 2008-12-17 22:52 <DIR> d-------- C:\ATI 2008-12-17 04:02 . 2009-01-10 18:06 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-12-17 04:02 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll 2008-12-15 23:10 . 2004-09-20 16:00 802,816 --a------ c:\windows\FeedingFrenzy.scr 2008-12-15 23:10 . 2005-01-07 11:39 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr 2008-12-15 00:44 . 2008-12-15 00:44 <DIR> d-------- c:\documents and settings\Zorica\Application Data\URSoft 2008-12-15 00:44 . 2008-12-15 00:45 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 16:03 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-15 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-15 05:05 499,712 ----a-w c:\windows\system32\msvcp71.dll 2009-01-15 05:05 348,160 ----a-w c:\windows\system32\msvcr71.dll 2009-01-14 22:43 --------- d-----w c:\program files\Common Files\Nero 2009-01-14 22:43 --------- d-----w c:\documents and settings\Zorica\Application Data\Nero 2009-01-10 17:15 --------- d-----w c:\documents and settings\Zorica\Application Data\Ahead 2009-01-10 17:06 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-01-10 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-01-08 00:34 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-08 00:33 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-01-08 00:33 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-12-23 17:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-23 16:55 --------- d-----w c:\documents and settings\Zorica\Application Data\ATI 2008-12-20 17:55 --------- d-----w c:\documents and settings\Zorica\Application Data\Wildfire 2008-12-18 01:49 --------- d-----w c:\program files\ASUS 2008-12-17 22:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-14 19:08 --------- d-----w c:\program files\Realtek 2008-12-14 18:35 --------- d-----w c:\program files\Driver-Soft 2008-12-12 00:43 --------- d-----w c:\documents and settings\Zorica\Application Data\Darwin 2008-12-12 00:40 --------- d-----w c:\documents and settings\Zorica\Application Data\Thinstall 2008-12-11 22:40 --------- d-----w c:\documents and settings\Zorica\Application Data\AdobeUM 2008-12-11 22:30 --------- d-----w c:\program files\Common Files\Adobe 2008-12-11 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Phenomedia 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 02:29 --------- d-----w c:\documents and settings\Zorica\Application Data\AVGTOOLBAR 2008-12-11 00:15 50,968 ----a-w c:\windows\system32\avgfwdx.dll 2008-12-11 00:15 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys 2008-12-11 00:06 --------- d-----w c:\program files\Canon 2008-12-10 04:40 --------- d-----w c:\program files\MSXML 4.0 2008-12-10 03:32 218,624 ----a-w c:\windows\system32\uxtheme.dll 2008-12-09 23:45 --------- d-----w c:\program files\AVG 2008-12-09 23:42 --------- d-----w c:\program files\ESET 2008-12-09 20:51 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-09 01:56 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth 2008-12-09 01:50 --------- d-----w c:\program files\IVT Corporation 2008-12-08 23:57 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-08 23:56 --------- d-----w c:\program files\Java 2008-12-08 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-08 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8(2) 2008-12-08 02:51 --------- d-----w c:\documents and settings\Zorica\Application Data\aAvgApi 2008-12-08 02:08 241,664 ----a-w c:\windows\system32\config\systemprofile\NTUSER(2).DAT 2008-12-07 21:18 --------- d-----w c:\program files\Rockstar Games 2008-12-07 21:18 --------- d-----w c:\documents and settings\Zorica\Application Data\InstallShield Installation Information 2008-12-05 15:48 --------- d-----w c:\documents and settings\Zorica\Application Data\XnView 2008-12-04 22:44 --------- d-----w c:\program files\Microsoft 2008-12-02 09:55 --------- d-----w c:\documents and settings\Zorica\Application Data\Canon 2008-11-26 23:41 --------- d-----w c:\documents and settings\Zorica\Application Data\Media Player Classic 2008-11-25 15:37 4,952,576 ----a-w c:\windows\system32\drivers\RtkHDAud.sys 2008-11-24 02:14 --------- d-----w c:\program files\Winamp 2008-11-24 02:14 --------- d-----w c:\documents and settings\Zorica\Application Data\Winamp 2008-11-24 01:43 --------- d-----w c:\program files\K-Lite Codec Pack 2008-11-24 00:31 --------- d-----w c:\documents and settings\Zorica\Application Data\CyberLink 2008-11-24 00:31 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2008-11-24 00:27 --------- d-----w c:\program files\CyberLink 2008-11-23 22:18 --------- d-----w c:\program files\Microsoft ActiveSync 2008-11-23 22:14 --------- d-----w c:\program files\Microsoft.NET 2008-11-23 22:09 --------- d-----w c:\documents and settings\Zorica\Application Data\TuneUp Software 2008-11-23 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-11-23 22:04 --------- d-----w c:\program files\Webteh 2008-11-23 21:49 --------- d-----w c:\program files\My Company Name 2008-11-23 21:44 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-23 21:29 --------- d-----w c:\program files\microsoft frontpage 2008-11-20 15:51 34,816 ----a-w c:\windows\system32\RtkCoInstXP.dll 2008-11-17 15:08 17,676,288 ----a-w c:\windows\RTHDCPL.EXE 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-15_18.18.46.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-15 19:54:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_23c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-10-21 2177576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-21 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-21 86016] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-02-05 135168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185872] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 c:\windows\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2008-10-21 c:\windows\system32\nwiz.exe] c:\documents and settings\Zorica\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-12-09 1183744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-08 01:34 10520 c:\windows\system32\avgrsstx.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\CTFMON.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"=c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-10 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-10 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-10 107272] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-11-23 2831232] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-10 29208] R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-08 903960] R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264] R4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-10 29208] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-20 33752] S3 zlportio;zlportio;\??\c:\program files\UltraStar Deluxe\zlportio.sys --> c:\program files\UltraStar Deluxe\zlportio.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-01-02 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Zorica\Application Data\Mozilla\Firefox\Profiles\u2mmkfgc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-15 20:54:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** "ImagePath"="\"c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\000c\|\023\00\00\00\00\00E\02\18î\|\00\00\00\00~\00\00\00?Öë\02’“€\|~\00\00\00x\01\15\00 O [\00E\1d€\|ö\1b€\|\00\00Ýs1?f\|" . ------------------------ Other Running Processes ------------------------ . c:\windows\ATKKBService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wdfmgr.exe c:\progra~1\AVG\AVG8\avgam.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\windows\system32\rundll32.exe . ************************************************************************ . Completion time: 2009-01-15 20:55:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-15 19:55:50 ComboFix2.txt 2009-01-15 17:19:20 Pre-Run: 13.351.673.856 bytes free Post-Run: 13,334,585,344 bytes free 243 --- E O F --- 2009-01-13 22:29:49

Profil

helen1 Poslao: 15 Jan 2009 21:44 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje? Trebalo bi da je bolje. Uradicemo jos nesto: Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

Zokaa Poslao: 15 Jan 2009 22:25 Idi na vrh
offline Zokaa Građanin Pridružio: 15 Jan 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png mycity.rs/must-login.png Evo sve sam uradila. Mozes samo jos da mi kazes jel nasao neku zarazu posto ja prvi put koristim ove programe i jel sad sve ok? Posle restarta mi se nije pojavio onaj error i ja mislim da vise nema problema. Puno, puno, puno, punooooo ti hvalaaa na ovolikom trudu i strpljenju. Stvarno sam impresionirana. I hvala opet.

Profil

helen1 Poslao: 15 Jan 2009 22:41 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bilo je zaraze, a sad cemo da utvrdimo da li je jos tu. Restartuj kompjuter i postavi mi novi HiJack This log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Worm/ Autoit.MCJ

Ko je trenutno na forumu

Ukupno su 1186 korisnika na forumu :: 33 registrovanih, 11 sakrivenih i 1142 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, ArchaBasha, darkangel, darkojbn, Dežurni pod palubom, Dimitrije Paunovic, DPera, dushan, FOX, Griffon vulture, ivan1973, karevski, kikisp, kybonacci, LUDI, Metanoja, mikrimaus, Millennium, milutin134, naki011, novator, Parker, pein, Rogan33, Singidunumac, Sirius, Trpe Grozni, vargas, vathra, VJ, zdrebac, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by