MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Spyware infection

[bobby] Spyware infection

Napisano na dan: 20.10.2008

[bobby] Spyware infection

Sledeća strana

Pagination

Odgovori

boksi Poslao: 20 Okt 2008 22:20 Idi na vrh
offline boksi Ugledni građanin Pridružio: 11 Jun 2008 Poruke: 474	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:13:58 PM, on 10/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\shell.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Boris\Desktop\New Folder\TR3.exe..exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - Startup: findfast.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6720 bytes Dopuna: 20 Okt 2008 22:20

Profil

bobby Poslao: 20 Okt 2008 22:31 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

boksi Poslao: 20 Okt 2008 22:54 Idi na vrh
offline boksi Ugledni građanin Pridružio: 11 Jun 2008 Poruke: 474	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-19.04 - Boris 2008-10-20 22:36:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.41 [GMT 2:00] Running from: C:\Documents and Settings\Boris\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe C:\Documents and Settings\Boris\Application Data\printer.exe C:\Documents and Settings\Boris\Start Menu\Programs\Startup\findfast.exe C:\Program Files\altcmd C:\Program Files\altcmd\altcmd.inf C:\Program Files\altcmd\uninstall.bat C:\WINDOWS\shell.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msssc.dll C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolvs.exe . ((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 ))))))))))))))))))))))))))))))) . 2008-10-20 21:28 . 2008-10-20 21:28 <DIR> d-------- C:\WINDOWS\system32\xlib254.dll 2008-10-20 21:28 . 2008-10-20 21:28 <DIR> d-------- C:\WINDOWS\system32\append.dll 2008-10-20 21:23 . 2008-10-20 21:23 364,544 --a------ C:\WINDOWS\system32\(zabranjeno)_IL-2_Sturmovik.exe 2008-10-20 21:04 . 2008-10-20 22:27 <DIR> d-------- C:\Program Files\Ubi Soft Games 2008-10-20 19:38 . 2008-10-20 19:38 <DIR> d-------- C:\Documents and Settings\Boris\Temp 2008-10-18 14:33 . 2003-09-15 11:54 155,648 --a------ C:\WINDOWS\system32\setuplib.dll 2008-10-18 14:33 . 2002-08-28 15:35 73,728 --a------ C:\WINDOWS\system32\waitwnd.exe 2008-10-17 19:36 . 2008-10-17 19:36 87 --a------ C:\WINDOWS\cdplayer.ini 2008-10-16 20:17 . 2008-04-09 10:37 93,268 --a------ C:\WINDOWS\VGAsetup.ini 2008-10-16 20:16 . 2008-10-16 20:16 <DIR> d-------- C:\Program Files\sisagp 2008-10-16 20:16 . 2008-10-16 20:17 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.84 2008-10-16 20:16 . 2006-03-22 21:53 337,320 --a------ C:\WINDOWS\difxapi.dll 2008-10-16 20:16 . 2006-04-12 19:35 208,896 --a------ C:\WINDOWS\Progress.exe 2008-10-16 20:16 . 2008-03-20 18:58 65,536 --------- C:\WINDOWS\system32\SiSHook.dll 2008-10-16 20:16 . 2006-04-28 09:56 49,152 --a------ C:\WINDOWS\InstFunc.exe 2008-10-16 20:16 . 2008-03-20 18:56 12,288 --a------ C:\WINDOWS\InstFunc.dll 2008-10-16 19:47 . 2008-03-20 18:57 262,144 --a------ C:\WINDOWS\system32\sistray.exe 2008-10-16 19:47 . 2004-09-03 15:35 184,320 --------- C:\WINDOWS\system32\SiSApCom.dll 2008-10-16 19:47 . 2008-03-20 18:57 110,592 --------- C:\WINDOWS\system32\TVMode.dll 2008-10-16 19:30 . 2008-10-16 19:30 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\FarStone 2008-10-16 19:28 . 2008-10-16 19:28 <DIR> d-------- C:\Program Files\FarStone 2008-10-16 19:28 . 2008-10-16 19:28 5,501 --a------ C:\WINDOWS\system32\rtclcmg32.dll 2008-10-16 19:10 . 2008-10-18 15:56 <DIR> d-------- C:\Program Files\Call of Duty 2008-10-14 16:30 . 2008-10-16 19:15 745 --a------ C:\WINDOWS\CoD.INI 2008-10-14 16:15 . 2008-10-14 16:15 <DIR> d-------- C:\Program Files\WinISO 2008-10-13 22:48 . 2008-10-13 22:48 623 --a------ C:\WINDOWS\eReg.dat 2008-10-13 21:58 . 2008-10-13 21:58 <DIR> d-------- C:\Program Files\PowerISO 2008-10-11 20:21 . 2008-10-11 20:23 <DIR> d-------- C:\Program Files\Alien vs Predator 2008-10-10 12:33 . 2008-10-13 22:44 <DIR> d-------- C:\Program Files\EA GAMES 2008-10-09 12:22 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-10-09 12:22 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-10-09 12:22 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-10-08 15:37 . 2008-10-08 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-10-03 15:16 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-10-03 14:57 . 2008-10-18 12:18 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\Gearbox Software 2008-10-03 14:38 . 2005-04-11 14:07 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-10-03 14:37 . 2005-04-11 14:07 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-10-03 14:37 . 2005-04-11 14:07 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-10-03 14:37 . 2005-04-11 14:07 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-10-03 14:37 . 2005-04-11 14:07 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-10-03 14:37 . 2005-04-11 14:07 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-10-03 14:37 . 2005-04-11 14:07 26,064 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-10-03 14:37 . 2005-04-11 14:07 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-10-03 14:33 . 2008-10-03 14:37 <DIR> d-------- C:\Program Files\Ubisoft 2008-10-02 11:32 . 2008-10-02 11:32 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\Smith Micro 2008-10-01 18:26 . 2008-10-01 18:26 <DIR> d-------- C:\Program Files\Nival Interactive 2008-10-01 17:29 . 2001-08-17 14:02 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys 2008-10-01 17:29 . 2001-08-17 14:02 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys 2008-10-01 17:17 . 2008-10-01 17:55 <DIR> d-------- C:\Program Files\Combat Flight Simulator 2008-09-30 19:52 . 2008-09-30 19:54 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-09-30 15:05 . 2008-10-14 15:56 <DIR> d-------- C:\Program Files\mIRC 2008-09-29 12:56 . 1999-06-18 22:49 165,888 --a------ C:\WINDOWS\Ckconfig.exe 2008-09-29 12:56 . 2000-06-29 10:45 52,224 --a------ C:\WINDOWS\system32\Crypserv.exe 2008-09-29 12:56 . 1996-05-03 18:21 27,648 -ra------ C:\WINDOWS\Setup_ck.exe 2008-09-29 12:56 . 2000-02-03 21:53 24,608 --a------ C:\WINDOWS\system32\Ckldrv.sys 2008-09-29 12:56 . 1996-05-03 16:36 18,432 --a------ C:\WINDOWS\Setup_ck.dll 2008-09-29 12:56 . 1995-07-04 19:33 11,776 --a------ C:\WINDOWS\Ckrfresh.exe 2008-09-29 12:56 . 2008-09-29 12:59 1,680 --a------ C:\WINDOWS\system32\esnecil.nlp 2008-09-29 12:56 . 2008-10-03 15:20 1,680 --a------ C:\WINDOWS\system32\esnecil.ind 2008-09-29 12:56 . 2008-09-29 12:56 56 --a------ C:\WINDOWS\Crypkey.ini 2008-09-29 12:21 . 2008-09-29 12:21 <DIR> d--h----- C:\WINDOWS\PIF 2008-09-26 20:41 . 2008-09-26 20:41 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\Media Player Classic 2008-09-24 13:13 . 2008-09-24 13:13 <DIR> d-------- C:\Program Files\Nero 2008-09-24 13:13 . 2008-09-24 13:15 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-09-24 13:13 . 2008-09-24 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-20 20:28 --------- d-----w C:\Documents and Settings\Boris\Application Data\Skype 2008-10-20 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-16 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 08:28 --------- d-----w C:\Program Files\Opera 2008-10-14 14:44 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-10-02 09:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-24 11:03 --------- d-----w C:\Program Files\Common Files\Ahead 2008-09-24 11:03 --------- d-----w C:\Program Files\Ahead 2008-09-13 13:56 --------- d-----w C:\Program Files\Google Video 2008-09-08 10:28 --------- d-----w C:\Program Files\Ares 2008-09-07 13:47 --------- d-----w C:\Documents and Settings\Boris\Application Data\AdobeUM 2008-09-07 13:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-05 12:33 --------- d-----w C:\Program Files\Total Video Converter 2008-09-05 11:38 --------- d-----w C:\Program Files\YouTube Downloader 2008-09-05 08:22 158,456 ------w C:\WINDOWS\system32\pxwma.dll 2008-09-05 08:10 --------- d-----w C:\Program Files\Common Files\xing shared 2008-09-05 08:10 --------- d-----w C:\Program Files\Common Files\Real 2008-09-03 14:13 --------- d-----w C:\Documents and Settings\Boris\Application Data\Ahead 2008-09-03 13:14 --------- d-----w C:\Program Files\ffdshow 2008-09-03 13:14 --------- d-----w C:\Program Files\DivXCodec 2008-09-03 13:13 --------- d-----w C:\Program Files\DivX 2008-09-03 13:12 --------- d-----w C:\Program Files\XviD 2008-09-03 12:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-03 12:09 --------- d-----w C:\Program Files\SmartPCTools 2008-09-03 12:04 --------- d-----w C:\Program Files\DVD Shrink 2008-09-03 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-09-03 12:00 --------- d-----w C:\Program Files\ImTOO 2008-09-02 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-09-02 20:32 --------- d-----w C:\Program Files\IVT Corporation 2008-09-02 20:06 --------- d-----w C:\Program Files\Sun 2008-09-02 20:05 --------- d-----w C:\Program Files\Java 2008-09-02 19:49 --------- d-----w C:\Program Files\Common Files\Java 2008-09-02 19:17 --------- d-----w C:\Program Files\Google 2008-09-02 19:02 --------- d-----w C:\Program Files\Real 2008-09-02 18:50 --------- d-----w C:\Program Files\Skype 2008-09-02 18:50 --------- d-----w C:\Program Files\Common Files\Skype 2008-09-02 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-09-02 18:45 --------- d-----w C:\Program Files\MSN Messenger 2008-09-02 18:41 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-09-02 17:02 --------- d-----w C:\Program Files\Mv2Player 2008-09-02 16:48 --------- d-----w C:\Program Files\Winamp 2008-09-02 16:40 --------- d-----w C:\Documents and Settings\Boris\Application Data\ACD Systems 2008-09-02 16:35 --------- d-----w C:\Documents and Settings\Boris\Application Data\Nero 2008-09-02 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-02 16:09 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-09-02 16:09 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-09-02 16:09 --------- d-----w C:\Program Files\ArcSoft 2008-09-02 15:54 --------- d-----w C:\Documents and Settings\Boris\Application Data\InterVideo 2008-09-02 15:50 --------- d-----w C:\Program Files\InterVideo 2008-09-02 15:47 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-02 15:31 --------- d-----w C:\Program Files\Alwil Software 2008-09-02 15:29 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2008-09-02 15:29 --------- d-----w C:\Program Files\Yahoo! 2008-09-02 15:29 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-09-02 15:29 --------- d-----w C:\Program Files\ACD Systems 2008-09-02 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-09-02 15:19 --------- d-----w C:\Program Files\Microsoft.NET 2008-09-02 15:19 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-09-02 15:03 --------- d-----w C:\Program Files\Analog Devices 2008-09-02 14:43 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-10-18 21147944] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584] "Google Update"="C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-05 185896] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "SiSPower"="SiSPower.dll" [2008-03-20 C:\WINDOWS\system32\SiSPower.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.XVID"= xvid.dll "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-23 14:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-05 18:51 133104 C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] --a------ 2008-09-02 20:41 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 08:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] --a------ 2007-05-21 06:04 393728 C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-06-30 32768] S4 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [ ] . Contents of the 'Scheduled Tasks' folder 2008-10-20 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 18:51] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-BearShare - C:\Program Files\BearSharePro\BearSharePro.exe MSConfigStartUp-InCD - C:\Program Files\Ahead\InCD\InCD.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = [Link mogu videti samo ulogovani korisnici] O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-10-20 22:41:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\Crypserv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2008-10-20 22:51:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-20 20:51:38 Pre-Run: 6,010,339,328 bytes free Post-Run: 6,987,325,440 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 285

Profil

bobby Poslao: 20 Okt 2008 23:08 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `DirLook:: C:\WINDOWS\system32\xlib254.dll C:\WINDOWS\system32\append.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

boksi Poslao: 20 Okt 2008 23:30 Idi na vrh
offline boksi Ugledni građanin Pridružio: 11 Jun 2008 Poruke: 474	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-19.04 - Boris 2008-10-20 23:13:28.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.59 [GMT 2:00] Running from: C:\Documents and Settings\Boris\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Boris\Desktop\CFScript.txt.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 ))))))))))))))))))))))))))))))) . 2008-10-20 21:28 . 2008-10-20 21:28 <DIR> d-------- C:\WINDOWS\system32\xlib254.dll 2008-10-20 21:28 . 2008-10-20 21:28 <DIR> d-------- C:\WINDOWS\system32\append.dll 2008-10-20 21:23 . 2008-10-20 21:23 364,544 --a------ C:\WINDOWS\system32\(zabranjeno)_IL-2_Sturmovik.exe 2008-10-20 21:04 . 2008-10-20 22:27 <DIR> d-------- C:\Program Files\Ubi Soft Games 2008-10-20 19:38 . 2008-10-20 19:38 <DIR> d-------- C:\Documents and Settings\Boris\Temp 2008-10-18 14:33 . 2003-09-15 11:54 155,648 --a------ C:\WINDOWS\system32\setuplib.dll 2008-10-18 14:33 . 2002-08-28 15:35 73,728 --a------ C:\WINDOWS\system32\waitwnd.exe 2008-10-17 19:36 . 2008-10-17 19:36 87 --a------ C:\WINDOWS\cdplayer.ini 2008-10-16 20:17 . 2008-04-09 10:37 93,268 --a------ C:\WINDOWS\VGAsetup.ini 2008-10-16 20:16 . 2008-10-16 20:16 <DIR> d-------- C:\Program Files\sisagp 2008-10-16 20:16 . 2008-10-16 20:17 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.84 2008-10-16 20:16 . 2006-03-22 21:53 337,320 --a------ C:\WINDOWS\difxapi.dll 2008-10-16 20:16 . 2006-04-12 19:35 208,896 --a------ C:\WINDOWS\Progress.exe 2008-10-16 20:16 . 2008-03-20 18:58 65,536 --------- C:\WINDOWS\system32\SiSHook.dll 2008-10-16 20:16 . 2006-04-28 09:56 49,152 --a------ C:\WINDOWS\InstFunc.exe 2008-10-16 20:16 . 2008-03-20 18:56 12,288 --a------ C:\WINDOWS\InstFunc.dll 2008-10-16 19:47 . 2008-03-20 18:57 262,144 --a------ C:\WINDOWS\system32\sistray.exe 2008-10-16 19:47 . 2004-09-03 15:35 184,320 --------- C:\WINDOWS\system32\SiSApCom.dll 2008-10-16 19:47 . 2008-03-20 18:57 110,592 --------- C:\WINDOWS\system32\TVMode.dll 2008-10-16 19:30 . 2008-10-16 19:30 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\FarStone 2008-10-16 19:28 . 2008-10-16 19:28 <DIR> d-------- C:\Program Files\FarStone 2008-10-16 19:28 . 2008-10-16 19:28 5,501 --a------ C:\WINDOWS\system32\rtclcmg32.dll 2008-10-16 19:10 . 2008-10-18 15:56 <DIR> d-------- C:\Program Files\Call of Duty 2008-10-14 16:30 . 2008-10-16 19:15 745 --a------ C:\WINDOWS\CoD.INI 2008-10-14 16:15 . 2008-10-14 16:15 <DIR> d-------- C:\Program Files\WinISO 2008-10-13 22:48 . 2008-10-13 22:48 623 --a------ C:\WINDOWS\eReg.dat 2008-10-13 21:58 . 2008-10-13 21:58 <DIR> d-------- C:\Program Files\PowerISO 2008-10-11 20:21 . 2008-10-11 20:23 <DIR> d-------- C:\Program Files\Alien vs Predator 2008-10-10 12:33 . 2008-10-13 22:44 <DIR> d-------- C:\Program Files\EA GAMES 2008-10-09 12:22 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-10-09 12:22 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-10-09 12:22 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-10-09 12:22 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-10-08 15:37 . 2008-10-08 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-10-03 15:16 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-10-03 14:57 . 2008-10-18 12:18 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\Gearbox Software 2008-10-03 14:38 . 2005-04-11 14:07 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-10-03 14:37 . 2005-04-11 14:07 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-10-03 14:37 . 2005-04-11 14:07 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-10-03 14:37 . 2005-04-11 14:07 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-10-03 14:37 . 2005-04-11 14:07 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-10-03 14:37 . 2005-04-11 14:07 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-10-03 14:37 . 2005-04-11 14:07 26,064 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-10-03 14:37 . 2005-04-11 14:07 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-10-03 14:33 . 2008-10-03 14:37 <DIR> d-------- C:\Program Files\Ubisoft 2008-10-02 11:32 . 2008-10-02 11:32 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\Smith Micro 2008-10-01 18:26 . 2008-10-01 18:26 <DIR> d-------- C:\Program Files\Nival Interactive 2008-10-01 17:29 . 2001-08-17 14:02 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys 2008-10-01 17:29 . 2001-08-17 14:02 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys 2008-10-01 17:17 . 2008-10-01 17:55 <DIR> d-------- C:\Program Files\Combat Flight Simulator 2008-09-30 19:52 . 2008-09-30 19:54 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-09-30 15:05 . 2008-10-14 15:56 <DIR> d-------- C:\Program Files\mIRC 2008-09-29 12:56 . 1999-06-18 22:49 165,888 --a------ C:\WINDOWS\Ckconfig.exe 2008-09-29 12:56 . 2000-06-29 10:45 52,224 --a------ C:\WINDOWS\system32\Crypserv.exe 2008-09-29 12:56 . 1996-05-03 18:21 27,648 -ra------ C:\WINDOWS\Setup_ck.exe 2008-09-29 12:56 . 2000-02-03 21:53 24,608 --a------ C:\WINDOWS\system32\Ckldrv.sys 2008-09-29 12:56 . 1996-05-03 16:36 18,432 --a------ C:\WINDOWS\Setup_ck.dll 2008-09-29 12:56 . 1995-07-04 19:33 11,776 --a------ C:\WINDOWS\Ckrfresh.exe 2008-09-29 12:56 . 2008-09-29 12:59 1,680 --a------ C:\WINDOWS\system32\esnecil.nlp 2008-09-29 12:56 . 2008-10-03 15:20 1,680 --a------ C:\WINDOWS\system32\esnecil.ind 2008-09-29 12:56 . 2008-09-29 12:56 56 --a------ C:\WINDOWS\Crypkey.ini 2008-09-29 12:21 . 2008-09-29 12:21 <DIR> d--h----- C:\WINDOWS\PIF 2008-09-26 20:41 . 2008-09-26 20:41 <DIR> d-------- C:\Documents and Settings\Boris\Application Data\Media Player Classic 2008-09-24 13:13 . 2008-09-24 13:13 <DIR> d-------- C:\Program Files\Nero 2008-09-24 13:13 . 2008-09-24 13:15 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-09-24 13:13 . 2008-09-24 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-20 21:03 --------- d-----w C:\Documents and Settings\Boris\Application Data\Skype 2008-10-20 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-16 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 08:28 --------- d-----w C:\Program Files\Opera 2008-10-14 14:44 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-10-02 09:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-24 11:03 --------- d-----w C:\Program Files\Common Files\Ahead 2008-09-24 11:03 --------- d-----w C:\Program Files\Ahead 2008-09-13 13:56 --------- d-----w C:\Program Files\Google Video 2008-09-08 10:28 --------- d-----w C:\Program Files\Ares 2008-09-07 13:47 --------- d-----w C:\Documents and Settings\Boris\Application Data\AdobeUM 2008-09-07 13:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-05 12:33 --------- d-----w C:\Program Files\Total Video Converter 2008-09-05 11:38 --------- d-----w C:\Program Files\YouTube Downloader 2008-09-05 08:22 158,456 ------w C:\WINDOWS\system32\pxwma.dll 2008-09-05 08:10 --------- d-----w C:\Program Files\Common Files\xing shared 2008-09-05 08:10 --------- d-----w C:\Program Files\Common Files\Real 2008-09-03 14:13 --------- d-----w C:\Documents and Settings\Boris\Application Data\Ahead 2008-09-03 13:14 --------- d-----w C:\Program Files\ffdshow 2008-09-03 13:14 --------- d-----w C:\Program Files\DivXCodec 2008-09-03 13:13 --------- d-----w C:\Program Files\DivX 2008-09-03 13:12 --------- d-----w C:\Program Files\XviD 2008-09-03 12:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-03 12:09 --------- d-----w C:\Program Files\SmartPCTools 2008-09-03 12:04 --------- d-----w C:\Program Files\DVD Shrink 2008-09-03 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-09-03 12:00 --------- d-----w C:\Program Files\ImTOO 2008-09-02 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-09-02 20:32 --------- d-----w C:\Program Files\IVT Corporation 2008-09-02 20:06 --------- d-----w C:\Program Files\Sun 2008-09-02 20:05 --------- d-----w C:\Program Files\Java 2008-09-02 19:49 --------- d-----w C:\Program Files\Common Files\Java 2008-09-02 19:17 --------- d-----w C:\Program Files\Google 2008-09-02 19:02 --------- d-----w C:\Program Files\Real 2008-09-02 18:50 --------- d-----w C:\Program Files\Skype 2008-09-02 18:50 --------- d-----w C:\Program Files\Common Files\Skype 2008-09-02 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-09-02 18:45 --------- d-----w C:\Program Files\MSN Messenger 2008-09-02 18:41 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-09-02 17:02 --------- d-----w C:\Program Files\Mv2Player 2008-09-02 16:48 --------- d-----w C:\Program Files\Winamp 2008-09-02 16:40 --------- d-----w C:\Documents and Settings\Boris\Application Data\ACD Systems 2008-09-02 16:35 --------- d-----w C:\Documents and Settings\Boris\Application Data\Nero 2008-09-02 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-02 16:09 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-09-02 16:09 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-09-02 16:09 --------- d-----w C:\Program Files\ArcSoft 2008-09-02 15:54 --------- d-----w C:\Documents and Settings\Boris\Application Data\InterVideo 2008-09-02 15:50 --------- d-----w C:\Program Files\InterVideo 2008-09-02 15:47 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-02 15:31 --------- d-----w C:\Program Files\Alwil Software 2008-09-02 15:29 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2008-09-02 15:29 --------- d-----w C:\Program Files\Yahoo! 2008-09-02 15:29 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-09-02 15:29 --------- d-----w C:\Program Files\ACD Systems 2008-09-02 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-09-02 15:19 --------- d-----w C:\Program Files\Microsoft.NET 2008-09-02 15:19 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-09-02 15:03 --------- d-----w C:\Program Files\Analog Devices 2008-09-02 14:43 --------- d-----w C:\Program Files\microsoft frontpage . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\system32\append.dll ---- ---- Directory of C:\WINDOWS\system32\xlib254.dll ---- ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-20 21:17:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_460.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-10-18 21147944] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584] "Google Update"="C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-05 185896] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "SiSPower"="SiSPower.dll" [2008-03-20 C:\WINDOWS\system32\SiSPower.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.XVID"= xvid.dll "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-23 14:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-05 18:51 133104 C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] --a------ 2008-09-02 20:41 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 08:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] --a------ 2007-05-21 06:04 393728 C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-06-30 32768] S4 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [ ] . Contents of the 'Scheduled Tasks' folder 2008-10-20 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Boris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 18:51] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-10-20 23:18:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\Crypserv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2008-10-20 23:26:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-20 21:26:00 ComboFix2.txt 2008-10-20 20:51:49 Pre-Run: 6,981,173,248 bytes free Post-Run: 6,974,885,888 bytes free 265

Profil

bobby Poslao: 20 Okt 2008 23:34 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi jos rucno sledeci fajl: C:\WINDOWS\system32\(zabranjeno)_IL-2_Sturmovik.exe Rec (zabranjeno) zameni sa c_rack (nas forum zabranjuje pisanje nekih reci, tako da sam morao da ubacim crticu). Ima li jos nekih simptoma?

Profil

boksi Poslao: 20 Okt 2008 23:40 Idi na vrh
offline boksi Ugledni građanin Pridružio: 11 Jun 2008 Poruke: 474	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne sad izgleda u redu hvala.

Profil

bobby Poslao: 20 Okt 2008 23:48 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Spakuj mi, molim te, u jedan ZIP sledeci folder: C:\QooBox\Quarantine i uploaduj ga preko sledece forme: [Link mogu videti samo ulogovani korisnici] Trebaju mi ti fajlovi da bi ih pogledao. To su fajlovi koje smo uklonili. Da bi smo zavrsili proces, potrebno je jos da odradis i sledece: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

boksi Poslao: 20 Okt 2008 23:55 Idi na vrh
offline boksi Ugledni građanin Pridružio: 11 Jun 2008 Poruke: 474	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uplodovao sam pod imenom Quarantine

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Spyware infection

Ko je trenutno na forumu

Ukupno su 941 korisnika na forumu :: 54 registrovanih, 7 sakrivenih i 880 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Avalon015, bobomicek, bokisha253, Bushek, celik, darionis, Djokislav, Dolinc, Dovla 1980, dule10savic, gagidjuric, GandorCC, Georgius, Gogi do, igorkozar83, Jakonjveliki, kolle.the.kid, Konda, kontrasvijeta, kreker, Lester Freamon, Makeitdrip, MarkoW, mercedesamg, mikidragi, mikrimaus, milos97, milutin134, MiroslavD, Mitogna, Miškić, Mrav Obrad, nebidrag, nuke92, Paklenica, panzerwaffe, pceklic, PrincipL, probisic, PuškeiPlavuše, RAKITNICA, raptorsi, rodoljub, S-lash, Sirius, stefan95, t_p_, vathra, Vlada1389, Voice1, Zeljo980, zmajbre, zokilivac

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by