MyCity » Ambulanta -> Arhiva Ambulante » [bobby] WIN32/SPY.DELF.NQC trojan

[bobby] WIN32/SPY.DELF.NQC trojan

Napisano na dan: 25.2.2009

[bobby] WIN32/SPY.DELF.NQC trojan

Sledeća strana

Pagination

Odgovori

acacrni Poslao: 25 Feb 2009 01:37 Idi na vrh
offline acacrni Građanin Pridružio: 20 Jul 2005 Poruke: 111	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Eset Smart Security mi je nasao ovog trojanca,ali ne moze da ga obrise,stalno mi izbacuje sa strane da je nasao,i da ga je kao obrisao(cleaned by deleting-quarantied),ali to obavestenje se pojavljujje svakih nekoliko sekundi. napise mi da je nasao: WIN32/SPY.DELF.NQC trojan u fajlu: C:\WINDOWS\system32\plugin.dat i ne moze da ga obrise probao sam i u safe modu,ali nece. skenirao sam komp. sa programom hijackthis,evo ga log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:25:18, on 25.2.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20978-) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe.exe C:\WINDOWS\system32:svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Programi\CryptLoad\CryptLoad.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe D:\Downloads\Hijack This\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32:svchost.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6353 bytes

Profil

bobby Poslao: 25 Feb 2009 15:59 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sledeci put isprati upustva koja su data u temama oznacenim sa "Vazno" u Ambulanti. =========================================== Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

acacrni Poslao: 25 Feb 2009 16:25 Idi na vrh
offline acacrni Građanin Pridružio: 20 Jul 2005 Poruke: 111	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo log: ComboFix 09-02-24.02 - Aca 2009-02-25 16:05:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.3071.2580 [GMT 1:00] Running from: d:\downloads\ComboFix.exe AV: ESET Smart Security 3.0 On-access scanning disabled (Updated) FW: ESET Personal firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\plugin.dat c:\windows\system32\rundll32.exe.exe . ((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))) . 2009-02-25 16:07 . 2009-02-25 16:07 <DIR> d-------- c:\windows\system32\xircom 2009-02-25 16:07 . 2009-02-25 16:07 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-24 14:59 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-02-24 14:58 . 2009-02-24 14:58 <DIR> d-------- c:\program files\Microsoft.NET 2009-02-24 14:58 . 2009-02-24 14:58 <DIR> d-------- c:\program files\Microsoft Works 2009-02-24 14:56 . 2009-02-24 14:58 <DIR> d-------- c:\windows\SHELLNEW 2009-02-24 14:56 . 2009-02-24 14:56 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-02-24 14:55 . 2009-02-24 14:55 <DIR> dr-h----- C:\MSOCache 2009-02-24 14:55 . 2009-02-24 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-23 23:38 . 2009-02-23 23:38 <DIR> d-------- c:\windows\Sun 2009-02-23 12:32 . 2009-02-23 12:33 549,888 --a------ c:\program files\spy.exe 2009-02-22 22:30 . 2009-02-22 22:31 245,520 --a------ c:\program files\sharK.exe 2009-02-22 19:55 . 2009-02-22 19:55 <DIR> d-------- c:\program files\Alcohol Soft 2009-02-22 02:11 . 2009-02-22 02:13 <DIR> d-------- c:\program files\Valve 2009-02-22 00:36 . 2009-02-25 07:04 168 --a------ c:\windows\usdthank.ini 2009-02-22 00:36 . 2009-02-22 00:36 31 --a------ c:\windows\idc.ini 2009-02-21 20:20 . 2009-02-21 20:22 <DIR> d-------- c:\program files\Mv2Player 2009-02-21 16:52 . 2009-02-21 16:52 <DIR> d-------- c:\windows\system32\XPSViewer 2009-02-21 16:52 . 2009-02-21 16:52 <DIR> d-------- c:\program files\Reference Assemblies 2009-02-21 16:52 . 2009-02-24 14:58 <DIR> d-------- c:\program files\MSBuild 2009-02-21 16:52 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-02-21 10:36 . 2009-02-24 16:02 4,767 --a------ c:\windows\Irremote.ini 2009-02-21 10:23 . 2009-02-24 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2009-02-21 10:18 . 2009-02-21 10:18 <DIR> d--h----- c:\windows\PIF 2009-02-20 19:36 . 2009-02-20 19:36 <DIR> d-------- c:\program files\uTorrent 2009-02-20 19:36 . 2009-02-22 02:17 <DIR> d-------- c:\documents and settings\Aca\Application Data\uTorrent 2009-02-19 22:46 . 2009-02-19 22:45 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-19 22:46 . 2009-02-19 22:45 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-19 22:45 . 2009-02-19 22:45 <DIR> d-------- c:\program files\Java 2009-02-19 16:31 . 2001-08-17 15:36 8,704 --a------ c:\windows\system32\kbdjpn.dll 2009-02-19 16:31 . 2001-08-17 15:36 8,192 --a------ c:\windows\system32\kbdkor.dll 2009-02-19 16:31 . 2008-04-13 22:39 6,144 --a------ c:\windows\system32\kbd106.dll 2009-02-19 16:31 . 2001-08-17 07:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2009-02-19 16:31 . 2001-08-17 07:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2009-02-19 16:31 . 2001-08-17 07:55 5,632 --a------ c:\windows\system32\kbd103.dll 2009-02-18 23:04 . 2009-02-18 23:04 <DIR> d-------- c:\program files\FormatFactory 2009-02-17 00:44 . 2009-02-17 00:46 <DIR> d-------- c:\program files\VPSS 2009-02-16 20:19 . 2009-02-16 20:19 <DIR> d-------- c:\program files\Foxit Software 2009-02-16 18:50 . 2009-02-16 18:50 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-16 18:50 . 2009-02-16 18:50 <DIR> d-------- c:\program files\MSECACHE 2009-02-16 18:20 . 2004-10-18 13:24 15,654,912 --a------ c:\documents and settings\Aca\SP2UpgradeV1.1.0.exe 2009-02-16 14:38 . 2009-02-16 14:38 <DIR> d-------- c:\program files\OCCT 2009-02-16 14:14 . 2009-02-16 14:14 <DIR> d-------- c:\documents and settings\Aca\Application Data\Media Player Classic 2009-02-16 03:00 . 2009-02-16 03:00 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-16 00:24 . 2009-02-16 00:24 <DIR> d-------- c:\program files\Dreamcatcher 2009-02-15 23:45 . 2009-02-24 16:43 <DIR> d-------- c:\program files\DAEMON Tools Pro 2009-02-15 23:45 . 2009-02-15 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-02-15 23:44 . 2009-02-16 00:18 <DIR> d-------- c:\documents and settings\Aca\Application Data\DAEMON Tools Pro 2009-02-15 23:19 . 2008-02-22 12:30 334,792 --a------ c:\windows\system32\_AxShlEx.dll 2009-02-15 23:15 . 2003-03-19 03:14 499,712 --a------ c:\windows\system\MSVCP71.DLL 2009-02-15 21:20 . 2009-02-15 23:44 717,296 --a------ c:\windows\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-25 06:24 --------- d-----w c:\program files\DScaler 2009-02-16 20:04 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-16 00:41 --------- d-----w c:\program files\VistaExperience.org 2009-02-15 19:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-15 16:50 --------- d-----w c:\program files\Sega 2009-02-15 16:25 --------- d-----w c:\program files\Windows Sidebar 2009-02-15 15:47 --------- d-----w c:\documents and settings\Aca\Application Data\Winamp 2009-02-15 15:43 --------- d-----w c:\documents and settings\Aca\Application Data\ESET 2009-02-15 15:41 --------- d-----w c:\program files\ESET 2009-02-15 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-02-15 15:40 --------- d-----w c:\program files\CCleaner 2009-02-15 15:38 --------- d-----w c:\program files\Winamp 2009-02-15 15:38 --------- d-----w c:\program files\K-Lite Codec Pack 2009-02-15 15:35 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-02-15 15:35 --------- d-----w c:\documents and settings\Aca\Application Data\ATI 2009-02-15 15:34 --------- d-----w c:\program files\MSI 2009-02-15 15:33 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-15 15:32 --------- d-----w c:\documents and settings\Aca\Application Data\InstallShield 2009-02-15 15:31 315,392 ----a-w c:\windows\HideWin.exe 2009-02-15 15:31 --------- d-----w c:\program files\Realtek 2009-02-15 15:27 --------- d-----w c:\program files\ATI Technologies 2009-02-15 15:25 --------- d-----w c:\documents and settings\Aca\Application Data\Windows Desktop Search 2009-02-15 15:22 --------- d-----w c:\program files\Alky for Applications 2009-02-15 15:13 --------- d-----w c:\program files\Windows Desktop Search 2009-02-15 15:13 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-01 09:17 58,112 ----a-w c:\windows\system32\drivers\vdmindvd.sys 2009-02-01 09:17 51,712 ----a-w c:\windows\system32\drivers\tosdvd.sys 2009-02-01 09:17 262,528 ----a-w c:\windows\system32\drivers\cinemst2.sys 2009-02-01 09:17 21,376 ----a-w c:\windows\system32\drivers\tsbvcap.sys 2009-02-01 09:17 18,688 ----a-w c:\windows\system32\drivers\cdaudio.sys 2009-02-01 09:17 12,160 ----a-w c:\windows\system32\drivers\fsvga.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\riodrv.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\rio8drv.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\nikedrv.sys 2009-02-01 09:17 11,776 ----a-w c:\windows\system32\drivers\cpqdap01.sys 2009-02-01 09:08 82,944 ----a-w c:\windows\system32\drivers\wudfrd.sys 2009-02-01 09:08 77,568 ----a-w c:\windows\system32\drivers\wudfpf.sys 2009-02-01 09:08 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys 2009-02-01 09:07 62,848 ----a-w c:\windows\system32\drivers\rspndr.sys 2009-02-01 09:00 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-01 09:00 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2009-02-01 09:00 30,336 ----a-w c:\windows\system32\drivers\usbehci.sys 2009-02-01 09:00 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys 2009-02-01 09:00 17,152 ----a-w c:\windows\system32\drivers\usbohci.sys 2009-02-01 09:00 144,128 ----a-w c:\windows\system32\drivers\usbport.sys 2009-02-01 08:59 91,776 ----a-w c:\windows\system32\drivers\ndiswan.sys 2009-02-01 08:59 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys 2009-02-01 08:59 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-02-01 08:59 174,848 ----a-w c:\windows\system32\drivers\rdbss.sys 2009-02-01 08:59 139,656 ----a-w c:\windows\system32\drivers\rdpwd.sys 2009-02-01 08:59 105,344 ----a-w c:\windows\system32\drivers\mup.sys 2009-02-01 08:58 92,544 ----a-w c:\windows\system32\drivers\mqac.sys 2009-02-01 08:58 456,704 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2009-02-01 08:58 180,096 ----a-w c:\windows\system32\drivers\mrxdav.sys 2009-02-01 08:57 62,976 ----a-w c:\windows\system32\drivers\cdrom.sys 2009-02-01 08:57 36,352 ----a-w c:\windows\system32\drivers\disk.sys 2009-02-01 08:57 272,128 ----a-w c:\windows\system32\drivers\bthport.sys 2009-02-01 08:57 138,496 ----a-w c:\windows\system32\drivers\afd.sys 2009-02-01 08:57 1,033,728 ----a-w c:\windows\explorer.exe 2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll . ------- Sigcheck ------- 2009-02-01 10:18 2185216 2fad2a355ab8d2611f009c303973fa03 c:\windows\system32\ntkrnlpa.exe 2009-02-01 10:10 2306560 7b7107676307d5ac8f31fbc771492df9 c:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1247232] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072] "NodLogin"="c:\program files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 358448] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "RTHDCPL"="RTHDCPL.EXE" [2007-11-30 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "_nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 CX88XBAR;MSI 8606 Crossbar;c:\windows\system32\drivers\CX88XBar.SYS [2009-02-15 9159] R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-02-15 84992] S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{33S25275-57R8-J080-J66J-AIB0JC4B3D3V}] c:\windows\system32\rundll32.exe.exe Restart [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{41A36DE2-13F2-50B8-13A0-BF845FB0E756}] c:\windows\system32:svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Aca\Application Data\Mozilla\Firefox\Profiles\1ajtygx4.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-25 16:08:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32:svchost.exe 67584 bytes executable scan completed successfully hidden files: 1 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1012) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe . ************************************************************************ . Completion time: 2009-02-25 16:09:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-25 15:09:12 Pre-Run: 145.985.052.672 bytes free Post-Run: 146,011,836,416 bytes free 225 --- E O F --- 2009-02-18 06:49:09 ----------------------------------------------- P.S. Pa pokusao sam da ispratim temu: Kako otvoriti temu u Ambulanti zato sam i odmah postavio log od HijackThis programa.

Profil

bobby Poslao: 25 Feb 2009 17:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `ADS:: c:\windows\system32 Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{33S25275-57R8-J080-J66J-AIB0JC4B3D3V}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{41A36DE2-13F2-50B8-13A0-BF845FB0E756}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ============================ P.S. u onom uputstvu je pisalo da treba preimenovati HijackThis, inace ce malware da ga prepozna pa ce sabotirati skeniranje. Dopuna: 25 Feb 2009 17:20 Zaboravih da ti napomenem da iskljucis antivirus dok skeniras. * Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.

Profil

acacrni Poslao: 25 Feb 2009 17:54 Idi na vrh
offline acacrni Građanin Pridružio: 20 Jul 2005 Poruke: 111	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-24.02 - Aca 2009-02-25 17:32:45.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.3071.2503 [GMT 1:00] Running from: d:\downloads\ComboFix.exe Command switches used :: d:\downloads\CFScript.txt AV: ESET Smart Security 3.0 On-access scanning disabled (Updated) FW: ESET Personal firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - system32: deleted 67778 bytes in 2 streams. ((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))) . 2009-02-25 16:07 . 2009-02-25 16:07 <DIR> d-------- c:\windows\system32\xircom 2009-02-25 16:07 . 2009-02-25 16:07 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-24 14:59 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-02-24 14:58 . 2009-02-24 14:58 <DIR> d-------- c:\program files\Microsoft.NET 2009-02-24 14:58 . 2009-02-24 14:58 <DIR> d-------- c:\program files\Microsoft Works 2009-02-24 14:56 . 2009-02-24 14:58 <DIR> d-------- c:\windows\SHELLNEW 2009-02-24 14:56 . 2009-02-24 14:56 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-02-24 14:55 . 2009-02-24 14:55 <DIR> dr-h----- C:\MSOCache 2009-02-24 14:55 . 2009-02-24 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-23 23:38 . 2009-02-23 23:38 <DIR> d-------- c:\windows\Sun 2009-02-23 12:32 . 2009-02-23 12:33 549,888 --a------ c:\program files\spy.exe 2009-02-22 22:30 . 2009-02-22 22:31 245,520 --a------ c:\program files\sharK.exe 2009-02-22 19:55 . 2009-02-22 19:55 <DIR> d-------- c:\program files\Alcohol Soft 2009-02-22 02:11 . 2009-02-22 02:13 <DIR> d-------- c:\program files\Valve 2009-02-22 00:36 . 2009-02-25 16:33 168 --a------ c:\windows\usdthank.ini 2009-02-22 00:36 . 2009-02-22 00:36 31 --a------ c:\windows\idc.ini 2009-02-21 20:20 . 2009-02-21 20:22 <DIR> d-------- c:\program files\Mv2Player 2009-02-21 16:52 . 2009-02-21 16:52 <DIR> d-------- c:\windows\system32\XPSViewer 2009-02-21 16:52 . 2009-02-21 16:52 <DIR> d-------- c:\program files\Reference Assemblies 2009-02-21 16:52 . 2009-02-24 14:58 <DIR> d-------- c:\program files\MSBuild 2009-02-21 16:52 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-02-21 10:36 . 2009-02-24 16:02 4,767 --a------ c:\windows\Irremote.ini 2009-02-21 10:23 . 2009-02-24 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2009-02-21 10:18 . 2009-02-21 10:18 <DIR> d--h----- c:\windows\PIF 2009-02-20 19:36 . 2009-02-20 19:36 <DIR> d-------- c:\program files\uTorrent 2009-02-20 19:36 . 2009-02-22 02:17 <DIR> d-------- c:\documents and settings\Aca\Application Data\uTorrent 2009-02-19 22:46 . 2009-02-19 22:45 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-19 22:46 . 2009-02-19 22:45 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-19 22:45 . 2009-02-19 22:45 <DIR> d-------- c:\program files\Java 2009-02-19 16:31 . 2001-08-17 15:36 8,704 --a------ c:\windows\system32\kbdjpn.dll 2009-02-19 16:31 . 2001-08-17 15:36 8,192 --a------ c:\windows\system32\kbdkor.dll 2009-02-19 16:31 . 2008-04-13 22:39 6,144 --a------ c:\windows\system32\kbd106.dll 2009-02-19 16:31 . 2001-08-17 07:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2009-02-19 16:31 . 2001-08-17 07:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2009-02-19 16:31 . 2001-08-17 07:55 5,632 --a------ c:\windows\system32\kbd103.dll 2009-02-18 23:04 . 2009-02-18 23:04 <DIR> d-------- c:\program files\FormatFactory 2009-02-17 00:44 . 2009-02-17 00:46 <DIR> d-------- c:\program files\VPSS 2009-02-16 20:19 . 2009-02-16 20:19 <DIR> d-------- c:\program files\Foxit Software 2009-02-16 18:50 . 2009-02-16 18:50 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-16 18:50 . 2009-02-16 18:50 <DIR> d-------- c:\program files\MSECACHE 2009-02-16 18:20 . 2004-10-18 13:24 15,654,912 --a------ c:\documents and settings\Aca\SP2UpgradeV1.1.0.exe 2009-02-16 14:38 . 2009-02-16 14:38 <DIR> d-------- c:\program files\OCCT 2009-02-16 14:14 . 2009-02-16 14:14 <DIR> d-------- c:\documents and settings\Aca\Application Data\Media Player Classic 2009-02-16 03:00 . 2009-02-16 03:00 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-16 00:24 . 2009-02-16 00:24 <DIR> d-------- c:\program files\Dreamcatcher 2009-02-15 23:45 . 2009-02-24 16:43 <DIR> d-------- c:\program files\DAEMON Tools Pro 2009-02-15 23:45 . 2009-02-15 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-02-15 23:44 . 2009-02-16 00:18 <DIR> d-------- c:\documents and settings\Aca\Application Data\DAEMON Tools Pro 2009-02-15 23:19 . 2008-02-22 12:30 334,792 --a------ c:\windows\system32\_AxShlEx.dll 2009-02-15 23:15 . 2003-03-19 03:14 499,712 --a------ c:\windows\system\MSVCP71.DLL 2009-02-15 21:20 . 2009-02-15 23:44 717,296 --a------ c:\windows\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-25 06:24 --------- d-----w c:\program files\DScaler 2009-02-16 20:04 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-16 00:41 --------- d-----w c:\program files\VistaExperience.org 2009-02-15 19:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-15 16:50 --------- d-----w c:\program files\Sega 2009-02-15 16:25 --------- d-----w c:\program files\Windows Sidebar 2009-02-15 15:47 --------- d-----w c:\documents and settings\Aca\Application Data\Winamp 2009-02-15 15:43 --------- d-----w c:\documents and settings\Aca\Application Data\ESET 2009-02-15 15:41 --------- d-----w c:\program files\ESET 2009-02-15 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-02-15 15:40 --------- d-----w c:\program files\CCleaner 2009-02-15 15:38 --------- d-----w c:\program files\Winamp 2009-02-15 15:38 --------- d-----w c:\program files\K-Lite Codec Pack 2009-02-15 15:35 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-02-15 15:35 --------- d-----w c:\documents and settings\Aca\Application Data\ATI 2009-02-15 15:34 --------- d-----w c:\program files\MSI 2009-02-15 15:33 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-15 15:32 --------- d-----w c:\documents and settings\Aca\Application Data\InstallShield 2009-02-15 15:31 315,392 ----a-w c:\windows\HideWin.exe 2009-02-15 15:31 --------- d-----w c:\program files\Realtek 2009-02-15 15:27 --------- d-----w c:\program files\ATI Technologies 2009-02-15 15:25 --------- d-----w c:\documents and settings\Aca\Application Data\Windows Desktop Search 2009-02-15 15:22 --------- d-----w c:\program files\Alky for Applications 2009-02-15 15:13 --------- d-----w c:\program files\Windows Desktop Search 2009-02-15 15:13 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll 2009-02-01 09:17 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-02-01 09:10 990,208 ----a-w c:\windows\system32\syssetup.dll 2009-02-01 09:10 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-02-01 09:10 2,306,560 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-01 09:10 16,384 ----a-w c:\windows\system32\lcid.exe 2009-02-01 09:10 140,288 ----a-w c:\windows\system32\sfc_os.dll 2009-02-01 09:07 97,792 ----a-w c:\windows\system32\UncCplExt.dll 2009-02-01 09:06 323,696 ----a-w c:\windows\system32\msdrm.dll 2009-02-01 09:06 312,128 ----a-w c:\windows\system32\msdelta.dll 2009-02-01 09:06 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2009-02-01 09:03 465,920 ----a-w c:\windows\system32\imapi2fs.dll 2009-02-01 09:03 317,952 ----a-w c:\windows\system32\imapi2.dll 2009-02-01 09:03 317,440 ----a-w c:\windows\system32\mp4sdecd.dll 2009-02-01 09:03 259,072 ----a-w c:\windows\system32\mpg4decd.dll 2009-02-01 09:03 259,072 ----a-w c:\windows\system32\mp43decd.dll 2009-02-01 09:03 212,992 ----a-w c:\windows\system32\mfplat.dll 2009-02-01 09:03 151,552 ----a-w c:\windows\system32\ifxcardm.dll 2009-02-01 09:02 633,344 ----a-w c:\windows\system32\gpprefcl.dll 2009-02-01 09:02 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll 2009-02-01 09:02 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll 2009-02-01 09:02 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll 2009-02-01 09:02 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll 2009-02-01 09:02 3,734,536 ----a-w c:\windows\system32\d3dx9_36.dll 2009-02-01 09:02 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll 2009-02-01 09:02 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll 2009-02-01 09:02 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll 2009-02-01 09:02 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll 2009-02-01 09:02 249,856 ----a-w c:\windows\system32\drmupgds.exe 2009-02-01 09:02 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll 2009-02-01 09:00 99,840 ----a-w c:\windows\system32\wmpshell.dll 2009-02-01 08:59 985,088 ----a-w c:\windows\system32\setupapi.dll 2009-02-01 08:58 997,888 ----a-w c:\windows\system32\msgina.dll 2009-02-01 08:57 991,744 ----a-w c:\windows\system32\drmv2clt.dll 2009-01-28 21:25 2,246,163 ----a-w c:\windows\system32\x264vfw.dll 2009-01-16 16:24 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll 2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll 2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll 2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll 2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll 2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll 2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe 2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll 2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll 2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll 2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll 2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll 2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll 2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll 2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll 2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll 2009-01-13 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll 2008-12-20 23:56 827,904 ------w c:\windows\system32\dllcache\wininet.dll 2008-12-19 09:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:41 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:24 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll . ------- Sigcheck ------- 2009-02-01 10:18 2185216 2fad2a355ab8d2611f009c303973fa03 c:\windows\system32\ntkrnlpa.exe 2009-02-01 10:10 2306560 7b7107676307d5ac8f31fbc771492df9 c:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((( SnapShot@2009-02-25_16.08.50.15 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-25 16:30:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e0.dat + 2009-02-25 16:31:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_9a4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1247232] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072] "NodLogin"="c:\program files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 358448] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "RTHDCPL"="RTHDCPL.EXE" [2007-11-30 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "_nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 CX88XBAR;MSI 8606 Crossbar;c:\windows\system32\drivers\CX88XBar.SYS [2009-02-15 9159] R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-02-15 84992] S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Aca\Application Data\Mozilla\Firefox\Profiles\1ajtygx4.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-25 17:33:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1012) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-25 17:34:27 ComboFix-quarantined-files.txt 2009-02-25 16:34:25 ComboFix2.txt 2009-02-25 15:09:16 Pre-Run: 146,026,205,184 bytes free Post-Run: 146,012,540,928 bytes free 246 --- E O F --- 2009-02-18 06:49:09 Dopuna: 25 Feb 2009 17:54 Zaboravio sam da napisem sad mi anti virus vise ne izbacuje da je nasao trojanca,verovatno je obrisan? Ne mogu da editujem predhodni post.

Profil

bobby Poslao: 25 Feb 2009 18:48 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako si voljan da mi posaljes uzorke toga sto smo uklonili, onda uradi sledece (iskljuci AV dok ovo radis): - spakuj u jedan ZIP ceo folder c:\qoobox\quarantine - uploaduj mi ga preko http://www.mycity.rs/ambulanta-upload.php Na kraju je jos potrebno deinstalirati ComboFix: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

acacrni Poslao: 25 Feb 2009 19:03 Idi na vrh
offline acacrni Građanin Pridružio: 20 Jul 2005 Poruke: 111	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sto da necu,poslao sam. Hvala na pomoci.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] WIN32/SPY.DELF.NQC trojan

Ko je trenutno na forumu

Ukupno su 1211 korisnika na forumu :: 35 registrovanih, 7 sakrivenih i 1169 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, bobomicek, bokisha253, Boris90, cavatina, djboj, Georgius, ILGromovnik, Istman, Kalu209, karirani, Kibice, Klecaviks, kybonacci, Lieutenant, Marko Marković, MiG-29M2, milenko crazy north, Milometer, Milos ZA, Milos82, MiroslavD, mrvica78, nextyamb, Ripanjac, royst33, Simon simonović, Smajser, sombrero, vargas, Vlad000, Zimbabwe, zixmix, zlaya011, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by