MyCity » Ambulanta -> Arhiva Ambulante » smitfraud

smitfraud

Napisano na dan: 5.1.2008

Strana:
1
2

smitfraud

Sledeća strana

Pagination

Odgovori

Strana:
1
2

atomic Poslao: 05 Jan 2008 23:52 Idi na vrh
offline atomic Građanin Pridružio: 05 Jan 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pozzdrav svima .imam problem tacnije sa ove teme mycity.rs/Ambulanta/Kako-prepoznati-SmitFraud.html i meni se pojavljuje to isto . ne razumem se bas nesto u ove stvari pa ako neko moze da mi pomogne bilo bi super imam nod 32 , i ad-aware . skenirao sam sa oba programa ali i dalje se pojavljuje . dakle , sta dalje ? Dopuna: 05 Jan 2008 23:52 oprostite zaboravih ovo Logfile of HijackThis v1.99.1 Scan saved at 23:49:29, on 5.1.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Documents and Settings\milos\Desktop\New Folder\ter.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe imam sp1 . a sp2 sam nabavio nedavno .

Profil

dr_Bora Poslao: 06 Jan 2008 01:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Privremeno isključi IMON i AMON module (delovi NOD32) dečekiranjem sledećih opcija: AMON - File system monitor (AMON) enabled IMON - Internet monitor (IMON) enabled Zatim... 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ] 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pritisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Profil

atomic Poslao: 06 Jan 2008 02:23 Idi na vrh
offline atomic Građanin Pridružio: 05 Jan 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SmitFraudFix v2.274 Scan done at 2:15:55,46, ned 06.01.2008 Run from C:\Documents and Settings\milos\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{7C0A5606-9FB3-43AA-B640-8A848C820135}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7C0A5606-9FB3-43AA-B640-8A848C820135}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7C0A5606-9FB3-43AA-B640-8A848C820135}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End i hijack this Logfile of HijackThis v1.99.1 Scan saved at 2:21:20, on 6.1.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\milos\Desktop\New Folder\ter.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Dopuna: 06 Jan 2008 2:23 zaboravih da se zahvalim da detaljnom uputstvu pozzdrav

Profil

dr_Bora Poslao: 06 Jan 2008 03:11 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

atomic Poslao: 06 Jan 2008 03:46 Idi na vrh
offline atomic Građanin Pridružio: 05 Jan 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-01-04.1 - milos 2008-01-06 3:43:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.389 [GMT 1:00] Running from: C:\Documents and Settings\milos\Desktop\Autoruns\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 03:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 00:37 . 2008-01-06 00:37 <DIR> d-------- C:\Program Files\Guitar Pro 5 2008-01-05 21:56 . 2008-01-06 02:15 1,222 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-05 21:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-05 21:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-05 21:47 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-05 21:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-05 21:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-05 21:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-05 19:11 . 2008-01-05 19:11 <DIR> d-------- C:\Program Files\Soulseek 2008-01-04 23:16 . 2008-01-04 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-01 16:18 . 2008-01-03 13:52 0 --a------ C:\WINDOWS\system32\zi.exe 2008-01-01 15:34 . 2008-01-03 14:39 0 --a------ C:\WINDOWS\system32\2k3.exe 2008-01-01 14:35 . 2008-01-05 13:12 0 --a------ C:\WINDOWS\system32\winamp32.exe 2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Program Files\Rock Tour 2007-12-30 16:35 . 2007-12-30 16:35 <DIR> d-------- C:\WINDOWS\system32\Adobe 2007-12-30 16:35 . 2007-12-30 16:35 <DIR> d-------- C:\WINDOWS\Profiles 2007-12-30 16:35 . 2007-12-30 16:35 <DIR> d-------- C:\Documents and Settings\milos\Application Data\InterTrust 2007-12-30 04:18 . 2007-12-30 04:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2007-12-30 04:05 . 2007-12-31 16:34 <DIR> d-------- C:\Program Files\Valve 2007-12-30 03:58 . 2007-12-30 03:58 <DIR> d-------- C:\Program Files\Firefly Studios 2007-12-30 02:53 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-12-30 02:53 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-12-30 02:53 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2007-12-30 02:53 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-12-30 02:53 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-12-30 02:53 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-12-30 02:53 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-12-29 14:57 . 2007-12-29 14:58 <DIR> d-------- C:\WINDOWS\NU_DATA 2007-12-29 14:37 . 2008-01-06 02:19 70,959 --a------ C:\WINDOWS\system32\nvapps.xml 2007-12-29 14:36 . 2006-06-23 16:49 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-12-29 14:36 . 2006-06-23 16:49 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu 2007-12-29 14:35 . 2006-06-23 18:55 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-12-29 14:25 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-12-29 14:24 . 2004-07-09 04:27 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-29 14:23 . 2007-12-29 14:23 <DIR> d-------- C:\dxd 2007-12-29 13:49 . 2007-12-29 13:49 53 --a------ C:\WINDOWS\DelToolbox.bat 2007-12-26 12:29 . 2007-12-26 12:29 115 --a------ C:\WINDOWS\AIMPR.INI 2007-12-19 08:14 . 2008-01-05 19:06 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-19 07:51 . 2007-12-19 07:51 <DIR> d-------- C:\Program Files\YouTube Downloader 2007-12-18 07:15 . 2002-12-11 19:02 2,058,888 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-12-17 01:55 . 2007-12-17 01:55 <DIR> d-------- C:\Documents and Settings\milos\Application Data\vlc 2007-12-16 21:48 . 2007-12-16 21:48 <DIR> d-------- C:\Program Files\CCleaner 2007-12-16 17:44 . 2007-12-21 03:49 0 --a------ C:\WINDOWS\system32\symantec.exe 2007-12-16 17:35 . 2007-12-16 17:35 0 --a------ C:\WINDOWS\system32\st.exe 2007-12-16 14:43 . 2007-12-16 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-12-16 14:33 . 2007-12-16 14:33 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-12-16 14:33 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys 2007-12-16 14:33 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys 2007-12-16 14:30 . 2007-12-16 14:30 <DIR> d-------- C:\Program Files\IVT Corporation 2007-12-16 02:32 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-12-16 02:32 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-12-16 02:31 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-12-16 02:31 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-12-16 02:31 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-12-16 02:31 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-12-16 02:31 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-12-16 02:31 . 2006-01-12 15:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-16 02:31 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-12-16 02:30 . 2007-12-16 02:30 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-12-16 02:30 . 2007-12-16 02:31 <DIR> d-------- C:\Program Files\Ahead 2007-12-15 13:03 . 2007-12-17 16:04 0 --a------ C:\WINDOWS\system32\msv.exe 2007-12-15 01:37 . 2008-01-05 13:12 73 --a------ C:\WINDOWS\system32\i 2007-12-15 01:37 . 2007-12-15 01:37 0 --a------ C:\WINDOWS\system32\eraseme_52585.exe 2007-12-14 14:08 . 2007-12-14 14:08 0 --a------ C:\WINDOWS\system32\SADASDA.exe 2007-12-14 01:50 . 2007-12-14 01:50 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-14 01:50 . 2007-12-14 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-14 01:47 . 2007-12-14 01:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-13 16:51 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-12-13 16:50 . 2007-12-13 16:50 <DIR> d-------- C:\Documents and Settings\milos\Contacts 2007-12-13 16:18 . 2007-12-13 16:18 0 --a------ C:\WINDOWS\system32\winlolx.exe 2007-12-13 16:13 . 2007-12-13 16:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-13 16:03 . 2007-12-13 16:03 <DIR> d-------- C:\Documents and Settings\milos\Application Data\Talkback 2007-12-13 16:03 . 2007-12-13 16:03 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-13 16:02 . 2007-12-13 16:13 <DIR> d-------- C:\Program Files\MSN Messenger 2007-12-13 15:49 . 2007-12-13 17:12 <DIR> d-------- C:\Program Files\Winamp 2007-12-13 15:22 . 2007-12-30 16:35 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-13 15:21 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-13 15:11 . 2007-12-13 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-12 21:22 . 2007-12-12 21:22 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-12 21:22 . 2007-12-12 21:22 270,336 --a------ C:\WINDOWS\system32\imon.dll 2007-12-12 21:21 . 2007-12-12 21:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-12 21:20 . 2007-12-12 21:20 <DIR> d-------- C:\Program Files\VideoLAN 2007-12-12 21:20 . 2007-12-30 22:18 3,573 --a------ C:\WINDOWS\mozver.dat 2007-12-12 21:19 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-12-12 21:18 . 2002-08-29 02:27 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-12-12 21:18 . 2002-08-29 04:40 20,480 --a------ C:\WINDOWS\system32\hidserv.dll 2007-12-12 21:18 . 2002-08-29 02:32 9,856 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-12-12 21:17 . 2001-08-17 13:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-12-12 21:15 . 2008-01-02 10:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-12-12 21:15 . 2007-12-12 20:25 <DIR> dr------- C:\Documents and Settings\All Users\Documents . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 03:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-29 13:10 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-18 06:02 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-12 19:48 --------- d-----w C:\Program Files\VIA Technologies, Inc 2007-12-12 19:39 --------- d-----w C:\Program Files\Analog Devices 2007-12-12 19:29 558,142 ----a-w C:\WINDOWS\java\Packages\TBV7JHJ9.ZIP 2007-12-12 19:29 155,995 ----a-w C:\WINDOWS\java\Packages\USD39ND3.ZIP 2007-12-12 19:29 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 66,056 ----a-w C:\WINDOWS\system32\dxdllreg.exe 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-12 21:22 921600] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-23 16:49 7626752] "nwiz"="nwiz.exe" [2006-06-23 16:49 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-23 16:49 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 04:41 13312] "SCR Standard Event Consumer - Scripting"="C:\WINDOWS\system32\scr32.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices] "SCR Standard Event Consumer - Scripting"="C:\WINDOWS\system32\scr32.exe" [ ] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] SCR Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\system32\scr32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2002-08-29 04:41 13312 --a------ C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Pre.EXE S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\DOCUME~1\milos\LOCALS~1\Temp\RarSFX0\kerneld.wnt [2006-12-14 23:42] Newly Created Service - PROCEXP90 . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-06 03:44:53 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-06 3:45:30

Profil

dr_Bora Poslao: 06 Jan 2008 11:05 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\zi.exe C:\WINDOWS\system32\2k3.exe C:\WINDOWS\system32\winamp32.exe C:\WINDOWS\system32\symantec.exe C:\WINDOWS\system32\st.exe C:\WINDOWS\system32\msv.exe C:\WINDOWS\system32\eraseme_52585.exe C:\WINDOWS\system32\SADASDA.exe C:\WINDOWS\system32\winlolx.exe C:\WINDOWS\system32\i C:\WINDOWS\system32\scr32.exe Registry:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SCR Standard Event Consumer - Scripting"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices] "SCR Standard Event Consumer - Scripting"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "SCR Standard Event Consumer - Scripting"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Kakvo je sada stanje? Primetiš li neke probleme i dalje?

Profil

atomic Poslao: 07 Jan 2008 03:29 Idi na vrh
offline atomic Građanin Pridružio: 05 Jan 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-01-04.1 - milos 2008-01-07 2:34:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.479 [GMT 1:00] Running from: C:\Documents and Settings\milos\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\milos\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\2k3.exe C:\WINDOWS\system32\eraseme_52585.exe C:\WINDOWS\system32\i C:\WINDOWS\system32\msv.exe C:\WINDOWS\system32\SADASDA.exe C:\WINDOWS\system32\scr32.exe C:\WINDOWS\system32\st.exe C:\WINDOWS\system32\symantec.exe C:\WINDOWS\system32\winamp32.exe C:\WINDOWS\system32\winlolx.exe C:\WINDOWS\system32\zi.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\2k3.exe C:\WINDOWS\system32\eraseme_52585.exe C:\WINDOWS\system32\i C:\WINDOWS\system32\msv.exe C:\WINDOWS\system32\SADASDA.exe C:\WINDOWS\system32\st.exe C:\WINDOWS\system32\symantec.exe C:\WINDOWS\system32\winamp32.exe C:\WINDOWS\system32\winlolx.exe C:\WINDOWS\system32\zi.exe . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-06 05:39 . 2008-01-06 05:39 <DIR> d-------- C:\Program Files\Paradox Entertainment 2008-01-06 03:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 00:37 . 2008-01-06 00:37 <DIR> d-------- C:\Program Files\Guitar Pro 5 2008-01-05 21:56 . 2008-01-06 02:15 1,222 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-05 21:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-05 21:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-05 21:47 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-05 21:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-05 21:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-05 21:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-05 19:11 . 2008-01-05 19:11 <DIR> d-------- C:\Program Files\Soulseek 2008-01-04 23:16 . 2008-01-04 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-30 16:36 . 2007-12-30 16:36 <DIR> d-------- C:\Program Files\Rock Tour 2007-12-30 16:35 . 2007-12-30 16:35 <DIR> d-------- C:\WINDOWS\system32\Adobe 2007-12-30 16:35 . 2007-12-30 16:35 <DIR> d-------- C:\WINDOWS\Profiles 2007-12-30 16:35 . 2007-12-30 16:35 <DIR> d-------- C:\Documents and Settings\milos\Application Data\InterTrust 2007-12-30 04:18 . 2007-12-30 04:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2007-12-30 04:05 . 2007-12-31 16:34 <DIR> d-------- C:\Program Files\Valve 2007-12-30 03:58 . 2007-12-30 03:58 <DIR> d-------- C:\Program Files\Firefly Studios 2007-12-30 02:53 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-12-30 02:53 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-12-30 02:53 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2007-12-30 02:53 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-12-30 02:53 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-12-30 02:53 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-12-30 02:53 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-12-29 14:57 . 2007-12-29 14:58 <DIR> d-------- C:\WINDOWS\NU_DATA 2007-12-29 14:37 . 2008-01-07 02:16 70,959 --a------ C:\WINDOWS\system32\nvapps.xml 2007-12-29 14:36 . 2006-06-23 16:49 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-12-29 14:36 . 2006-06-23 16:49 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu 2007-12-29 14:35 . 2006-06-23 18:55 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-12-29 14:25 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-12-29 14:24 . 2004-07-09 04:27 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-29 14:23 . 2007-12-29 14:23 <DIR> d-------- C:\dxd 2007-12-29 13:49 . 2007-12-29 13:49 53 --a------ C:\WINDOWS\DelToolbox.bat 2007-12-26 12:29 . 2007-12-26 12:29 115 --a------ C:\WINDOWS\AIMPR.INI 2007-12-19 08:14 . 2008-01-05 19:06 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-19 07:51 . 2007-12-19 07:51 <DIR> d-------- C:\Program Files\YouTube Downloader 2007-12-18 07:15 . 2002-12-11 19:02 2,058,888 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-12-17 01:55 . 2007-12-17 01:55 <DIR> d-------- C:\Documents and Settings\milos\Application Data\vlc 2007-12-16 21:48 . 2007-12-16 21:48 <DIR> d-------- C:\Program Files\CCleaner 2007-12-16 14:43 . 2007-12-16 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-12-16 14:33 . 2007-12-16 14:33 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-12-16 14:33 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys 2007-12-16 14:33 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys 2007-12-16 14:30 . 2007-12-16 14:30 <DIR> d-------- C:\Program Files\IVT Corporation 2007-12-16 02:32 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-12-16 02:32 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-12-16 02:31 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-12-16 02:31 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-12-16 02:31 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-12-16 02:31 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-12-16 02:31 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-12-16 02:31 . 2006-01-12 15:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-16 02:31 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-12-16 02:30 . 2007-12-16 02:30 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-12-16 02:30 . 2007-12-16 02:31 <DIR> d-------- C:\Program Files\Ahead 2007-12-14 01:50 . 2007-12-14 01:50 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-14 01:50 . 2007-12-14 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-14 01:47 . 2007-12-14 01:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-13 16:51 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-12-13 16:50 . 2007-12-13 16:50 <DIR> d-------- C:\Documents and Settings\milos\Contacts 2007-12-13 16:13 . 2007-12-13 16:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-13 16:03 . 2007-12-13 16:03 <DIR> d-------- C:\Documents and Settings\milos\Application Data\Talkback 2007-12-13 16:03 . 2007-12-13 16:03 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-13 16:02 . 2007-12-13 16:13 <DIR> d-------- C:\Program Files\MSN Messenger 2007-12-13 15:49 . 2007-12-13 17:12 <DIR> d-------- C:\Program Files\Winamp 2007-12-13 15:22 . 2007-12-30 16:35 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-13 15:21 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-13 15:11 . 2007-12-13 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-12 21:22 . 2007-12-12 21:22 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-12 21:22 . 2007-12-12 21:22 270,336 --a------ C:\WINDOWS\system32\imon.dll 2007-12-12 21:21 . 2007-12-12 21:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-12 21:20 . 2007-12-12 21:20 <DIR> d-------- C:\Program Files\VideoLAN 2007-12-12 21:20 . 2007-12-30 22:18 3,573 --a------ C:\WINDOWS\mozver.dat 2007-12-12 21:19 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-12-12 21:18 . 2002-08-29 02:27 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-12-12 21:18 . 2002-08-29 04:40 20,480 --a------ C:\WINDOWS\system32\hidserv.dll 2007-12-12 21:18 . 2002-08-29 02:32 9,856 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-12-12 21:17 . 2001-08-17 13:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-12-12 21:15 . 2008-01-06 19:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-12-12 21:15 . 2007-12-12 20:25 <DIR> dr------- C:\Documents and Settings\All Users\Documents . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 04:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-29 13:10 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-18 06:02 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-12 19:48 --------- d-----w C:\Program Files\VIA Technologies, Inc 2007-12-12 19:39 --------- d-----w C:\Program Files\Analog Devices 2007-12-12 19:29 558,142 ----a-w C:\WINDOWS\java\Packages\TBV7JHJ9.ZIP 2007-12-12 19:29 155,995 ----a-w C:\WINDOWS\java\Packages\USD39ND3.ZIP 2007-12-12 19:29 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 66,056 ----a-w C:\WINDOWS\system32\dxdllreg.exe 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-06_ 3.44.56,65 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-12 19:40:32 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-06 03:51:30 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-12 19:40:32 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-06 03:51:30 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-12 21:22 921600] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-23 16:49 7626752] "nwiz"="nwiz.exe" [2006-06-23 16:49 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-23 16:49 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 04:41 13312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2002-08-29 04:41 13312 --a------ C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Pre.EXE S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\DOCUME~1\milos\LOCALS~1\Temp\RarSFX0\kerneld.wnt [] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-07 02:35:21 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-07 2:35:56 ComboFix-quarantined-files.txt 2008-01-07 01:35:42 ComboFix2.txt 2008-01-06 02:45:30 Dopuna: 07 Jan 2008 2:38 Logfile of HijackThis v1.99.1 Scan saved at 2:36:42, on 7.1.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\milos\Desktop\New Folder\ter.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe a da li se jos pojavljuje , javicu u toku dana pozdrav ! i ako nije problem da mi obajsnis kako si znao sta da se brise . ako jeste nema veze Dopuna: 07 Jan 2008 3:29 ipak se jos pojavljuje .

Profil

dr_Bora Poslao: 07 Jan 2008 09:55 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

atomic Poslao: 07 Jan 2008 22:42 Idi na vrh
offline atomic Građanin Pridružio: 05 Jan 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga ...

Profil

bobby Poslao: 07 Jan 2008 22:43 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To nije SmitFraud. Procitaj sledecu temu: http://www.mycity.rs/Ambulanta/Kako-prepoznati-Messenger-Service-spam-2.html

Profil

MyCity » Ambulanta -> Arhiva Ambulante » smitfraud

Ko je trenutno na forumu

Ukupno su 1025 korisnika na forumu :: 34 registrovanih, 11 sakrivenih i 980 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: alkatraz080, Arsenije, babaroga, bobomicek, Bubimir, Denaya, djboj, Dogma21, Dorcolac, goxin, havoc995, HrcAk47, Insan, ivan979, Kubovac, Marko Marković, menges, Mi lao shu, Milometer, Milos ZA, mkukoleca, nemkea71, RJ, sabac015555m, sevenino, Shinobi, srbijaiznadsvega, Srle993, stegonosa, Trpe Grozni, User98, VJ, vukovi, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by