MyCity » Ambulanta -> Arhiva Ambulante » Antivirus pro 2010

Antivirus pro 2010

Napisano na dan: 7.9.2009

Strana:
1
2
3

Antivirus pro 2010

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Stekss Poslao: 07 Sep 2009 18:13 Idi na vrh
offline Stekss Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao sam fajl

Profil

helen1 Poslao: 07 Sep 2009 22:59 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\sys32_nov.exe c:\documents and settings\Odrzavanje\sys32_nov.exe c:\program files\Common Files\somezyh.exe c:\program files\Common Files\otez.exe c:\program files\Common Files\sasaluko.db c:\program files\Common Files\amihiv.lib c:\program files\Common Files\uvico.lib c:\program files\Common Files\ihuborehyp.dat c:\program files\Common Files\ulusecevak.db c:\program files\settings.dat c:\documents and settings\All Users\Application Data\ocodac.dat Folder:: c:\program files\AntivirusPro_2010 Driver:: iguafxuz Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "sys32_nov"=- "braviax"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "sys32_nov"=- "Antivirus Pro 2010"=- "braviax"=- NetSvc:: iguafxuz Rootkit:: c:\windows\system32\braviax.exe Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Stekss Poslao: 08 Sep 2009 00:00 Idi na vrh
offline Stekss Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-06.04 - Odrzavanje 07.09.2009 23:33.5.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.93 [GMT 2:00] Running from: c:\documents and settings\Odrzavanje\Desktop\1234.exe Command switches used :: c:\documents and settings\Odrzavanje\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe c:\program files\AntivirusPro_2010\AVEngn.dll c:\program files\AntivirusPro_2010\data\daily.cvd c:\program files\AntivirusPro_2010\htmlayout.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntivirusPro_2010\pthreadVC2.dll c:\program files\AntivirusPro_2010\Uninstall.exe c:\program files\AntivirusPro_2010\wscui.cpl c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\dllcache\beep.sys c:\windows\system32\dllcache\figaro.sys c:\windows\system32\drivers\beep.sys . . . is infected!! . . .Failed to restore. Attempting to replace on reboot Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected Restored copy from - c:\system volume information\_restore{6EE2268B-AB94-4A1D-8654-7F7088B2CBF8}\RP2\A0000287.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IGUAFXUZ ((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 ))))))))))))))))))))))))))))))) . 2009-09-07 09:21 . 2009-09-07 21:44 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-07 09:08 . 2009-09-07 14:20 -------- d-s---w- C:\ComboFix 2009-09-02 04:57 . 2009-09-02 04:57 29216 ----a-w- c:\windows\system32\sys32_nov.exe 2009-08-10 12:52 . 2009-08-10 12:52 -------- d-----w- c:\windows\Sun 2009-08-10 12:50 . 2009-08-10 12:50 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-10 12:50 . 2009-08-10 12:50 -------- d-----w- c:\program files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-07 09:28 . 2009-09-07 09:28 14960 ----a-w- c:\documents and settings\All Users\Application Data\ocodac.dat 2009-09-07 07:37 . 2007-05-16 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-05 06:19 . 2008-02-21 07:54 -------- d-----w- c:\program files\FreeCommander 2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\TrebingHimstedt 2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\Common Files\Softing 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\PF_Activation_Tool 2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWGenericFDT 2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudioPB 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Common Files\Pepperl+Fuchs GmbH 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Pepperl+Fuchs 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\OPC Foundation 2009-07-30 11:03 . 2009-07-30 11:00 -------- d-----w- c:\program files\Endress+Hauser 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudio 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWLicServer 2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\_is Common 2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\CodeWrights 2009-07-30 11:01 . 2009-07-30 11:01 86016 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll 2009-07-30 11:01 . 2009-07-30 11:01 225280 ----a-w- c:\windows\system32\IscDbc.dll 2009-07-30 11:01 . 2009-07-30 11:01 200704 ----a-w- c:\windows\system32\OdbcJdbc.dll 2009-07-20 12:26 . 2009-07-20 12:24 -------- d-----w- c:\program files\MSI Card Reader 2009-07-20 12:24 . 2007-05-16 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-20 12:05 . 2009-07-20 12:05 -------- d-----w- c:\program files\MUP RS 2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Common Files\Business Objects 2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Fluke 2009-07-17 11:44 . 2009-07-17 11:44 -------- d-----w- c:\program files\Microsoft SQL Server 2009-07-16 07:52 . 2009-07-16 07:52 -------- d-----w- c:\program files\Compaq 2009-06-03 21:52 . 2009-06-03 21:52 18180 ----a-w- c:\program files\Common Files\somezyh.exe 2009-06-03 21:48 . 2009-06-03 21:48 18084 ----a-w- c:\program files\Common Files\otez.exe 2009-06-03 21:48 . 2009-06-03 21:48 13677 ----a-w- c:\program files\Common Files\sasaluko.db 2009-06-03 15:20 . 2009-06-03 15:20 18732 ----a-w- c:\program files\Common Files\amihiv.lib 2009-06-03 14:31 . 2009-06-03 14:31 19892 ----a-w- c:\program files\Common Files\uvico.lib 2009-06-03 14:31 . 2009-06-03 14:31 13152 ----a-w- c:\program files\Common Files\ihuborehyp.dat 2009-06-03 14:31 . 2009-06-03 14:31 12913 ----a-w- c:\program files\Common Files\ulusecevak.db 2008-03-03 07:05 . 2008-03-03 07:05 14290 ----a-w- c:\program files\settings.dat 2007-06-21 11:33 . 2007-06-21 11:33 35328 ----a-w- c:\program files\winbox.exe 2008-02-02 10:07 . 2008-02-21 11:25 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-02-02 10:07 . 2008-02-21 11:25 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-02-02 10:07 . 2008-02-21 11:25 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-02-02 10:07 . 2008-02-21 11:25 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-02-02 10:07 . 2008-02-21 11:25 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] A058EBADF778FC582FC278BF333870B4 [------] c:\windows\system32\drivers\beep.sys . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-07 21:47 . 2009-09-07 21:47 16384 c:\windows\temp\Perflib_Perfdata_298.dat + 2009-09-07 21:47 . 2009-09-07 21:47 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "FtpDrive"="c:\program files\KillSoft\FtpDrive\FtpDrive.exe" [2006-11-05 300653] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-04-16 172032] "S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-17 110645] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "GatewaySysTray"="c:\program files\3S CoDeSys\GatewayPLC\GatewaySysTray.exe" [2007-12-13 311409] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248] "S3Trayp"="S3Trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-07-11 176128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Procitaj.txt [2009-6-4 199] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"= "c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"= "c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\CoDeSys.exe"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\RepTool.exe"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\IPMCLI.exe"= "c:\\Program Files\\3S CoDeSys\\GatewayPLC\\GatewayService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6160:TCP"= 6160:TCP:Seagull Driver Networking "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [21.7.2005 12:40 622654] R2 CoDeSys Gateway V3;CoDeSys Gateway V3 Version 3.1.3.1;c:\program files\3S CoDeSys\GatewayPLC\GatewayService.exe [13.12.2007 20:43 843897] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [14.1.2008 12:03 30224] R2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [5.12.2008 13:04 192512] R2 MSSQL$FLUKE;MSSQL$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE [?] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064] R2 PROFIbrd;PROFIBUS V5 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIbrd.sys [30.7.2009 13:05 184832] R2 PROFIprt;PROFIBUS Protocol Driver (Softing);c:\windows\system32\drivers\PROFIprt.sys [30.7.2009 13:05 35968] R2 PROFIstack;PROFIBUS V6 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIstack.sys [30.7.2009 13:05 250112] R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [26.7.2004 21:13 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [5.10.2007 11:40 78408] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [5.10.2007 11:51 208968] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [5.10.2007 11:44 194120] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [30.7.2007 12:06 71168] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [31.8.2007 11:32 163840] R2 scpdrv;scpdrv;c:\program files\Common Files\Siemens\SWS\plugins\scp\scpdrv.sys [14.10.2003 2:44 26944] R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [12.9.2006 10:43 659456] S2 CoDeSys SP Win V3;CoDeSys SP Win V3 Version 3.1.3.0;c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe --> c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe [?] S3 AIDA32Driver;AIDA32Driver;\??\e:\ aaaaaaaaaaaa\aida32.sys --> e:\ aaaaaaaaaaaa\aida32.sys [?] S3 IRIMAGER;Fluke Ti30, IR-Imager USB Driver (irimager.sys);c:\windows\system32\drivers\irimager.sys [21.4.2006 16:48 19263] S3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [31.5.2007 13:41 1781248] S3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [31.5.2007 13:41 193536] S3 PROFIpnp;PROFIBUS PnP Hardware Driver (Softing);c:\windows\system32\drivers\PROFIpnp.sys [30.7.2009 13:05 12416] S3 PROFIusb;PROFIusb Device Driver (Softing AG);c:\windows\system32\drivers\PROFIusb.sys [30.7.2009 13:05 30464] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [3.9.2008 20:03 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [3.9.2008 20:03 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18.10.2002 2:34 30512] S3 s7oupc2x;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [28.5.2008 9:55 12333] S3 SQLAgent$FLUKE;SQLAgent$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {C0C53F1F-B894-4187-8C88-E30165556C08} = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Odrzavanje\Application Data\Mozilla\Firefox\Profiles\ydhnp2au.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-09-07 23:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3360) c:\program files\KillSoft\FtpDrive\FtpDrive.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\logonui.exe c:\windows\system32\scardsvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe c:\windows\system32\rdpclip.exe c:\windows\system32\wscntfy.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Common Files\Siemens\SQLANY\dbsrv7.exe . ************************************************************************ . Completion time: 2009-09-07 23:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-07 21:53 ComboFix2.txt 2009-09-07 14:41 ComboFix3.txt 2009-09-07 07:28 ComboFix4.txt 2009-06-03 15:14 Pre-Run: 24.253.829.120 bytes free Post-Run: 24.144.211.968 bytes free 239

Profil

helen1 Poslao: 08 Sep 2009 08:45 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi: c:\windows\system32\drivers\beep.sys preko sledeceg linka: [Link mogu videti samo ulogovani korisnici] Jesi sigurno sve ono sto sam ti napisao da stavis u skriptu i stavio?

Profil

Stekss Poslao: 08 Sep 2009 09:15 Idi na vrh
offline Stekss Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavljen fajl . Sigurno je cela skripta iskopirana. Posle skeniranja vise ne iskace doticni program sada deluje da je ok.

Profil

helen1 Poslao: 08 Sep 2009 09:38 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\program files\Common Files\somezyh.exe c:\program files\Common Files\otez.exe c:\program files\Common Files\sasaluko.db c:\program files\Common Files\amihiv.lib c:\program files\Common Files\uvico.lib c:\program files\Common Files\ihuborehyp.dat c:\program files\Common Files\ulusecevak.db c:\program files\settings.dat c:\documents and settings\All Users\Application Data\ocodac.dat c:\windows\system32\sys32_nov.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Stekss Poslao: 08 Sep 2009 10:44 Idi na vrh
offline Stekss Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-07.03 - Odrzavanje 08.09.2009 10:27.6.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.132 [GMT 2:00] Running from: c:\documents and settings\Odrzavanje\Desktop\1234.exe Command switches used :: c:\documents and settings\Odrzavanje\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\documents and settings\All Users\Application Data\ocodac.dat" "c:\program files\Common Files\amihiv.lib" "c:\program files\Common Files\ihuborehyp.dat" "c:\program files\Common Files\otez.exe" "c:\program files\Common Files\sasaluko.db" "c:\program files\Common Files\somezyh.exe" "c:\program files\Common Files\ulusecevak.db" "c:\program files\Common Files\uvico.lib" "c:\program files\settings.dat" "c:\windows\system32\sys32_nov.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\ocodac.dat c:\program files\Common Files\amihiv.lib c:\program files\Common Files\ihuborehyp.dat c:\program files\Common Files\otez.exe c:\program files\Common Files\sasaluko.db c:\program files\Common Files\somezyh.exe c:\program files\Common Files\ulusecevak.db c:\program files\Common Files\uvico.lib c:\program files\settings.dat . ((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 ))))))))))))))))))))))))))))))) . 2009-09-08 06:59 . 2009-09-08 06:59 -------- d-----w- c:\documents and settings\Odrzavanje\Local Settings\Application Data\ESET 2009-09-08 06:49 . 2009-09-08 06:49 -------- d-----w- c:\windows\LastGood 2009-09-08 06:48 . 2009-09-08 06:48 -------- d-----w- c:\program files\ESET 2009-09-08 06:48 . 2009-09-08 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-09-08 06:48 . 2009-09-08 06:48 290816 ----a-w- c:\windows\einstaller.exe 2009-09-07 09:21 . 2009-09-07 21:44 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-07 09:08 . 2009-09-07 14:20 -------- d-s---w- C:\ComboFix 2009-08-10 12:52 . 2009-08-10 12:52 -------- d-----w- c:\windows\Sun 2009-08-10 12:50 . 2009-08-10 12:50 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-10 12:50 . 2009-08-10 12:50 -------- d-----w- c:\program files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-07 07:37 . 2007-05-16 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-05 06:19 . 2008-02-21 07:54 -------- d-----w- c:\program files\FreeCommander 2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\TrebingHimstedt 2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\Common Files\Softing 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\PF_Activation_Tool 2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWGenericFDT 2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudioPB 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Common Files\Pepperl+Fuchs GmbH 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Pepperl+Fuchs 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\OPC Foundation 2009-07-30 11:03 . 2009-07-30 11:00 -------- d-----w- c:\program files\Endress+Hauser 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudio 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWLicServer 2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\_is Common 2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\CodeWrights 2009-07-30 11:01 . 2009-07-30 11:01 86016 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll 2009-07-30 11:01 . 2009-07-30 11:01 225280 ----a-w- c:\windows\system32\IscDbc.dll 2009-07-30 11:01 . 2009-07-30 11:01 200704 ----a-w- c:\windows\system32\OdbcJdbc.dll 2009-07-20 12:26 . 2009-07-20 12:24 -------- d-----w- c:\program files\MSI Card Reader 2009-07-20 12:24 . 2007-05-16 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-20 12:05 . 2009-07-20 12:05 -------- d-----w- c:\program files\MUP RS 2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Common Files\Business Objects 2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Fluke 2009-07-17 11:44 . 2009-07-17 11:44 -------- d-----w- c:\program files\Microsoft SQL Server 2009-07-16 07:52 . 2009-07-16 07:52 -------- d-----w- c:\program files\Compaq 2007-06-21 11:33 . 2007-06-21 11:33 35328 ----a-w- c:\program files\winbox.exe 2008-02-02 10:07 . 2008-02-21 11:25 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-02-02 10:07 . 2008-02-21 11:25 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-02-02 10:07 . 2008-02-21 11:25 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-02-02 10:07 . 2008-02-21 11:25 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-02-02 10:07 . 2008-02-21 11:25 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2009-09-07 21:44 . A058EBADF778FC582FC278BF333870B4 . 4224 . . [------] . . c:\windows\system32\drivers\beep.sys . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-08 04:52 . 2009-09-08 04:52 16384 c:\windows\temp\Perflib_Perfdata_298.dat + 2009-05-14 13:49 . 2009-05-14 13:49 94360 c:\windows\system32\drivers\epfwtdir.sys + 2009-09-08 06:49 . 2009-09-08 06:49 10134 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\callmsi.exe + 2009-05-14 13:47 . 2009-05-14 13:47 107256 c:\windows\system32\drivers\ehdrv.sys + 2009-05-14 13:41 . 2009-05-14 13:41 114472 c:\windows\system32\drivers\eamon.sys + 2009-09-08 06:49 . 2009-09-08 06:49 101480 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\egui.exe + 2009-09-08 06:49 . 2009-09-08 06:49 1131520 c:\windows\Installer\6a7c84.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "FtpDrive"="c:\program files\KillSoft\FtpDrive\FtpDrive.exe" [2006-11-05 300653] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-04-16 172032] "S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-17 110645] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "GatewaySysTray"="c:\program files\3S CoDeSys\GatewayPLC\GatewaySysTray.exe" [2007-12-13 311409] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248] "S3Trayp"="S3Trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-07-11 176128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Procitaj.txt [2009-6-4 199] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"= "c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"= "c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\CoDeSys.exe"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\RepTool.exe"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\IPMCLI.exe"= "c:\\Program Files\\3S CoDeSys\\GatewayPLC\\GatewayService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6160:TCP"= 6160:TCP:Seagull Driver Networking "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [21.7.2005 12:40 622654] R2 CoDeSys Gateway V3;CoDeSys Gateway V3 Version 3.1.3.1;c:\program files\3S CoDeSys\GatewayPLC\GatewayService.exe [13.12.2007 20:43 843897] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [14.1.2008 12:03 30224] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [5.12.2008 13:04 192512] R2 MSSQL$FLUKE;MSSQL$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE [?] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064] R2 PROFIbrd;PROFIBUS V5 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIbrd.sys [30.7.2009 13:05 184832] R2 PROFIprt;PROFIBUS Protocol Driver (Softing);c:\windows\system32\drivers\PROFIprt.sys [30.7.2009 13:05 35968] R2 PROFIstack;PROFIBUS V6 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIstack.sys [30.7.2009 13:05 250112] R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [26.7.2004 21:13 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [5.10.2007 11:40 78408] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [5.10.2007 11:51 208968] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [5.10.2007 11:44 194120] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [30.7.2007 12:06 71168] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [31.8.2007 11:32 163840] R2 scpdrv;scpdrv;c:\program files\Common Files\Siemens\SWS\plugins\scp\scpdrv.sys [14.10.2003 2:44 26944] R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [12.9.2006 10:43 659456] S2 CoDeSys SP Win V3;CoDeSys SP Win V3 Version 3.1.3.0;c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe --> c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe [?] S3 AIDA32Driver;AIDA32Driver;\??\e:\ aaaaaaaaaaaa\aida32.sys --> e:\ aaaaaaaaaaaa\aida32.sys [?] S3 IRIMAGER;Fluke Ti30, IR-Imager USB Driver (irimager.sys);c:\windows\system32\drivers\irimager.sys [21.4.2006 16:48 19263] S3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [31.5.2007 13:41 1781248] S3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [31.5.2007 13:41 193536] S3 PROFIpnp;PROFIBUS PnP Hardware Driver (Softing);c:\windows\system32\drivers\PROFIpnp.sys [30.7.2009 13:05 12416] S3 PROFIusb;PROFIusb Device Driver (Softing AG);c:\windows\system32\drivers\PROFIusb.sys [30.7.2009 13:05 30464] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [3.9.2008 20:03 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [3.9.2008 20:03 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18.10.2002 2:34 30512] S3 s7oupc2x;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [28.5.2008 9:55 12333] S3 SQLAgent$FLUKE;SQLAgent$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE [?] --- Other Services/Drivers In Memory --- NewlyCreated - EAMON NewlyCreated - EHDRV NewlyCreated - EKRN NewlyCreated - EPFWTDIR [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {C0C53F1F-B894-4187-8C88-E30165556C08} = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Odrzavanje\Application Data\Mozilla\Firefox\Profiles\ydhnp2au.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-09-08 10:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2009-09-08 10:37 ComboFix-quarantined-files.txt 2009-09-08 08:37 ComboFix2.txt 2009-09-07 21:53 ComboFix3.txt 2009-09-07 14:41 ComboFix4.txt 2009-09-07 07:28 ComboFix5.txt 2009-09-08 08:26 Pre-Run: 24.046.907.392 bytes free Post-Run: 24.005.828.608 bytes free 222

Profil

helen1 Poslao: 08 Sep 2009 16:53 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini sledeći file na Desktop: [Link mogu videti samo ulogovani korisnici] Klikni Start, Run; u liniju za unos teksta iskopiraj: "%userprofile%\Desktop\UnKillMe.exe" C:\WINDOWS\system32\drivers\beep.sys i klikni OK. Prozor koji će se otvoriti možeš zatvoriti klikom na njega, a zatim dvoklikom pokreni ComboFix i postavi ovde log koji dobiješ.

Profil

Stekss Poslao: 08 Sep 2009 18:03 Idi na vrh
offline Stekss Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-07.05 - Odrzavanje 08.09.2009 17:45.7.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.190 [GMT 2:00] Running from: c:\documents and settings\Odrzavanje\Desktop\1234.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 ))))))))))))))))))))))))))))))) . 2009-09-08 15:27 . 2002-08-29 12:00 4224 ----a-w- C:\beep.sys 2009-09-08 12:25 . 2009-09-08 12:25 100352 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-08 06:59 . 2009-09-08 06:59 -------- d-----w- c:\documents and settings\Odrzavanje\Local Settings\Application Data\ESET 2009-09-08 06:48 . 2009-09-08 06:48 -------- d-----w- c:\program files\ESET 2009-09-08 06:48 . 2009-09-08 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-09-07 09:21 . 2009-09-08 15:38 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-09-07 09:21 . 2009-09-08 15:38 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-07 09:08 . 2009-09-07 14:20 -------- d-----w- C:\ComboFix 2009-08-10 12:52 . 2009-08-10 12:52 -------- d-----w- c:\windows\Sun 2009-08-10 12:50 . 2009-08-10 12:50 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-10 12:50 . 2009-08-10 12:50 -------- d-----w- c:\program files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-08 12:13 . 2008-11-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-09-07 07:37 . 2007-05-16 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-05 06:19 . 2008-02-21 07:54 -------- d-----w- c:\program files\FreeCommander 2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\TrebingHimstedt 2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\Common Files\Softing 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\PF_Activation_Tool 2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWGenericFDT 2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudioPB 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Common Files\Pepperl+Fuchs GmbH 2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Pepperl+Fuchs 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\OPC Foundation 2009-07-30 11:03 . 2009-07-30 11:00 -------- d-----w- c:\program files\Endress+Hauser 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudio 2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWLicServer 2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\_is Common 2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\CodeWrights 2009-07-30 11:01 . 2009-07-30 11:01 86016 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll 2009-07-30 11:01 . 2009-07-30 11:01 225280 ----a-w- c:\windows\system32\IscDbc.dll 2009-07-30 11:01 . 2009-07-30 11:01 200704 ----a-w- c:\windows\system32\OdbcJdbc.dll 2009-07-20 12:26 . 2009-07-20 12:24 -------- d-----w- c:\program files\MSI Card Reader 2009-07-20 12:24 . 2007-05-16 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-20 12:05 . 2009-07-20 12:05 -------- d-----w- c:\program files\MUP RS 2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Common Files\Business Objects 2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Fluke 2009-07-17 11:44 . 2009-07-17 11:44 -------- d-----w- c:\program files\Microsoft SQL Server 2009-07-16 07:52 . 2009-07-16 07:52 -------- d-----w- c:\program files\Compaq 2007-06-21 11:33 . 2007-06-21 11:33 35328 ----a-w- c:\program files\winbox.exe 2008-02-02 10:07 . 2008-02-21 11:25 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-02-02 10:07 . 2008-02-21 11:25 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-02-02 10:07 . 2008-02-21 11:25 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-02-02 10:07 . 2008-02-21 11:25 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-02-02 10:07 . 2008-02-21 11:25 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-08 15:24 . 2009-09-08 15:24 16384 c:\windows\temp\Perflib_Perfdata_274.dat + 2009-05-14 13:49 . 2009-05-14 13:49 94360 c:\windows\system32\drivers\epfwtdir.sys + 2009-09-08 06:49 . 2009-09-08 06:49 10134 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\callmsi.exe + 2009-05-14 13:47 . 2009-05-14 13:47 107256 c:\windows\system32\drivers\ehdrv.sys + 2009-05-14 13:41 . 2009-05-14 13:41 114472 c:\windows\system32\drivers\eamon.sys + 2009-09-08 06:49 . 2009-09-08 06:49 101480 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\egui.exe + 2009-09-08 06:49 . 2009-09-08 06:49 1131520 c:\windows\Installer\6a7c84.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "FtpDrive"="c:\program files\KillSoft\FtpDrive\FtpDrive.exe" [2006-11-05 300653] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-04-16 172032] "S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-17 110645] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "GatewaySysTray"="c:\program files\3S CoDeSys\GatewayPLC\GatewaySysTray.exe" [2007-12-13 311409] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248] "S3Trayp"="S3Trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-07-11 176128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"= "c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"= "c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\CoDeSys.exe"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\RepTool.exe"= "c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\IPMCLI.exe"= "c:\\Program Files\\3S CoDeSys\\GatewayPLC\\GatewayService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6160:TCP"= 6160:TCP:Seagull Driver Networking "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "2221:TCP"= 2221:TCP:Nod "2222:TCP"= 2222:TCP:Nod1 "2224:TCP"= 2224:TCP:Nod R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [21.7.2005 12:40 622654] R2 CoDeSys Gateway V3;CoDeSys Gateway V3 Version 3.1.3.1;c:\program files\3S CoDeSys\GatewayPLC\GatewayService.exe [13.12.2007 20:43 843897] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [14.1.2008 12:03 30224] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [5.12.2008 13:04 192512] R2 MSSQL$FLUKE;MSSQL$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE [?] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064] R2 PROFIbrd;PROFIBUS V5 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIbrd.sys [30.7.2009 13:05 184832] R2 PROFIprt;PROFIBUS Protocol Driver (Softing);c:\windows\system32\drivers\PROFIprt.sys [30.7.2009 13:05 35968] R2 PROFIstack;PROFIBUS V6 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIstack.sys [30.7.2009 13:05 250112] R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [26.7.2004 21:13 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [5.10.2007 11:40 78408] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [5.10.2007 11:51 208968] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [5.10.2007 11:44 194120] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [30.7.2007 12:06 71168] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [31.8.2007 11:32 163840] R2 scpdrv;scpdrv;c:\program files\Common Files\Siemens\SWS\plugins\scp\scpdrv.sys [14.10.2003 2:44 26944] R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [12.9.2006 10:43 659456] S2 CoDeSys SP Win V3;CoDeSys SP Win V3 Version 3.1.3.0;c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe --> c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe [?] S3 AIDA32Driver;AIDA32Driver;\??\e:\ aaaaaaaaaaaa\aida32.sys --> e:\ aaaaaaaaaaaa\aida32.sys [?] S3 IRIMAGER;Fluke Ti30, IR-Imager USB Driver (irimager.sys);c:\windows\system32\drivers\irimager.sys [21.4.2006 16:48 19263] S3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [31.5.2007 13:41 1781248] S3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [31.5.2007 13:41 193536] S3 PROFIpnp;PROFIBUS PnP Hardware Driver (Softing);c:\windows\system32\drivers\PROFIpnp.sys [30.7.2009 13:05 12416] S3 PROFIusb;PROFIusb Device Driver (Softing AG);c:\windows\system32\drivers\PROFIusb.sys [30.7.2009 13:05 30464] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [3.9.2008 20:03 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [3.9.2008 20:03 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18.10.2002 2:34 30512] S3 s7oupc2x;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [28.5.2008 9:55 12333] S3 SQLAgent$FLUKE;SQLAgent$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {C0C53F1F-B894-4187-8C88-E30165556C08} = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Odrzavanje\Application Data\Mozilla\Firefox\Profiles\ydhnp2au.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-09-08 17:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3296) c:\program files\KillSoft\FtpDrive\FtpDrive.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-09-08 17:56 ComboFix-quarantined-files.txt 2009-09-08 15:56 ComboFix2.txt 2009-09-08 08:37 ComboFix3.txt 2009-09-07 21:53 ComboFix4.txt 2009-09-07 14:41 ComboFix5.txt 2009-09-08 15:44 Pre-Run: 24.001.388.544 bytes free Post-Run: 23.975.055.360 bytes free 197

Profil

helen1 Poslao: 08 Sep 2009 19:33 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipuj/raruj pa mi uploaduj: C:\Qoobox\Quarantine preko: [Link mogu videti samo ulogovani korisnici]

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Antivirus pro 2010

Ko je trenutno na forumu

Ukupno su 856 korisnika na forumu :: 12 registrovanih, 0 sakrivenih i 844 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 33 bren, 4thFlavian, comi, dearg, dok80, Heisenberg99, ISOF, KonstantinR, Koridor, Motocar, PrincipL, Tas011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by