MyCity » Ambulanta -> Arhiva Ambulante » Malwarei na čistom Win-u

Malwarei na čistom Win-u

Napisano na dan: 19.10.2008

Strana:
1
2

Malwarei na čistom Win-u

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Rumba King Poslao: 19 Okt 2008 01:44 Idi na vrh
offline Rumba King Super građanin Pridružio: 03 Maj 2005 Poruke: 1298 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Juče su me napali virusi i trojanci i pregazio sam particiju sa Acronis imageom (koji je sigurno čist). Sada mi sve lepo radi ali imam neke programe koji se dižu sa Win-om i koje ne mogu da isključim sa WinTools ili Tune Up-om.Konkretno ova četiri obeležena: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:26:50, on 19-Oct-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svdhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Bojan\Desktop\New Folder\TR3.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdqda.exe] C:\WINDOWS\system32\kdqda.exe O4 - HKLM\..\Run: [Windows Sound] svdhost.exe O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{4A24532D-E9A2-4DD1-BEB5-3E5C8C4F66DA}: NameServer = 85.255.112.113;85.255.112.73 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 4386 bytes

Profil

bobby Poslao: 19 Okt 2008 02:19 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Rumba King Poslao: 19 Okt 2008 02:40 Idi na vrh
offline Rumba King Super građanin Pridružio: 03 Maj 2005 Poruke: 1298 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-18.03 - Bojan 2008-10-19 2:25:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.468 [GMT 2:00] Running from: C:\Documents and Settings\Bojan\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\resycled C:\resycled\boot.com C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\kdqda.exe C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\svdhost.exe C:\WINDOWS\system32\wpcap.dll D:\Autorun.inf E:\Autorun.inf H:\Autorun.inf I:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 01:02 . 2008-10-19 01:13 <DIR> d-------- C:\Program Files\Exterminate It! 2008-10-19 00:01 . 2008-10-19 00:01 <DIR> d-------- C:\Program Files\Godlike Developers 2008-10-18 23:53 . 2008-10-18 23:53 <DIR> d-------- C:\Program Files\VirtualDJ 2008-10-18 23:49 . 2008-10-18 23:51 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-10-18 23:49 . 2008-10-18 23:49 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-10-18 23:49 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-10-18 23:47 . 2008-10-19 00:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-18 23:42 . 2008-10-18 23:42 <DIR> d-------- C:\Program Files\FastStone Image Viewer 2008-10-18 23:39 . 2008-10-18 23:39 <DIR> d-------- C:\Program Files\illiminable 2008-10-18 23:39 . 2008-10-18 23:39 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\vlc 2008-10-18 23:38 . 2008-10-18 23:38 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-18 23:34 . 2008-10-18 23:34 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-18 23:34 . 2008-10-18 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-18 23:29 . 2008-10-18 23:29 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-10-18 22:51 . 2008-10-18 22:51 <DIR> d-------- C:\Program Files\Opera 2008-10-18 19:55 . 2008-10-18 19:55 <DIR> d-------- C:\PROGRAMI BEZ INSTALACIJE 2008-10-18 19:00 . 2008-10-18 19:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-10-18 18:35 . 2008-10-18 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI 2008-10-18 18:13 . 2008-10-18 18:13 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-10-18 18:12 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-18 18:07 . 2008-10-18 18:08 <DIR> d-------- C:\totalcmd 2008-10-18 18:07 . 2008-10-19 00:22 611 --a------ C:\WINDOWS\wincmd.ini 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 21:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-18 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\Bojan\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-06-24 1642496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuPinnedList"= 0 (0x0) "NoStartMenuMFUprogramsList"= 1 (0x1) "NoUserNameInStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinters"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "C:\WINDOWS\system32\kdqda.exe"=C:\WINDOWS\system32\kdqda.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 349056] R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 24608] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-18 306432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-10-18 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17] . - - - - ORPHANS REMOVED - - - - HKLM-Run-C:\WINDOWS\system32\kdqda.exe - C:\WINDOWS\system32\kdqda.exe . ------- Supplementary Scan ------- . O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 02:32:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-10-19 2:36:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-19 00:36:12 Pre-Run: 15,420,416,000 bytes free Post-Run: 15,363,747,840 bytes free 150

Profil

bobby Poslao: 19 Okt 2008 08:57 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidi sada da li ih jos ima na toj listi u programu ciji si screenshot postavio na pocetku. Nakon toga, zamolio bih te da spakujes u jedan ZIP ceo folder c:\qoobox i da mi ga posaljes preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Nakon toga, mozes uraditi deinstalaciju ComboFixa: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

Rumba King Poslao: 19 Okt 2008 15:33 Idi na vrh
offline Rumba King Super građanin Pridružio: 03 Maj 2005 Poruke: 1298 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslao sam c:\qoobox. Imam jedan i dalje u listi, dva su nestala + pojavio se još jedan.Evo: I pojavilo se ovo u C: I hoće da mi krči flopi drajv a prazan je (mislim da on krči). Da li da deinstaliram ComboFix kao što si rekao ili da sačekam?

Profil

bobby Poslao: 19 Okt 2008 17:15 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izgleda da moramo da ga ubijemo u jednom dahu. To znaci, ti danas postavis ComboFix log i ne gasis komp dok ti ne postavim skriptu. Izgleda da to cudo non-stop skida nove fajlove sa neta, a najverovatnije ih pokrece kod novog startovanja Windowsa. Ja cu od sada, pa do kasno veceras biti kraj kompa, pa ti izvoli postavi ComboFix log kad mozes.

Profil

Rumba King Poslao: 20 Okt 2008 03:09 Idi na vrh
offline Rumba King Super građanin Pridružio: 03 Maj 2005 Poruke: 1298 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-18.03 - Bojan 2008-10-20 1:03:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.521 [GMT 2:00] Running from: C:\Documents and Settings\Bojan\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\resycled C:\resycled\boot.com C:\WINDOWS\system32\kdyqq.exe D:\Autorun.inf E:\Autorun.inf H:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 03:59 . 2008-10-19 03:59 86,514 --a------ C:\Setup_ver1.1779.2.exe 2008-10-19 03:59 . 2008-10-19 03:59 46,130 --a------ C:\Autorun.exe 2008-10-19 01:02 . 2008-10-19 05:06 <DIR> d-------- C:\Program Files\Exterminate It! 2008-10-19 00:01 . 2008-10-19 00:01 <DIR> d-------- C:\Program Files\Godlike Developers 2008-10-18 23:53 . 2008-10-18 23:53 <DIR> d-------- C:\Program Files\VirtualDJ 2008-10-18 23:49 . 2008-10-18 23:51 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-10-18 23:49 . 2008-10-18 23:49 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-10-18 23:49 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-10-18 23:47 . 2008-10-19 00:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-18 23:42 . 2008-10-18 23:42 <DIR> d-------- C:\Program Files\FastStone Image Viewer 2008-10-18 23:39 . 2008-10-18 23:39 <DIR> d-------- C:\Program Files\illiminable 2008-10-18 23:39 . 2008-10-18 23:39 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\vlc 2008-10-18 23:38 . 2008-10-18 23:38 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-18 23:34 . 2008-10-18 23:34 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-18 23:34 . 2008-10-18 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-18 23:29 . 2008-10-18 23:29 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-10-18 22:51 . 2008-10-18 22:51 <DIR> d-------- C:\Program Files\Opera 2008-10-18 19:55 . 2008-10-18 19:55 <DIR> d-------- C:\PROGRAMI BEZ INSTALACIJE 2008-10-18 19:00 . 2008-10-18 19:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-10-18 18:35 . 2008-10-18 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI 2008-10-18 18:13 . 2008-10-18 18:13 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-10-18 18:12 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-18 18:07 . 2008-10-18 18:08 <DIR> d-------- C:\totalcmd 2008-10-18 18:07 . 2008-10-19 00:22 611 --a------ C:\WINDOWS\wincmd.ini 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 21:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-18 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\Bojan\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-06-24 1642496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoSecCpl"= 0 (0x0) "DisableChangePassword"= 0 (0x0) "DisableLockWorkstation"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuPinnedList"= 0 (0x0) "NoStartMenuMFUprogramsList"= 1 (0x1) "NoUserNameInStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinters"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "C:\WINDOWS\system32\kdqda.exe"=C:\WINDOWS\system32\kdqda.exe "MsUpdate"=C:\Setup_ver1.1779.2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 349056] R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 24608] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-18 306432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-10-18 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17] . - - - - ORPHANS REMOVED - - - - HKLM-Run-C:\WINDOWS\system32\kdyqq.exe - C:\WINDOWS\system32\kdyqq.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 01:10:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe . ************************************************************************ . Completion time: 2008-10-20 1:12:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-19 23:12:55 Pre-Run: 15,313,641,472 bytes free Post-Run: 15,307,898,880 bytes free 145 Dopuna: 20 Okt 2008 1:19 Izvini što kasnim, sad sam stigao kući. Neću gasiti komp dok ne postaviš skriptu, pa makar radio celu noć - nije mu prvi put. Dopuna: 20 Okt 2008 3:09 Potrudio sam se da nađem kako sam se zarazio.Mada ne postoji RapidShare link više sa kojeg sam ja skinuo program ali sam ga skinuo sa MegaUplouda. Mali programčić je u pitanju ali neću da kačim ovde link nego ako Vam nešto znači uploudovao bi vam gde kažete.Ima 1MB, neki audio konverter.

Profil

bobby Poslao: 20 Okt 2008 08:28 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Znaci puno taj fajl. Uploaduj ga preko one nase forme za upload: http://www.mycity.rs/ambulanta-upload.php 1. Idi na Start > Run i kucaj services.msc. Klikni OK. Nadji na listi servis Printer spooler. Klikni desno dugme na njega i odaberi Stop. Time smo zaustavili servis zaduzen za rad sa stampacima, posto je infekcija ucitana pod tim servisom. 2. Ukoliko imas ruter ili modem koji se podesava, udji u podesavanja i podesi da adrese DNS servera skida preko DHCP-a (od provajdera). Naime, trenutno su svi DNS upiti usmereni preko nekog malicioznog DNS servera u Ukrajini, i cim pristupis bilo kom sajtu, taj server ti vraca stranice koje ti ubacuju nove zaraze. Znaci, iskopiraj negde ovo uputstvo, i nemoj pristupati netu dok ne uradis sve sto pise u uputstvu. Kada sredis ruter ili modem (sta vec imas), onda idi u podesavanja mrezne konekcije preko koje ti je komp povezan na ruter/modem. Isto podesi da DNS servere postavlja automatski. Onda idi na Start > Run pa ukucaj CMD i klikni OK. U konzoli koja ce da se otvori ukucaj IPCONFIG /FLUSHDNS Pokreni HijackThis i uveri se da nema vise sledece linije u logu: O17 - HKLM\System\CCS\Services\Tcpip\..\{4A24532D-E9A2-4DD1-BEB5-3E5C8C4F66DA}: NameServer = 85.255.112.113;85.255.112.73 Dokle god postoji ta linija, tebi DNS upiti idu preko malicioznog servera. 3. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Setup_ver1.1779.2.exe C:\Autorun.exe C:\WINDOWS\system32\kdqda.exe Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "C:\WINDOWS\system32\kdqda.exe"=- "MsUpdate"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. 4. Preuzmi program ATF Cleaner i sačuvaj ga na Desktop. Štikliraj Select All i nakon toga klikni na Empty Selected. Kada se pojavi poruka Done Cleaning, zatvori program.

Profil

Rumba King Poslao: 20 Okt 2008 09:59 Idi na vrh
offline Rumba King Super građanin Pridružio: 03 Maj 2005 Poruke: 1298 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslao sam onaj program.Imam telekomov adsl, jel tu smem da diram podesavanja modema posto nisam nikad nista podesavao, sve je bilo vec automatski podeseno?I kako da udjem u podesavanja modema?Na poslu sam nesto stelovao kada nam nije radio net ali me je navodio operator iz podrske korisnicima pa je bilo lako. Dopuna: 20 Okt 2008 9:50 ComboFix 08-10-18.03 - Bojan 2008-10-20 9:39:58.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.516 [GMT 2:00] Running from: C:\Documents and Settings\Bojan\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Bojan\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Autorun.exe C:\Setup_ver1.1779.2.exe C:\WINDOWS\system32\kdqda.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.exe C:\Setup_ver1.1779.2.exe . ((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 ))))))))))))))))))))))))))))))) . 2008-10-19 01:02 . 2008-10-19 05:06 <DIR> d-------- C:\Program Files\Exterminate It! 2008-10-19 00:01 . 2008-10-19 00:01 <DIR> d-------- C:\Program Files\Godlike Developers 2008-10-18 23:53 . 2008-10-18 23:53 <DIR> d-------- C:\Program Files\VirtualDJ 2008-10-18 23:49 . 2008-10-18 23:51 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-10-18 23:49 . 2008-10-18 23:49 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-10-18 23:49 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-10-18 23:47 . 2008-10-19 00:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-18 23:42 . 2008-10-18 23:42 <DIR> d-------- C:\Program Files\FastStone Image Viewer 2008-10-18 23:39 . 2008-10-18 23:39 <DIR> d-------- C:\Program Files\illiminable 2008-10-18 23:39 . 2008-10-18 23:39 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\vlc 2008-10-18 23:38 . 2008-10-18 23:38 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-18 23:34 . 2008-10-18 23:34 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-18 23:34 . 2008-10-18 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-18 23:29 . 2008-10-18 23:29 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-10-18 22:51 . 2008-10-18 22:51 <DIR> d-------- C:\Program Files\Opera 2008-10-18 19:55 . 2008-10-18 19:55 <DIR> d-------- C:\PROGRAMI BEZ INSTALACIJE 2008-10-18 19:00 . 2008-10-18 19:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-10-18 18:35 . 2008-10-18 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI 2008-10-18 18:13 . 2008-10-18 18:13 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-10-18 18:12 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-18 18:07 . 2008-10-18 18:08 <DIR> d-------- C:\totalcmd 2008-10-18 18:07 . 2008-10-19 00:22 611 --a------ C:\WINDOWS\wincmd.ini 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-10-18 18:07 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 21:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-18 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\Bojan\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-06-24 1642496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoSecCpl"= 0 (0x0) "DisableChangePassword"= 0 (0x0) "DisableLockWorkstation"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuPinnedList"= 0 (0x0) "NoStartMenuMFUprogramsList"= 1 (0x1) "NoUserNameInStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinters"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "C:\WINDOWS\system32\kdqda.exe"=C:\WINDOWS\system32\kdqda.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 349056] R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 24608] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-18 306432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-10-18 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 09:42:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe . ************************************************************************ . Completion time: 2008-10-20 9:44:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-20 07:44:43 ComboFix2.txt 2008-10-19 23:12:59 Pre-Run: 15,269,330,944 bytes free Post-Run: 15,260,151,808 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 142 Dopuna: 20 Okt 2008 9:55 Evo i Hijack This log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:51:08, on 20-Oct-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Bojan\Desktop\New Folder\TR3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 4174 bytes Dopuna: 20 Okt 2008 9:59 Ove linije nema vise O17 - HKLM\System\CCS\Services\Tcpip\..\{4A24532D-E9A2-4DD1-BEB5-3E5C8C4F66DA}: NameServer = 85.255.112.113;85.255.112.73 Ja sad moram na posao, ti napisi ako ima jos nesto, pozz

Profil

bobby Poslao: 20 Okt 2008 10:05 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trebace mi opet i folder C:\Qoobox\Quarantine na upload, da bi poslao u AV laboratorije. To kad stignes, nije hitno. Postavi veceras novi log, da se uverimo da se infekcija nije vratila. Dopuna: 20 Okt 2008 10:05 Daj mi password za onaj RAR sto si uploadovao. Posalji na PP.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Malwarei na čistom Win-u

Ko je trenutno na forumu

Ukupno su 1011 korisnika na forumu :: 32 registrovanih, 7 sakrivenih i 972 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, bokisha253, CikaKURE, colji, darkangel, djboj, Dorcolac, Dovla, Frunze, Haris, Kibice, kolle.the.kid, krkalon, laki_bb, LastTsar, Milija.00, milutin134, moldway, nemkea71, ObelixSRB, opt1, Panter, puki123, Sirius, Srle993, stegonosa, TBF1D, Vlada1389, vladaa012, wolf431, Yellow Pinky, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by