MyCity » Ambulanta -> Arhiva Ambulante » Moj log kostolac

Moj log kostolac

Napisano na dan: 3.2.2008

Strana:
1
2

Moj log kostolac

Sledeća strana

Pagination

Odgovori

Strana:
1
2

kostolac Poslao: 03 Feb 2008 12:39 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 12:34:50, on 3.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\AdministratoriNET\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogodak.rs/ F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021408 serial=DR12WNG-0249275-TMV lang=EN O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: ProjectWhois.lnk = C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 10.88.0.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 10.88.0.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 10.88.0.5 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

Profil

bobby Poslao: 03 Feb 2008 13:11 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

kostolac Poslao: 03 Feb 2008 14:23 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-02.03.1 - AdministratoriNET 2008-02-03 14:13:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.271 [GMT 1:00] Running from: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (2)\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\install.exe . ((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))) . 2008-02-02 15:07 . 2008-02-02 15:07 <DIR> d-------- C:\Program Files\Acunetix 2008-02-02 15:06 . 2008-02-02 15:07 810 --a------ C:\WINDOWS\WVS_InstDBLogFile.csv 2008-02-02 15:06 . 2008-02-02 15:06 16 --a------ C:\WINDOWS\system32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193} 2008-01-26 23:17 . 2008-01-26 23:17 <DIR> d-------- C:\Program Files\FLV Player 2008-01-26 19:45 . 2008-01-26 19:45 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-01-26 19:45 . 2008-01-26 20:04 <DIR> d-------- C:\Program Files\AAA Photo Album 2008-01-19 18:41 . 2008-01-19 18:42 <DIR> d-------- C:\wamp 2008-01-15 07:06 . 2008-01-15 07:06 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\Corel 2008-01-15 07:06 . 2008-01-15 07:12 394 --a------ C:\WINDOWS\capture.ini 2008-01-15 07:05 . 2008-01-15 07:05 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-01-15 07:04 . 2008-01-15 07:04 <DIR> d-------- C:\Program Files\Corel 2008-01-14 21:25 . 2008-01-14 21:26 <DIR> d-------- C:\Program Files\WebShot 2008-01-06 13:59 . 2008-01-06 13:59 <DIR> d-a------ C:\txt_report 2008-01-06 13:19 . 2008-01-06 13:19 <DIR> d-------- C:\Program Files\IDM Computer Solutions 2008-01-06 13:19 . 2008-01-06 13:19 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\IDMComp 2008-01-06 11:42 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-01-06 11:42 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-01-05 23:15 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-01-05 23:15 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-01-05 23:15 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2008-01-05 23:15 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys 2008-01-05 22:35 . 2008-01-05 22:35 45,056 --a------ C:\WINDOWS\NCUNINST.EXE 2008-01-05 22:33 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys 2008-01-05 22:33 . 2004-08-03 22:58 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys 2008-01-05 22:33 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys 2008-01-05 22:33 . 2001-08-17 13:47 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys 2008-01-05 22:33 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys 2008-01-05 22:33 . 2001-08-17 13:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys 2008-01-05 22:32 . 2008-01-05 22:32 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-01-05 22:30 . 2008-01-05 22:35 248,866 --a------ C:\WINDOWS\hplj1010.his 2008-01-05 22:30 . 2008-01-05 22:35 17,968 --a------ C:\WINDOWS\hplj1010.ini 2008-01-05 22:27 . 2008-01-05 22:27 <DIR> d-------- C:\Program Files\Common Files\SWF Studio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-02 07:32 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Skype 2008-02-02 07:09 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\skypePM 2008-01-30 23:45 --------- d-----w C:\Program Files\Trillian 2008-01-15 06:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-15 06:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-13 15:32 --------- d-----w C:\Program Files\BitComet 2008-01-05 21:55 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-02 20:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-02 20:41 --------- d-----w C:\Program Files\Skype 2008-01-02 20:41 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-02 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-30 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2007-12-30 21:11 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Autodesk 2007-12-30 20:42 --------- d-----w C:\Program Files\UltraISO 2007-12-30 20:42 --------- d-----w C:\Program Files\Common Files\EZB Systems 2007-12-24 05:52 --------- d-----w C:\Program Files\Mv2Player 2007-12-24 00:25 --------- d-----w C:\Program Files\XviD 2007-12-24 00:25 --------- d-----w C:\Program Files\DivX 2007-12-24 00:24 --------- d-----w C:\Program Files\Microsoft Calculator Plus 2007-12-16 14:21 --------- d-----w C:\Program Files\Domain Tools 2007-12-16 13:38 --------- d-----w C:\Program Files\Lavalys 2007-12-16 13:36 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Lavasoft 2007-12-16 12:56 --------- d-----w C:\Program Files\MSN Messenger 2007-12-16 12:53 --------- d-----w C:\Program Files\Google 2007-12-16 12:49 --------- d-----w C:\Program Files\DU Meter 2007-12-16 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2007-12-16 12:46 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-16 12:46 --------- d-----w C:\Program Files\Ahead 2007-12-16 12:44 --------- d-----w C:\Program Files\Microsoft 2007-12-16 12:39 --------- d-----w C:\Program Files\ESET 2007-12-16 12:17 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-12-16 12:17 270,336 ----a-w C:\WINDOWS\system32\imon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-12-07 16:03 1913656] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 04:09 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 04:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 04:10 114688] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SMSERIAL"="sm56hlpr.exe" [2004-12-28 23:01 544768 C:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 06:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-16 13:17 917504] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:07 110592 C:\WINDOWS\system32\bthprops.cpl] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360] C:\Documents and Settings\AdministratoriNET\Start Menu\Programs\Startup\ ProjectWhois.lnk - C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 02:13:40 147456] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-10 15:44] R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2008-02-01 15:48] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] Newly Created Service - ACUWVSSCHEDULERV5 . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-03 14:16:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ntos.exe 559104 bytes executable C:\WINDOWS\system32\wsnpoem scan completed successfully hidden files: 2 ************************************************************************ . Completion time: 2008-02-03 14:17:05 ComboFix-quarantined-files.txt 2008-02-03 13:16:48

Profil

bobby Poslao: 03 Feb 2008 21:32 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Rootkit:: C:\WINDOWS\system32\ntos.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

kostolac Poslao: 03 Feb 2008 21:56 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno kako si rekao i evo loga posle toga, stim da mi je ovoga puta ComboFix uradio restart kompa a prvi put nije ComboFix 08-02.03.1 - AdministratoriNET 2008-02-03 21:44:24.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.196 [GMT 1:00] Running from: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (2)\ComboFix.exe Command switches used :: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (2)\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ntos.exe . ((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))) . 2008-02-03 17:15 . 2008-02-03 17:25 671 --a------ C:\WINDOWS\mozver.dat 2008-02-02 15:07 . 2008-02-02 15:07 <DIR> d-------- C:\Program Files\Acunetix 2008-02-02 15:06 . 2008-02-02 15:07 810 --a------ C:\WINDOWS\WVS_InstDBLogFile.csv 2008-02-02 15:06 . 2008-02-02 15:06 16 --a------ C:\WINDOWS\system32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193} 2008-01-26 23:17 . 2008-01-26 23:17 <DIR> d-------- C:\Program Files\FLV Player 2008-01-26 19:45 . 2008-01-26 19:45 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-01-26 19:45 . 2008-01-26 20:04 <DIR> d-------- C:\Program Files\AAA Photo Album 2008-01-20 19:07 . 2008-02-03 16:16 <DIR> d--hs---- C:\WINDOWS\system32\wsnpoem 2008-01-19 18:41 . 2008-01-19 18:42 <DIR> d-------- C:\wamp 2008-01-15 07:06 . 2008-01-15 07:06 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\Corel 2008-01-15 07:06 . 2008-01-15 07:12 394 --a------ C:\WINDOWS\capture.ini 2008-01-15 07:05 . 2008-01-15 07:05 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-01-15 07:04 . 2008-01-15 07:04 <DIR> d-------- C:\Program Files\Corel 2008-01-14 21:25 . 2008-01-14 21:26 <DIR> d-------- C:\Program Files\WebShot 2008-01-06 13:59 . 2008-01-06 13:59 <DIR> d-a------ C:\txt_report 2008-01-06 13:19 . 2008-01-06 13:19 <DIR> d-------- C:\Program Files\IDM Computer Solutions 2008-01-06 13:19 . 2008-01-06 13:19 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\IDMComp 2008-01-06 11:42 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-01-06 11:42 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-01-05 23:15 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-01-05 23:15 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-01-05 23:15 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2008-01-05 23:15 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys 2008-01-05 22:35 . 2008-01-05 22:35 45,056 --a------ C:\WINDOWS\NCUNINST.EXE 2008-01-05 22:33 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys 2008-01-05 22:33 . 2004-08-03 22:58 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys 2008-01-05 22:33 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys 2008-01-05 22:33 . 2001-08-17 13:47 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys 2008-01-05 22:33 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys 2008-01-05 22:33 . 2001-08-17 13:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys 2008-01-05 22:32 . 2008-01-05 22:32 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-01-05 22:30 . 2008-01-05 22:35 248,866 --a------ C:\WINDOWS\hplj1010.his 2008-01-05 22:30 . 2008-01-05 22:35 17,968 --a------ C:\WINDOWS\hplj1010.ini 2008-01-05 22:27 . 2008-01-05 22:27 <DIR> d-------- C:\Program Files\Common Files\SWF Studio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-03 20:49 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\skypePM 2008-02-03 20:49 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Skype 2008-01-30 23:45 --------- d-----w C:\Program Files\Trillian 2008-01-15 06:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-15 06:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-13 15:32 --------- d-----w C:\Program Files\BitComet 2008-01-05 21:55 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-02 20:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-02 20:41 --------- d-----w C:\Program Files\Skype 2008-01-02 20:41 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-02 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-30 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2007-12-30 21:11 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Autodesk 2007-12-30 20:42 --------- d-----w C:\Program Files\UltraISO 2007-12-30 20:42 --------- d-----w C:\Program Files\Common Files\EZB Systems 2007-12-24 05:52 --------- d-----w C:\Program Files\Mv2Player 2007-12-24 00:25 --------- d-----w C:\Program Files\XviD 2007-12-24 00:25 --------- d-----w C:\Program Files\DivX 2007-12-24 00:24 --------- d-----w C:\Program Files\Microsoft Calculator Plus 2007-12-16 14:21 --------- d-----w C:\Program Files\Domain Tools 2007-12-16 13:38 --------- d-----w C:\Program Files\Lavalys 2007-12-16 13:36 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Lavasoft 2007-12-16 12:56 --------- d-----w C:\Program Files\MSN Messenger 2007-12-16 12:53 --------- d-----w C:\Program Files\Google 2007-12-16 12:49 --------- d-----w C:\Program Files\DU Meter 2007-12-16 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2007-12-16 12:46 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-16 12:46 --------- d-----w C:\Program Files\Ahead 2007-12-16 12:44 --------- d-----w C:\Program Files\Microsoft 2007-12-16 12:39 --------- d-----w C:\Program Files\ESET 2007-12-16 12:17 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-12-16 12:17 270,336 ----a-w C:\WINDOWS\system32\imon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-12-07 16:03 1913656] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 04:09 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 04:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 04:10 114688] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SMSERIAL"="sm56hlpr.exe" [2004-12-28 23:01 544768 C:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 06:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-16 13:17 917504] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:07 110592 C:\WINDOWS\system32\bthprops.cpl] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360] C:\Documents and Settings\AdministratoriNET\Start Menu\Programs\Startup\ ProjectWhois.lnk - C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 02:13:40 147456] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-10 15:44] R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2008-02-01 15:48] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-03 21:49:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2008-02-03 21:51:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-03 20:51:14 ComboFix2.txt 2008-02-03 13:17:06

Profil

bobby Poslao: 03 Feb 2008 23:25 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U sledecem folderu treba da su dva fajla: C:\WINDOWS\system32\wsnpoem Jedan nosi naziv audio.nesto, drugi video.nesto - obrisi ih, to su logovi koje je pravio ntos.exe Interesuje me drajver D:\Fxdrv.sys Google kaze da je to neki drajver za FoxxCon maticne ploce, ali sta ce on u rootu D particije? Jesi li to pustao neki tool za tvoju maticnu, a da se taj tool nalazio na D ?

Profil

kostolac Poslao: 04 Feb 2008 18:34 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bobby ne mogu da nadjem taj folder a sto se tice ovog drajvera ne secam se da sam pokretao neki tool A onaj ntos.exe je bio neki virus ili sta vec ? Dopuna: 04 Feb 2008 18:34 Obrisao sam ona dva fajla, nosili su eksenziju dll, audio.dll i video.dll i bio je i treci fajl audio.dll.cla

Profil

bobby Poslao: 04 Feb 2008 19:22 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posalji mi na uploada taj D:\Fxdrv.sys Koristi sledecu formu za upload: http://www.mycity.rs/ambulanta-upload.php Javi kad uradis upload.

Profil

kostolac Poslao: 04 Feb 2008 21:06 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nego ja nisam gledao prosli put kada si mi napisao, D mi je DVD jedinica i u njemu mi je neki disk pa je mozda sa njega to procitao. Druga particija mi nosi naziv E Tako da neznam sta da ti saljem

Profil

bobby Poslao: 04 Feb 2008 21:14 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Onda je to ipak od instalacije drajvera za maticnu. Setup je ucitao taj drajver da bi utvrdio model maticne, da bi znao koje drajvere za maticnu da instalira (ukoliko na CD-u dolaze vise drajvera za razlicite maticne). Ovo je samo pretpostavka, ali mi je to jedino logicno. Sto se tice ntos.exe, to je rootkit/trojanac, tj. trojanac koji moze da sakrije samog sebe. Ne bih znao vise o njemu (osim da sam ga i sam jednom zakacio slucajnim klikom na jedan EXE iz paketa virusa koji sam dobio od drugara). Daj mi novi HJT i ComboFix log, da vidim sta smo do sada postigli.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Moj log kostolac

Ko je trenutno na forumu

Ukupno su 985 korisnika na forumu :: 25 registrovanih, 5 sakrivenih i 955 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., branko7, Bubimir, ccoogg123, darkojbn, Doca, HogarStrashni, hyla, ikan, JOntra, jukeboxer, ladro, loon123, mean_machine, Mi lao shu, mikrimaus, Milan A. Nikolic, Oscar2, raketaš, Skywhaler, Tvrtko I, virked, voja64, 2001

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by