|
Poslao: 06 Okt 2008 10:34
|
offline
- miskomisa
- Novi MyCity građanin
- Pridružio: 06 Okt 2008
- Poruke: 4
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:39, on 06. 10. 08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Sat\ClocX\ClocX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\MSTMON_P.EXE
D:\Programi\WinAmp 5.541\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programi\HDD Thermometer\HDD 1.3\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Programi\WinAmp 5.541\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CORELDRW.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Misko\Desktop\HiT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ClocX] D:\Sat\ClocX\ClocX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor2300WStatusDisplay] C:\WINDOWS\system32\MSTMON_P.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] "D:\Programi\WinAmp 5.541\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] D:\Programi\HDD Thermometer\HDD 1.3\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - ebank.lhb.rs/DLL/FSINT.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....8643532796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....9309569062
O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - ebank.lhb.rs/DLL/SAWZip.dll
O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - ebank.lhb.rs/DLL/EbankingWWW.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} (SecAPI Class) - ebank.lhb.rs/DLL/EBCSCC2B.dll
O16 - DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} (SecAPI Class) - ebank.lhb.rs/DLL/EBCCDC2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0504D9AD-8F8E-4197-9330-7DD617D2BDFD}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{6166343E-4728-4D15-929C-969E9D892550}: NameServer = 194.247.192.33,194.247.192.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0504D9AD-8F8E-4197-9330-7DD617D2BDFD}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{0504D9AD-8F8E-4197-9330-7DD617D2BDFD}: NameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{0504D9AD-8F8E-4197-9330-7DD617D2BDFD}: NameServer = 192.168.0.254
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 12479 bytes
|
|
|
|
|
|
|
Poslao: 06 Okt 2008 16:34
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Pomenuti problem se ispoljava... Na koji način?
Slobodno napiši rečenicu il' dve - ovo ovde nije automatizovani sistem za analizu logova.
|
|
|
|
|
|
|
Poslao: 06 Okt 2008 18:55
|
offline
- miskomisa
- Novi MyCity građanin
- Pridružio: 06 Okt 2008
- Poruke: 4
|
Ups, stvarno se izvinjavam, prevideo sam objasnjenje. Komp blokira totalno, i jedina pomoc je restart. To se desava i pri najobicnijem pomeranju misa preko ekrana. Takodje mi se non stop aktivira Dr Watson koji ne znam kako da iskljucim jer ga nema u add/remowe, a on mi takodje blokira programe. Na zalost, u ovom trenutku nisam pri svom kompjuteru. U svakom slucaju unapred hvala na svakoj pomoci.
|
|
|
|
|
|
|
|
|
Poslao: 07 Okt 2008 09:32
|
offline
- miskomisa
- Novi MyCity građanin
- Pridružio: 06 Okt 2008
- Poruke: 4
|
Evo novog loga.
ComboFix 08-10-06.05 - Misko 2008-10-07 9:25:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1581 [GMT 2:00]
Running from: C:\Documents and Settings\Misko\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Misko\ravmonlog
----- BITS: Possible infected sites -----
hxxp://w2k3:8530
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-10-07 07:05 --------- d-----w C:\Documents and Settings\Misko\Application Data\SlimBrowser
2008-10-06 14:15 2,880 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-04 06:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 17:16 --------- d-----w C:\Program Files\eMule
2008-10-02 13:17 3,001 --sha-w C:\Documents and Settings\Misko\ppUser.dat
2008-10-01 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 06:57 --------- d-----w C:\Documents and Settings\Misko\Application Data\Nokia Multimedia Player
2008-09-10 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-23 13:18 --------- d-----w C:\Documents and Settings\Misko\Application Data\Winamp
2008-08-18 07:43 --------- d-----w C:\Documents and Settings\absoft\Application Data\PC Suite
2008-08-08 07:44 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-08 07:44 --------- d-----w C:\Program Files\AB Soft
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"RSD_HDDThermo"="D:\Programi\HDD Thermometer\HDD 1.3\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 215040]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 208896]
"ClocX"="D:\Sat\ClocX\ClocX.exe" [2005-01-26 270336]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"KONICA MINOLTA magicolor2300WStatusDisplay"="C:\WINDOWS\system32\MSTMON_P.EXE" [2003-12-20 172032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"WinampAgent"="D:\Programi\WinAmp 5.541\Winamp\winampa.exe" [2008-08-04 36352]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-06-28 C:\WINDOWS\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk.disabled [2008-04-19 629]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= C:\WINDOWS\878Map.drv
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
"SkyTel"=SkyTel.EXE
"WinampAgent"=D:\Programi\WinAmp 5.35\Winamp\winampa.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"<NO NAME>"=
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Programi\\AvanBrowser\\Avant Browser\\avant.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16409:TCP"= 16409:TCP:NortonAV
"17055:TCP"= 17055:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-10-17 523816]
R2 MLPTDR_P;MLPTDR_P;C:\WINDOWS\system32\MLPTDR_P.SYS [2003-07-09 20032]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 45568]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-11-06 265512]
S2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-03-07 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 13308]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09d93cd6-ebd7-11dc-ad4d-0017318208a0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dd66dc3-4cbe-11dc-ac82-0017318208a0}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-07 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Misko\Application Data\Mozilla\Firefox\Profiles\lpx1seko.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-07 09:28:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-07 9:30:18
ComboFix-quarantined-files.txt 2008-10-07 07:30:06
Pre-Run: 55.558.524.928 bytes free
Post-Run: 55,568,068,608 bytes free
149 --- E O F --- 2008-10-01 13:18:19
|
|
|
|
|
|
|
|
|
Poslao: 09 Okt 2008 03:24
|
offline
- miskomisa
- Novi MyCity građanin
- Pridružio: 06 Okt 2008
- Poruke: 4
|
Evo najnovijeg loga:
ComboFix 08-10-06.05 - Misko 2008-10-09 3:15:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1384 [GMT 2:00]
Running from: C:\Documents and Settings\Misko\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Misko\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-09 00:22 2,880 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-08 20:27 --------- d-----w C:\Documents and Settings\Misko\Application Data\SlimBrowser
2008-10-07 20:28 --------- d-----w C:\Program Files\eMule
2008-10-07 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-10-04 06:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 13:17 3,001 --sha-w C:\Documents and Settings\Misko\ppUser.dat
2008-09-25 06:57 --------- d-----w C:\Documents and Settings\Misko\Application Data\Nokia Multimedia Player
2008-09-10 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-23 13:18 --------- d-----w C:\Documents and Settings\Misko\Application Data\Winamp
2008-08-18 07:43 --------- d-----w C:\Documents and Settings\absoft\Application Data\PC Suite
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-07_ 9.29.54.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-07 07:23:28 64,768 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-07 12:44:56 64,768 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-07 07:23:28 409,628 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-07 12:44:56 409,628 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-07 12:40:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"RSD_HDDThermo"="D:\Programi\HDD Thermometer\HDD 1.3\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 215040]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 208896]
"ClocX"="D:\Sat\ClocX\ClocX.exe" [2005-01-26 270336]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"KONICA MINOLTA magicolor2300WStatusDisplay"="C:\WINDOWS\system32\MSTMON_P.EXE" [2003-12-20 172032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"WinampAgent"="D:\Programi\WinAmp 5.541\Winamp\winampa.exe" [2008-08-04 36352]
"nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-06-28 C:\WINDOWS\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk.disabled [2008-04-19 629]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= C:\WINDOWS\878Map.drv
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
"SkyTel"=SkyTel.EXE
"WinampAgent"=D:\Programi\WinAmp 5.35\Winamp\winampa.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"<NO NAME>"=
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Programi\\AvanBrowser\\Avant Browser\\avant.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-10-17 523816]
R2 MLPTDR_P;MLPTDR_P;C:\WINDOWS\system32\MLPTDR_P.SYS [2003-07-09 20032]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 45568]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-11-06 265512]
S2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-03-07 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 13308]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-09 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-09 03:18:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-09 3:19:35
ComboFix-quarantined-files.txt 2008-10-09 01:19:31
ComboFix2.txt 2008-10-07 07:30:18
Pre-Run: 55.471.288.320 bytes free
Post-Run: 55,455,559,680 bytes free
132 --- E O F --- 2008-10-01 13:18:19
|
|
|
|
|
|
|
Poslao: 09 Okt 2008 16:45
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Kao što rekoh, ovo izgleda čisto.
Za pomenute probleme, stvarno ne znam šta bih ti rekao.
Otvori temu u forumu Windows - možda bude neki koristan savet...
|
|
|
|
|
|
) u donjem, desnom uglu ekrana i izaberi 
