MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Log na prvojeru

[bobby] Log na prvojeru

Napisano na dan: 24.5.2008

Strana:
1
2
3
4
5
6
7

[bobby] Log na prvojeru

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5
6
7

nirre Poslao: 24 Maj 2008 22:03 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 22:00:03, on 5/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Opera\Opera.exe D:\Documents and Settings\erin\My Documents\Erin\Windows\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....5093096078 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\erin\Desktop\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Dopuna: 24 Maj 2008 22:03 Kako sad nadjoh na net ja ovo je virus O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe i tacno pokazuje simptome koje ja imam

Profil

bobby Poslao: 24 Maj 2008 22:05 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nirre, posto znam da si dosta iskusan, mogu da te uputim direktno na sledeci link: http://digitalpbk.blogspot.com/2008/02/amvoexe-virus-usb-memory-stick.html Probaj proceduru opisanu na tom linku, pa onda postavi ovde ponovo HijackThis log. Dopuna: 24 Maj 2008 22:05 Zapravo, uradi prvo sledece, da vidimo moze li to malo automatski: Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe

Profil

nirre Poslao: 24 Maj 2008 22:36 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-21.3 - erin 2008-05-24 22:29:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.75 [GMT 2:00] Running from: C:\Documents and Settings\erin\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\readme-net.doc C:\WINDOWS\youtubex.dll . ((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))) . 2008-05-22 22:36 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-05-22 22:36 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-05-22 22:36 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-05-21 12:27 . 2008-05-21 12:27 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-21 12:27 . 2008-05-21 12:28 <DIR> d-------- C:\Documents and Settings\erin\Application Data\Skype 2008-05-21 12:27 . 2008-05-21 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-21 12:26 . 2008-05-21 12:27 <DIR> d-------- C:\Program Files\Skype 2008-05-20 14:09 . 2008-05-20 14:09 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-05-20 13:55 . 2008-05-20 14:00 <DIR> d-------- C:\Program Files\Fma 2008-05-20 13:55 . 2008-05-20 13:55 <DIR> d-------- C:\Documents and Settings\erin\Application Data\FMA 2008-05-18 16:24 . 2008-05-24 00:24 <DIR> d-------- C:\Program Files\eMule 2008-05-14 00:11 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-14 00:10 . 2008-05-17 19:20 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-05-13 10:57 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-13 10:57 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-13 10:57 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-12 21:07 . 2008-02-05 17:06 103,367 -r-hs---- C:\2ifetri.cmd 2008-05-12 16:08 . 2008-05-12 16:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-12 16:08 . 2008-05-12 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-12 16:03 . 2008-05-12 16:04 <DIR> d-------- C:\Program Files\Winamp 2008-05-05 19:38 . 2008-05-19 20:05 316 --a------ C:\WINDOWS\win.ini 2008-05-05 19:23 . 2006-10-18 23:47 8,231,936 --a------ C:\WINDOWS\system32\wmploc.backup 2008-05-05 19:23 . 2006-10-17 13:05 105,984 --a------ C:\WINDOWS\system32\url.backup 2008-05-05 19:21 . 2004-08-04 00:56 8,384,000 --a------ C:\WINDOWS\system32\shell32.backup 2008-05-05 19:20 . 2004-08-04 00:56 983,552 --a------ C:\WINDOWS\system32\setupapi.backup 2008-05-05 19:20 . 2004-08-04 00:56 657,920 --a------ C:\WINDOWS\system32\rasdlg.backup 2008-05-05 19:20 . 2004-08-04 00:56 343,040 --a------ C:\WINDOWS\system32\cmdial32.backup 2008-05-05 19:20 . 2004-08-04 00:56 298,496 --a------ C:\WINDOWS\system32\sysdm.backup 2008-05-05 19:20 . 2004-08-04 00:56 163,840 --a------ C:\WINDOWS\system32\credui.backup 2008-05-05 19:20 . 2004-08-04 00:56 10,752 --a------ C:\WINDOWS\hh.backup 2008-05-05 19:17 . 2008-05-10 18:11 <DIR> d-------- C:\WINDOWS\VIPv3 2008-04-29 01:10 . 2008-04-29 01:10 <DIR> d-------- C:\Program Files\Common Files\NSV 2008-04-28 20:37 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-04-28 20:36 . 2008-04-28 20:36 <DIR> d-------- C:\Documents and Settings\erin\Application Data\ESET 2008-04-28 20:33 . 2008-04-28 20:33 <DIR> d-------- C:\Program Files\ESET 2008-04-28 20:33 . 2008-04-28 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-04-28 16:06 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-04-28 16:05 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-04-28 16:05 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-04-28 16:05 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-04-26 13:52 . 2008-04-26 13:52 <DIR> d-------- C:\Documents and Settings\erin\LimeWire Store Purchased . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-24 19:38 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-17 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-12 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups 2008-05-12 13:53 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-04-28 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-28 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-28 11:46 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-27 23:05 --------- d-----w C:\Documents and Settings\erin\Application Data\LimeWire 2008-04-26 11:50 --------- d-----w C:\Program Files\Opera 2008-04-20 16:36 --------- d-----w C:\Documents and Settings\erin\Application Data\Teleca 2008-04-20 16:17 --------- d-----w C:\Documents and Settings\erin\Application Data\AdobeUM 2008-04-16 18:11 --------- d-----w C:\Program Files\Audacity 1.3 Beta 2008-03-30 11:22 --------- d-----w C:\Program Files\Crazy Machines - New Challenges 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ------- Sigcheck ------- 2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe 2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe 2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll 2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll 2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe 2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys 2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys 2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys 2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe 2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe 2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe 2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe 2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 SNPHV71;PC Camera (602a VGA);C:\WINDOWS\system32\DRIVERS\snphv71.sys [2002-11-08 18:24] S2 Apache2.2;Apache2.2;"C:\Documents and Settings\erin\Desktop\xampp\apache\bin\apache.exe" -k runservice [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c80b35-0b1c-11dd-9854-e524d390b132}] \Shell\AutoRun\command - F:\2ifetri.cmd \Shell\explore\Command - F:\2ifetri.cmd \Shell\open\Command - F:\2ifetri.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c80b36-0b1c-11dd-9854-e524d390b132}] \Shell\AutoRun\command - G:\2ifetri.cmd \Shell\explore\Command - G:\2ifetri.cmd \Shell\open\Command - G:\2ifetri.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cecfcedf-c68c-11dc-97c8-f84ff3382347}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f84ff981-202b-11dd-987b-000ea667e277}] \Shell\AutoRun\command - F:\2ifetri.cmd \Shell\explore\Command - F:\2ifetri.cmd \Shell\open\Command - F:\2ifetri.cmd Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 22:32:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-24 22:35:53 ComboFix-quarantined-files.txt 2008-05-24 20:35:20 Pre-Run: 16,249,470,976 bytes free Post-Run: 16,260,902,912 bytes free 156 --- E O F --- 2008-05-19 17:36:37

Profil

bobby Poslao: 24 Maj 2008 22:54 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imas li USB stickove ili neke druge USB memorije koje su potencijalno inficirane?

Profil

nirre Poslao: 24 Maj 2008 23:02 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imao sam,ovih dana mi je proslo dosta usb-a kroz komp ali rijesih prob tj nadjoh jedan AMVO Remover i sada je sve ok. Sve radi kako bi trebalo. Dopuna: 24 Maj 2008 22:57 https://www.mycity.rs/must-login.png Dopuna: 24 Maj 2008 23:02 Evo i novi log Logfile of HijackThis v1.99.1 Scan saved at 23:01:43, on 5/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\erin\My Documents\Erin\Windows\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....5093096078 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\erin\Desktop\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

bobby Poslao: 24 Maj 2008 23:58 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c80b35-0b1c-11dd-9854-e524d390b132}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f84ff981-202b-11dd-987b-000ea667e277}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nirre Poslao: 25 Maj 2008 00:29 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-21.3 - erin 2008-05-25 0:23:53.2 - NTFSx86 Running from: C:\Documents and Settings\erin\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\erin\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))) . 2008-05-22 22:36 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-05-22 22:36 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-05-22 22:36 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-05-22 22:36 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-05-21 12:27 . 2008-05-21 12:27 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-21 12:27 . 2008-05-21 12:28 <DIR> d-------- C:\Documents and Settings\erin\Application Data\Skype 2008-05-21 12:27 . 2008-05-21 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-21 12:26 . 2008-05-21 12:27 <DIR> d-------- C:\Program Files\Skype 2008-05-20 14:09 . 2008-05-20 14:09 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-05-20 13:55 . 2008-05-20 14:00 <DIR> d-------- C:\Program Files\Fma 2008-05-20 13:55 . 2008-05-20 13:55 <DIR> d-------- C:\Documents and Settings\erin\Application Data\FMA 2008-05-18 16:24 . 2008-05-24 00:24 <DIR> d-------- C:\Program Files\eMule 2008-05-14 00:11 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-13 10:57 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-13 10:57 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-13 10:57 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-12 21:07 . 2008-02-05 17:06 103,367 -r-hs---- C:\2ifetri.cmd 2008-05-12 16:08 . 2008-05-12 16:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-12 16:08 . 2008-05-12 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-12 16:03 . 2008-05-12 16:04 <DIR> d-------- C:\Program Files\Winamp 2008-05-05 19:38 . 2008-05-19 20:05 316 --a------ C:\WINDOWS\win.ini 2008-05-05 19:23 . 2006-10-18 23:47 8,231,936 --a------ C:\WINDOWS\system32\wmploc.backup 2008-05-05 19:23 . 2006-10-17 13:05 105,984 --a------ C:\WINDOWS\system32\url.backup 2008-05-05 19:21 . 2004-08-04 00:56 8,384,000 --a------ C:\WINDOWS\system32\shell32.backup 2008-05-05 19:20 . 2004-08-04 00:56 983,552 --a------ C:\WINDOWS\system32\setupapi.backup 2008-05-05 19:20 . 2004-08-04 00:56 657,920 --a------ C:\WINDOWS\system32\rasdlg.backup 2008-05-05 19:20 . 2004-08-04 00:56 343,040 --a------ C:\WINDOWS\system32\cmdial32.backup 2008-05-05 19:20 . 2004-08-04 00:56 298,496 --a------ C:\WINDOWS\system32\sysdm.backup 2008-05-05 19:20 . 2004-08-04 00:56 163,840 --a------ C:\WINDOWS\system32\credui.backup 2008-05-05 19:20 . 2004-08-04 00:56 10,752 --a------ C:\WINDOWS\hh.backup 2008-05-05 19:17 . 2008-05-10 18:11 <DIR> d-------- C:\WINDOWS\VIPv3 2008-04-29 01:10 . 2008-04-29 01:10 <DIR> d-------- C:\Program Files\Common Files\NSV 2008-04-28 20:37 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-04-28 20:36 . 2008-04-28 20:36 <DIR> d-------- C:\Documents and Settings\erin\Application Data\ESET 2008-04-28 20:33 . 2008-04-28 20:33 <DIR> d-------- C:\Program Files\ESET 2008-04-28 20:33 . 2008-04-28 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-04-28 16:06 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-04-28 16:05 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-04-28 16:05 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-04-28 16:05 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-04-26 13:52 . 2008-04-26 13:52 <DIR> d-------- C:\Documents and Settings\erin\LimeWire Store Purchased . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-24 22:11 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-24 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups 2008-05-17 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-12 13:53 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-04-28 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-28 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-28 11:46 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-27 23:05 --------- d-----w C:\Documents and Settings\erin\Application Data\LimeWire 2008-04-26 11:50 --------- d-----w C:\Program Files\Opera 2008-04-20 16:36 --------- d-----w C:\Documents and Settings\erin\Application Data\Teleca 2008-04-20 16:17 --------- d-----w C:\Documents and Settings\erin\Application Data\AdobeUM 2008-04-16 18:11 --------- d-----w C:\Program Files\Audacity 1.3 Beta 2008-03-30 11:22 --------- d-----w C:\Program Files\Crazy Machines - New Challenges 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ------- Sigcheck ------- 2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe 2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe 2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll 2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll 2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe 2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys 2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys 2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys 2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe 2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe 2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe 2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe 2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 SNPHV71;PC Camera (602a VGA);C:\WINDOWS\system32\DRIVERS\snphv71.sys [2002-11-08 18:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cecfcedf-c68c-11dc-97c8-f84ff3382347}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 00:26:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-25 0:28:28 ComboFix-quarantined-files.txt 2008-05-24 22:28:14 Pre-Run: 16,367,820,800 bytes free Post-Run: 16,357,810,176 bytes free 133 --- E O F --- 2008-05-19 17:36:37

Profil

bobby Poslao: 25 Maj 2008 00:32 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

nirre Poslao: 25 Maj 2008 00:41 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odrajden upload. Da odradim uninstall sada?

Profil

bobby Poslao: 27 Maj 2008 22:37 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Yup, uradi uninstall. To si mi uploadovao karantin ComboFix-a, da pogledam nesto ove fajlove koje je on uklonio. Dopuna: 27 Maj 2008 22:37 Nirre, javi mi da li je sve OK, da znam da li da prebacim temu u Arhivu.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Log na prvojeru

Ko je trenutno na forumu

Ukupno su 902 korisnika na forumu :: 7 registrovanih, 0 sakrivenih i 895 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bigfoot, darkojbn, kolateralnasteta, ruma, Srle993, TBF1D, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by