Meni
Forumi
Nove poruke
Sve teme
Najnovije teme
Nove poruke
♫ Radio
Dnevnici
Dnevnici Vanjskog Uzgajanja
Dnevnici Unutrašnjeg Uzgajanja
Završeni Vanjski Dnevnici
Završeni Unutrašnji Dnevnici
Novo
Popularne teme
Nove poruke
Najnovije aktivnosti
Članovi
Trenutno prisutni
Forumi
Prijava
Registracija
Nove poruke
Sve teme
Najnovije teme
Nove poruke
Meni
Install the app
Install
Objavite odgovor
Forumi
Sve što nema svoje mjesto
Svijet Interneta i Kompjutera
Spyware
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
Koristite zastareli pregledač. Možda neće pravilno prikazivati ove ili druge veb stranice.
Trebali biste nadograditi ili koristiti
alternativni pregledač
.
Poruka
<blockquote data-quote="Kurblaj Kan" data-source="post: 64340" data-attributes="member: 1624"><p>Evo i od combofixa report ako ti to pomaže da mi pomogneš</p><p></p><p>ComboFix 08-09-27.01 - Shaman Shandor 2008-09-28 12:33:45.1 - NTFSx86</p><p>Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1606 [GMT 2:00]</p><p>Running from: C:\Documents and Settings\Shaman Shandor\Desktop\ComboFix.exe</p><p>* Created a new restore point</p><p></p><p><span style="color: red"><strong>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!</strong></span></p><p>.</p><p></p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p></p><p>C:\WINDOWS\BM034ada03.txt</p><p>C:\WINDOWS\BM034ada03.xml</p><p>C:\WINDOWS\cookies.ini</p><p>C:\WINDOWS\pskt.ini</p><p>C:\WINDOWS\system32\mcrh.tmp</p><p></p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))</p><p>.</p><p></p><p>2008-09-25 15:35 . 2008-09-25 15:35 268 --ah----- C:\sqmdata01.sqm</p><p>2008-09-25 15:35 . 2008-09-25 15:35 244 --ah----- C:\sqmnoopt01.sqm</p><p>2008-09-11 13:44 . 2008-09-11 13:44 268 --ah----- C:\sqmdata00.sqm</p><p>2008-09-11 13:44 . 2008-09-11 13:44 244 --ah----- C:\sqmnoopt00.sqm</p><p></p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2008-09-28 09:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP</p><p>2008-09-06 16:04 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\Corel</p><p>2008-08-31 17:35 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\DNA</p><p>2008-08-31 15:59 --------- d-----w C:\Program Files\DNA</p><p>2008-08-16 14:48 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\SUPERAntiSpyware.com</p><p>2008-08-16 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com</p><p>2008-08-16 14:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard</p><p>2008-08-16 13:16 379,266 --sha-w C:\WINDOWS\system32\KkTwaGgh.ini2</p><p>2008-08-16 12:11 --------- d-----w C:\Program Files\Windows Live Safety Center</p><p>2008-08-16 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET</p><p>2008-08-16 08:30 84,480 ----a-w C:\WINDOWS\system32\mywrtyxp.dll</p><p>2008-08-16 08:28 92,672 ----a-w C:\WINDOWS\system32\vesmdmww.dll</p><p>2008-08-15 08:00 93,184 ----a-w C:\WINDOWS\system32\tuxwibso.dll</p><p>2008-08-14 02:14 94,208 ----a-w C:\WINDOWS\system32\crbswttl.dll</p><p>2008-08-10 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information</p><p>2008-08-06 04:41 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\BitTorrent</p><p>2008-07-29 16:10 --------- d-----w C:\Program Files\Common Files\Adobe</p><p>.</p><p></p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p></p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]</p><p>"DAEMON Tools Lite"="D:\Programi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]</p><p>"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]</p><p>"SUPERAntiSpyware"="D:\Programi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]</p><p>"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]</p><p>"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]</p><p>"0079e99f"="C:\WINDOWS\system32\mywrtyxp.dll" [2008-08-16 84480]</p><p>"egui"="D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]</p><p>"BM034ada03"="C:\WINDOWS\system32\vesmdmww.dll" [2008-08-16 92672]</p><p>"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]</p><p>"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]</p><p>"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]</p><p>"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]</p><p></p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]</p><p></p><p>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</p><p>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]</p><p></p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]</p><p>2007-04-19 13:41 294912 D:\Programi\SUPERAntiSpyware\SASWINLO.dll</p><p></p><p>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</p><p>"AntiVirusDisableNotify"=dword:00000001</p><p>"UpdatesDisableNotify"=dword:00000001</p><p></p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</p><p>"%windir%\\system32\\sessmgr.exe"=</p><p>"C:\\Program Files\\DNA\\btdna.exe"=</p><p>"E:\\Programi\\BitTorrent\\bittorrent.exe"=</p><p>"D:\\Programi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=</p><p>"D:\\Programi\\eMule\\emule.exe"=</p><p>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</p><p>"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=</p><p>"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=</p><p></p><p>R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]</p><p>S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p></p><p>BHO-{85C1FED7-BA66-43ED-9A84-CC9F204A71F3} - C:\WINDOWS\system32\hgGawTkK.dll</p><p>Notify-vtUnolKd - vtUnolKd.dll</p><p></p><p></p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>FireFox -: Profile - C:\Documents and Settings\Shaman Shandor\Application Data\Mozilla\Firefox\Profiles\rs9jf8lb.default\</p><p>FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll</p><p>FF -: plugin - d:\Programi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll</p><p>FF -: plugin - d:\Programi\DivX\DivX Player\npDivxPlayerPlugin.dll</p><p>FF -: plugin - d:\Programi\DivX\DivX Web Player\npdivx32.dll</p><p>FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npbittorrent.dll</p><p>FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npdivx32.dll</p><p>FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll</p><p>FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npnul32.dll</p><p>FF -: plugin - D:\Programi\Mozilla Firefox\plugins\NPOFFICE.DLL</p><p>FF -: plugin - D:\Programi\Mozilla Firefox\plugins\nppdf32.dll</p><p>.</p><p></p><p>**************************************************************************</p><p></p><p>catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a></p><p>Rootkit scan 2008-09-28 12:36:15</p><p>Windows 5.1.2600 Service Pack 2 NTFS</p><p></p><p>scanning hidden processes ... </p><p></p><p>scanning hidden autostart entries ...</p><p></p><p>scanning hidden files ... </p><p></p><p></p><p>C:\WINDOWS\system32\pxytrwym.tmp 8450048 bytes</p><p></p><p>scan completed successfully</p><p>hidden files: 1</p><p></p><p>**************************************************************************</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>D:\Programi\Lavasoft\Ad-Aware 2007\aawservice.exe</p><p>C:\WINDOWS\system32\rundll32.exe</p><p>C:\WINDOWS\system32\rundll32.exe</p><p>C:\WINDOWS\system32\rundll32.exe</p><p>C:\WINDOWS\system32\rundll32.exe</p><p>D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe</p><p>D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe</p><p>C:\Program Files\Common Files\LightScribe\LSSrvc.exe</p><p>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE</p><p>C:\WINDOWS\system32\nvsvc32.exe</p><p>C:\WINDOWS\system32\wdfmgr.exe</p><p>C:\ComboFix\pv.cfexe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2008-09-28 12:38:05 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2008-09-28 10:38:03</p><p></p><p>Pre-Run: 12.337.795.072 bytes free</p><p>Post-Run: 13,849,956,352 bytes free</p><p></p><p>134 --- E O F --- 2008-07-19 11:00:56</p></blockquote><p></p>
[QUOTE="Kurblaj Kan, post: 64340, member: 1624"] Evo i od combofixa report ako ti to pomaže da mi pomogneš ComboFix 08-09-27.01 - Shaman Shandor 2008-09-28 12:33:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1606 [GMT 2:00] Running from: C:\Documents and Settings\Shaman Shandor\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM034ada03.txt C:\WINDOWS\BM034ada03.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\mcrh.tmp . ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 ))))))))))))))))))))))))))))))) . 2008-09-25 15:35 . 2008-09-25 15:35 268 --ah----- C:\sqmdata01.sqm 2008-09-25 15:35 . 2008-09-25 15:35 244 --ah----- C:\sqmnoopt01.sqm 2008-09-11 13:44 . 2008-09-11 13:44 268 --ah----- C:\sqmdata00.sqm 2008-09-11 13:44 . 2008-09-11 13:44 244 --ah----- C:\sqmnoopt00.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 09:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-06 16:04 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\Corel 2008-08-31 17:35 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\DNA 2008-08-31 15:59 --------- d-----w C:\Program Files\DNA 2008-08-16 14:48 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\SUPERAntiSpyware.com 2008-08-16 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-16 14:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-16 13:16 379,266 --sha-w C:\WINDOWS\system32\KkTwaGgh.ini2 2008-08-16 12:11 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-08-16 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET 2008-08-16 08:30 84,480 ----a-w C:\WINDOWS\system32\mywrtyxp.dll 2008-08-16 08:28 92,672 ----a-w C:\WINDOWS\system32\vesmdmww.dll 2008-08-15 08:00 93,184 ----a-w C:\WINDOWS\system32\tuxwibso.dll 2008-08-14 02:14 94,208 ----a-w C:\WINDOWS\system32\crbswttl.dll 2008-08-10 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-06 04:41 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\BitTorrent 2008-07-29 16:10 --------- d-----w C:\Program Files\Common Files\Adobe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Lite"="D:\Programi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="D:\Programi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "0079e99f"="C:\WINDOWS\system32\mywrtyxp.dll" [2008-08-16 84480] "egui"="D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "BM034ada03"="C:\WINDOWS\system32\vesmdmww.dll" [2008-08-16 92672] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 D:\Programi\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "E:\\Programi\\BitTorrent\\bittorrent.exe"= "D:\\Programi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "D:\\Programi\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] . - - - - ORPHANS REMOVED - - - - BHO-{85C1FED7-BA66-43ED-9A84-CC9F204A71F3} - C:\WINDOWS\system32\hgGawTkK.dll Notify-vtUnolKd - vtUnolKd.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Shaman Shandor\Application Data\Mozilla\Firefox\Profiles\rs9jf8lb.default\ FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - d:\Programi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll FF -: plugin - d:\Programi\DivX\DivX Player\npDivxPlayerPlugin.dll FF -: plugin - d:\Programi\DivX\DivX Web Player\npdivx32.dll FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npdivx32.dll FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npnul32.dll FF -: plugin - D:\Programi\Mozilla Firefox\plugins\NPOFFICE.DLL FF -: plugin - D:\Programi\Mozilla Firefox\plugins\nppdf32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url] Rootkit scan 2008-09-28 12:36:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\pxytrwym.tmp 8450048 bytes scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\Programi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Completion time: 2008-09-28 12:38:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-28 10:38:03 Pre-Run: 12.337.795.072 bytes free Post-Run: 13,849,956,352 bytes free 134 --- E O F --- 2008-07-19 11:00:56 [/QUOTE]
Verifikacija
Objavite odgovor
Forumi
Sve što nema svoje mjesto
Svijet Interneta i Kompjutera
Spyware
Top
Bottom