| |
Ako neko ima vremena nek proveri, nije toliko bitno :)
|
|
|
|
 Poslao: 29 Sep 2008 22:15 |
|
|
| Simke |
 Obsidian Order
intelligence officer 
Supermoderator
hardware foruma |
 |
| |
| Pridružio: 21 Jul 2007 |
| Poruke: 3986 |
Gde živiš: Kako kad
[Povratak na vrh] |
|
|
 |
|
 |
|
Arhiva, ime iz kesa, znaci ne znam sta je unutra, samo znam da je 100MB, dvoklik iz totalcmd-a i nastaje haos, znaci nisam ni stigao da vidim sta ima unutra. Comodo defence+ iskace >20 popup-ova menja se registri, pojavljuje se i BitDefender u jedno desetak prozora, Zlob neka tamo varijanta, takodje nesto pokusava napolje iz racunara, raskacim konekciju u Comodu sve na denied, polako se sve smiri i BitDefender me obavesti da je obrisao i ocistio.
Onako, malo je zastrasujuce sve izgledalo  . Mene sada interesuje jel stvarno sve ok posto ja nisam nesto spec familijaran sa ovom tematikom, jel BitDefender obavio svoj posao onako kako je trebao? Ne treba mi lecenje ako ima problema, da vas ne smaram, znam da imate pune ruke posla  .
| Kod: | Logfile of HijackThis v1.99.1
Scan saved at 22:06:26, on 29.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Instalacije\SandBoxie\SbieSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Instalacije\SandBoxie\SbieCtrl.exe
C:\Instalacije\totalcmd\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
E:\Down\SkyGrabber\SkyGrabber.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Instalacije\totalcmd\plugins\Media\AIMP\AIMP2.exe
D:\Moji folderi\Radni\programs\Zastita\HLK\DS9.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Instalacije\SandBoxie\SbieCtrl.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE5FFACA-2EC7-4ADE-87F6-896B4E69FCC4}: NameServer = [b]ovde je bio IP mog ISP-a, a ne bih zeleo javno da se vidi :)[/b]
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Instalacije\SandBoxie\SbieSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing) |
Jos nesto sam primetio od tada, svaki put kada pokrenem nesto od office alata meni krece instalacija istog, pa onda moram rucno na cancel nekoliko puta. Isto se desava i kada pokrenem neke od programa, isto krene instalacija office-a. |
|
|
|
|
|
| Poslao: 30 Sep 2008 17:11 |
|
|
| dr_Bora |
Anti Malware Fighter
Rank 2
Supermoderator
tech foruma |
 |
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 6704 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
|
|
|
|
|
|
|
|
|
| Poslao: 30 Sep 2008 19:40 |
|
|
| Simke |
Obsidian Order
intelligence officer
Supermoderator
hardware foruma |
|
| |
| Pridružio: 21 Jul 2007 |
| Poruke: 3986 |
Gde živiš: Kako kad
[Povratak na vrh] |
|
|
|
|
|
|
Evo loga, ali nisam uspeo da iskljucim BitDefendera jednostavno ne znam kako, cak sta vise mislim da i ne moze osim da ga ikljucim iz startup-a da ne podize servise, comodo je bio iskljucen. Nadam se da to nije uticalo.
ComboFix 08-09-28.05 - Elim 2008-09-30 19:30:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1577 [GMT 2:00]
Running from: C:\Documents and Settings\Elim\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Ovislink\AirLive WT-2000PCI\_desktop.ini
C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\_desktop.ini
C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\win2k\_desktop.ini
C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\win9x\_desktop.ini
C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\winme\_desktop.ini
C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\winx64\_desktop.ini
C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\winxp\_desktop.ini
C:\WINDOWS\system32\prsgrc.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\uptodate.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.
2008-09-28 01:56 . 2008-09-28 01:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-24 23:29 . 2008-09-24 23:29 <DIR> d-------- C:\Program Files\COMODO
2008-09-24 23:29 . 2008-09-24 23:29 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\Comodo
2008-09-24 23:29 . 2008-09-24 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-24 23:29 . 2008-09-24 23:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-24 23:29 . 2008-09-24 23:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-24 23:29 . 2008-09-24 23:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-24 22:36 . 2008-09-24 22:36 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-24 22:36 . 2008-09-24 22:36 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-24 22:31 . 2008-09-24 22:31 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-24 22:31 . 2008-09-24 22:31 <DIR> d-------- C:\Program Files\BitDefender
2008-09-24 22:31 . 2008-09-24 22:31 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\BitDefender
2008-09-24 22:31 . 2008-09-24 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-23 23:52 . 2008-09-26 23:54 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\PE Explorer
2008-09-20 01:55 . 2008-09-20 01:55 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\Microsoft Games
2008-09-19 01:16 . 2008-09-19 01:16 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\NwDocx
2008-09-17 16:43 . 2008-09-17 16:43 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\HEXelon
2008-09-17 16:42 . 2008-09-17 16:43 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\HateML
2008-09-17 13:58 . 2008-09-17 13:58 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\Nitro PDF
2008-09-17 13:44 . 2008-09-17 13:44 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-17 12:18 . 2008-09-17 12:18 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-17 12:18 . 2008-09-17 12:18 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-09-17 12:17 . 2008-09-17 12:17 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-09-17 12:17 . 2007-08-20 10:05 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-09-17 12:17 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-09-17 12:17 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-09-17 12:17 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-09-17 12:16 . 2008-09-17 12:16 <DIR> d-------- C:\Program Files\Futuremark
2008-09-17 12:12 . 2008-07-26 12:48 195,235 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-17 02:27 . 2008-09-17 02:27 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-17 01:12 . 2008-09-17 01:15 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-09-17 01:12 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-09-17 01:12 . 2004-11-27 19:00 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2008-09-17 01:12 . 2008-09-17 01:12 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-09-17 01:12 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-09-17 01:12 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-09-17 01:12 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-09-17 00:17 . 2008-09-17 00:18 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\ViStart
2008-09-16 20:50 . 2008-09-16 20:55 <DIR> d-------- C:\Documents and Settings\Elim\.VirtualBox
2008-09-16 20:48 . 2008-09-12 16:00 95,888 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-09-16 20:48 . 2008-09-12 16:00 47,056 --a------ C:\WINDOWS\system32\drivers\VBoxTAP.sys
2008-09-16 20:48 . 2008-09-12 16:00 41,680 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-09-16 01:14 . 2004-02-05 21:53 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
2008-09-16 01:14 . 2004-11-01 13:38 57,344 --------- C:\WINDOWS\system32\XButton.ocx
2008-09-16 00:09 . 2004-08-04 00:56 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-09-15 17:58 . 2008-09-15 17:58 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-15 17:15 . 2008-09-15 17:15 <DIR> d-------- C:\Program Files\Karen's Power Tools
2008-09-14 15:11 . 2008-09-14 15:11 73 --a------ C:\WINDOWS\wininit.ini
2008-09-14 15:09 . 2008-09-14 15:09 <DIR> d-------- C:\WINDOWS\solcache
2008-09-14 15:09 . 1998-06-10 13:07 1,053,184 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-09-14 15:09 . 1997-09-18 00:00 490,256 --a------ C:\WINDOWS\system32\Oleaut32.1
2008-09-14 15:09 . 1998-06-10 13:05 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-09-14 15:09 . 1997-07-14 14:57 11,104 --a------ C:\WINDOWS\system32\Snwvalid.hlp
2008-09-14 15:08 . 2008-09-14 15:10 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-09-14 15:07 . 2008-09-14 15:11 450 --a------ C:\WINDOWS\SIERRA.INI
2008-09-13 20:16 . 2008-09-13 20:16 <DIR> d-------- C:\Program Files\XpertVision
2008-09-13 20:16 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2008-09-13 20:16 . 2008-09-23 20:54 558 --a------ C:\WINDOWS\DFC.INI
2008-09-13 17:52 . 2008-09-20 01:54 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\My Games
2008-09-13 17:45 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-11 13:39 . 2008-09-11 13:41 <DIR> d-------- C:\WINDOWS\system32\pnyv4wnpl
2008-09-10 22:19 . 2008-09-10 22:19 <DIR> d-------- C:\Documents and Settings\Elim\WINDOWS
2008-09-10 22:19 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin0407.exe
2008-09-10 13:34 . 2008-09-21 02:41 <DIR> d-------- C:\Program Files\WinPcap
2008-09-09 14:43 . 2008-09-09 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft
2008-09-09 02:11 . 2008-09-09 02:11 10,485,760 --a------ C:\timeshift.dat_0
2008-09-08 22:02 . 2008-09-08 22:03 <DIR> d-------- C:\Program Files\TechniSat DVB
2008-09-08 22:02 . 2008-09-08 22:02 <DIR> d-------- C:\Program Files\MainConcept
2008-09-07 01:29 . 2008-09-07 01:29 <DIR> d-------- C:\Program Files\Technitium
2008-09-07 01:29 . 2008-09-07 01:29 140,488 -r------- C:\WINDOWS\system32\COMDLG32.OCX
2008-09-06 23:55 . 2008-09-06 23:55 1,024 --a------ C:\WINDOWS\system32\pdkbaya.tgz
2008-09-04 15:40 . 2008-09-04 15:40 <DIR> d-------- C:\Sandbox
2008-08-30 19:56 . 2008-08-30 19:56 <DIR> d-------- C:\Program Files\Longgame
2008-08-30 19:56 . 2008-08-30 19:56 770,048 --a------ C:\WINDOWS\3D World Map.scr
2008-08-27 18:47 . 2008-08-27 18:48 <DIR> d-------- C:\WINDOWS\system32\%DataFolder%
2008-08-23 21:00 . 2008-08-23 21:00 617 --a------ C:\WINDOWS\eReg.dat
2008-08-23 13:03 . 2008-09-27 22:01 1,604 --a------ C:\WINDOWS\Sandboxie.ini
2008-08-20 00:06 . 2008-08-20 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-08-18 23:50 . 2008-08-18 23:50 <DIR> d-------- C:\WINDOWS\system32\%PersonalRootCertificateFolder%
2008-08-14 22:37 . 2005-02-11 21:46 371,712 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-08-14 16:36 . 2008-08-14 16:37 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-12 18:40 . 2008-08-12 18:40 228,672 --a------ C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-08-12 18:40 . 2008-08-12 18:40 108,864 --a------ C:\WINDOWS\system32\drivers\bdfm.sys
2008-08-11 00:41 . 2008-08-11 00:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-10 22:05 . 2008-09-18 03:05 <DIR> d--hs---- C:\Boot
2008-08-10 22:05 . 2008-01-18 23:45 333,203 -rahs---- C:\bootmgr
2008-08-10 22:05 . 2008-09-01 01:32 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-08-10 12:56 . 2008-09-15 23:45 171,136 -rahs---- C:\grldr
2008-08-10 12:15 . 2008-08-31 15:41 <DIR> d--hs---- C:\$RECYCLE.BIN
2008-08-10 01:52 . 2006-10-25 09:05 385,280 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-08-10 01:52 . 2006-11-08 22:21 319,488 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-08-10 01:52 . 2006-10-25 09:05 295,018 --a------ C:\WINDOWS\system32\Install6x.dll
2008-08-10 01:52 . 2008-08-10 01:52 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-10 01:52 . 2006-10-25 09:05 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2008-08-10 01:52 . 2006-10-25 09:05 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2008-08-10 01:52 . 2006-10-25 09:05 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2008-08-10 01:52 . 2006-10-25 09:05 78 --a------ C:\WINDOWS\filespec6x
2008-08-10 01:51 . 2008-08-10 01:51 <DIR> d-------- C:\Program Files\Ovislink
2008-08-06 02:02 . 2008-08-06 02:02 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-06 02:02 . 2000-10-20 00:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 00:04 --------- d-----w C:\Program Files\ProgDVB
2008-09-29 17:06 --------- d-----w C:\Documents and Settings\Elim\Application Data\XnView
2008-09-23 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-09-21 20:38 --------- d-----w C:\Documents and Settings\Elim\Application Data\uTorrent
2008-09-19 23:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-19 23:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-17 20:02 --------- d-----w C:\Program Files\Miranda IM
2008-09-16 23:57 --------- d-----w C:\Program Files\Opera
2008-09-08 20:02 --------- d-----w C:\Program Files\DVBViewerTE
2008-09-06 22:40 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-08 00:26 --------- d-----w C:\Program Files\Realtek
2008-08-08 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-08 00:23 --------- d-----w C:\Program Files\Civilization3
2008-08-06 00:01 --------- d-----w C:\Program Files\Stardock
2008-07-31 10:28 --------- d-----w C:\Documents and Settings\Elim\Application Data\Ashampoo
2008-07-23 13:24 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-07-10 15:24 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-07-10 15:20 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-29 18:48 311,128 ----a-w C:\WINDOWS\system32\libssl32.dll
2008-06-29 18:48 1,526,468 ----a-w C:\WINDOWS\system32\libeay32.dll
2008-06-18 20:37 2,045,459 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.
------- Sigcheck -------
2004-08-04 01:05 2027008 789a67335f801d6d429ae49ad82c5e57 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 01:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2004-08-03 23:18 2160128 5d0f5b34f58a6869b297228ef2405282 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2004-08-04 00:56 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SandboxieControl"="C:\Instalacije\SandBoxie\SbieCtrl.exe" [2008-06-30 738816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-07-26 13570048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-07-26 86016]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-04 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-24 1655552]
"nwiz"="nwiz.exe" [2008-07-26 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"bepldr"=3 (0x3)
"nlsvc"=2 (0x2)
"MDM"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Down\\Torent\\uTorrent.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-24 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-24 24208]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 81688]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 SbieDrv;SbieDrv;C:\Instalacije\SandBoxie\SbieDrv.sys [2008-07-01 96256]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-06-09 418832]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Instalacije\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 23152]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 VBoxTAP;VirtualBox TAP Adapter;C:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2008-09-12 47056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3e3aff2-8bb0-11dd-8254-00d0d70357d6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{AE5FFACA-2EC7-4ADE-87F6-896B4E69FCC4}: NameServer = 212.200.150.11 212.200.150.2
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 19:32:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Instalacije\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-09-30 19:34:17
ComboFix-quarantined-files.txt 2008-09-30 17:34:14
Pre-Run: 16.861.413.376 bytes free
Post-Run: 17,553,076,224 bytes free
248 |
|
|
|
|
|
| Poslao: 30 Sep 2008 20:26 |
|
|
| dr_Bora |
Anti Malware Fighter
Rank 2
Supermoderator
tech foruma |
|
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 6704 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
|
|
|
|
Otvoriti Notepad i iskopirati sledeci tekst:
| Kod: | DirLook::
C:\WINDOWS\system32\pnyv4wnpl
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3e3aff2-8bb0-11dd-8254-00d0d70357d6}]
|
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. |
|
|
|
|
|
| Poslao: 01 Okt 2008 12:12 |
|
|
| Simke |
Obsidian Order
intelligence officer
Supermoderator
hardware foruma |
|
| |
| Pridružio: 21 Jul 2007 |
| Poruke: 3986 |
Gde živiš: Kako kad
[Povratak na vrh] |
|
|
|
|
|
|
Sinoc mi je nestalo struje u sred skeniranja, jutros sam ga pustio ponovo, napravio novu CFScript-u, tako da ne znam jel imalo kakav efekat ili je sta smetalo. Log:
ComboFix 08-09-28.05 - Elim 2008-10-01 12:01:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1556 [GMT 2:00]
Running from: C:\Documents and Settings\Elim\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Elim\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-09-28 01:56 . 2008-09-28 01:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-24 23:29 . 2008-09-24 23:29 <DIR> d-------- C:\Program Files\COMODO
2008-09-24 23:29 . 2008-09-24 23:29 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\Comodo
2008-09-24 23:29 . 2008-09-24 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-24 23:29 . 2008-09-24 23:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-24 23:29 . 2008-09-24 23:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-24 23:29 . 2008-09-24 23:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-24 22:36 . 2008-09-24 22:36 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-24 22:36 . 2008-09-24 22:36 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-24 22:31 . 2008-09-24 22:31 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-24 22:31 . 2008-09-24 22:31 <DIR> d-------- C:\Program Files\BitDefender
2008-09-24 22:31 . 2008-09-24 22:31 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\BitDefender
2008-09-24 22:31 . 2008-09-24 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-23 23:52 . 2008-09-26 23:54 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\PE Explorer
2008-09-20 01:55 . 2008-09-20 01:55 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\Microsoft Games
2008-09-19 01:16 . 2008-09-19 01:16 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\NwDocx
2008-09-17 16:43 . 2008-09-17 16:43 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\HEXelon
2008-09-17 16:42 . 2008-09-17 16:43 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\HateML
2008-09-17 13:58 . 2008-09-17 13:58 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\Nitro PDF
2008-09-17 13:44 . 2008-09-17 13:44 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-17 12:18 . 2008-09-17 12:18 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-17 12:18 . 2008-09-17 12:18 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-09-17 12:17 . 2008-09-17 12:17 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-09-17 12:17 . 2007-08-20 10:05 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-09-17 12:17 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-09-17 12:17 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-09-17 12:17 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-09-17 12:16 . 2008-09-17 12:16 <DIR> d-------- C:\Program Files\Futuremark
2008-09-17 12:12 . 2008-07-26 12:48 195,235 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-17 02:27 . 2008-09-17 02:27 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-17 01:12 . 2008-09-17 01:15 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-09-17 01:12 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-09-17 01:12 . 2004-11-27 19:00 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2008-09-17 01:12 . 2008-09-17 01:12 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-09-17 01:12 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-09-17 01:12 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-09-17 01:12 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-09-17 00:17 . 2008-09-17 00:18 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\ViStart
2008-09-16 20:50 . 2008-09-16 20:55 <DIR> d-------- C:\Documents and Settings\Elim\.VirtualBox
2008-09-16 20:48 . 2008-09-12 16:00 95,888 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-09-16 20:48 . 2008-09-12 16:00 47,056 --a------ C:\WINDOWS\system32\drivers\VBoxTAP.sys
2008-09-16 20:48 . 2008-09-12 16:00 41,680 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-09-16 01:14 . 2004-02-05 21:53 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
2008-09-16 01:14 . 2004-11-01 13:38 57,344 --------- C:\WINDOWS\system32\XButton.ocx
2008-09-16 00:09 . 2004-08-04 00:56 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-09-15 17:58 . 2008-09-15 17:58 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-15 17:15 . 2008-09-15 17:15 <DIR> d-------- C:\Program Files\Karen's Power Tools
2008-09-14 15:11 . 2008-09-14 15:11 73 --a------ C:\WINDOWS\wininit.ini
2008-09-14 15:09 . 2008-09-14 15:09 <DIR> d-------- C:\WINDOWS\solcache
2008-09-14 15:09 . 1998-06-10 13:07 1,053,184 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-09-14 15:09 . 1997-09-18 00:00 490,256 --a------ C:\WINDOWS\system32\Oleaut32.1
2008-09-14 15:09 . 1998-06-10 13:05 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-09-14 15:09 . 1997-07-14 14:57 11,104 --a------ C:\WINDOWS\system32\Snwvalid.hlp
2008-09-14 15:08 . 2008-09-14 15:10 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-09-14 15:07 . 2008-09-14 15:11 450 --a------ C:\WINDOWS\SIERRA.INI
2008-09-13 20:16 . 2008-09-13 20:16 <DIR> d-------- C:\Program Files\XpertVision
2008-09-13 20:16 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2008-09-13 20:16 . 2008-09-23 20:54 558 --a------ C:\WINDOWS\DFC.INI
2008-09-13 17:52 . 2008-09-20 01:54 <DIR> d-------- C:\Documents and Settings\Elim\Application Data\My Games
2008-09-13 17:45 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-11 13:39 . 2008-09-11 13:41 <DIR> d-------- C:\WINDOWS\system32\pnyv4wnpl
2008-09-10 22:19 . 2008-09-10 22:19 <DIR> d-------- C:\Documents and Settings\Elim\WINDOWS
2008-09-10 22:19 . 1999-03-23 09:12 304,128 --a------ C:\WINDOWS\unin0407.exe
2008-09-10 13:34 . 2008-09-21 02:41 <DIR> d-------- C:\Program Files\WinPcap
2008-09-09 14:43 . 2008-09-09 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft
2008-09-09 02:11 . 2008-09-09 02:11 10,485,760 --a------ C:\timeshift.dat_0
2008-09-08 22:02 . 2008-09-08 22:03 <DIR> d-------- C:\Program Files\TechniSat DVB
2008-09-08 22:02 . 2008-09-08 22:02 <DIR> d-------- C:\Program Files\MainConcept
2008-09-07 01:29 . 2008-09-07 01:29 <DIR> d-------- C:\Program Files\Technitium
2008-09-07 01:29 . 2008-09-07 01:29 140,488 -r------- C:\WINDOWS\system32\COMDLG32.OCX
2008-09-06 23:55 . 2008-09-06 23:55 1,024 --a------ C:\WINDOWS\system32\pdkbaya.tgz
2008-09-04 15:40 . 2008-09-04 15:40 <DIR> d-------- C:\Sandbox
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 00:04 --------- d-----w C:\Program Files\ProgDVB
2008-09-29 17:06 --------- d-----w C:\Documents and Settings\Elim\Application Data\XnView
2008-09-23 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-09-21 20:38 --------- d-----w C:\Documents and Settings\Elim\Application Data\uTorrent
2008-09-19 23:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-19 23:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-17 20:02 --------- d-----w C:\Program Files\Miranda IM
2008-09-16 23:57 --------- d-----w C:\Program Files\Opera
2008-09-08 20:02 --------- d-----w C:\Program Files\DVBViewerTE
2008-09-06 22:40 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-30 17:56 770,048 ----a-w C:\WINDOWS\3D World Map.scr
2008-08-30 17:56 --------- d-----w C:\Program Files\Longgame
2008-08-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-12 16:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-08-12 16:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
2008-08-09 23:52 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-09 23:51 --------- d-----w C:\Program Files\Ovislink
2008-08-08 00:26 --------- d-----w C:\Program Files\Realtek
2008-08-08 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-08 00:23 --------- d-----w C:\Program Files\Civilization3
2008-08-06 00:02 --------- d-----w C:\Program Files\Common Files\Stardock
2008-08-06 00:01 --------- d-----w C:\Program Files\Stardock
2008-07-23 13:24 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-07-10 15:24 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-07-10 15:20 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\system32\pnyv4wnpl ----
2008-11-27 22:11 13729817 --a------ C:\WINDOWS\system32\pnyv4wnpl\PC Conservancy Pro.exe
2008-11-23 14:59 130918 --a------ C:\WINDOWS\system32\pnyv4wnpl\99.exe
2007-05-13 04:28 122 --a------ C:\WINDOWS\system32\pnyv4wnpl\2.reg
2007-05-13 04:23 353 --a------ C:\WINDOWS\system32\pnyv4wnpl\3.reg
2006-06-20 12:22 5927 --ah----- C:\WINDOWS\system32\pnyv4wnpl\9.reg
------- Sigcheck -------
2004-08-04 01:05 2027008 789a67335f801d6d429ae49ad82c5e57 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 01:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2004-08-03 23:18 2160128 5d0f5b34f58a6869b297228ef2405282 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2004-08-04 00:56 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-30_19.33.51.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-30 17:27:56 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-01 10:01:24 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-30 17:27:56 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-01 10:01:24 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SandboxieControl"="C:\Instalacije\SandBoxie\SbieCtrl.exe" [2008-06-30 738816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-07-26 13570048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-07-26 86016]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-04 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-24 1655552]
"nwiz"="nwiz.exe" [2008-07-26 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"bepldr"=3 (0x3)
"nlsvc"=2 (0x2)
"MDM"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Down\\Torent\\uTorrent.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-24 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-24 24208]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 81688]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 SbieDrv;SbieDrv;C:\Instalacije\SandBoxie\SbieDrv.sys [2008-07-01 96256]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-06-09 418832]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Instalacije\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 23152]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 VBoxTAP;VirtualBox TAP Adapter;C:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2008-09-12 47056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 12:04:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Instalacije\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-10-01 12:06:33
ComboFix-quarantined-files.txt 2008-10-01 10:06:25
ComboFix2.txt 2008-09-30 17:34:19
Pre-Run: 17,356,623,872 bytes free
Post-Run: 17,543,307,264 bytes free
209 |
|
|
|
|
|
| Poslao: 01 Okt 2008 18:23 |
|
|
| dr_Bora |
Anti Malware Fighter
Rank 2
Supermoderator
tech foruma |
|
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 6704 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
|
|
|
|
|
|
|
|
|
| Poslao: 01 Okt 2008 20:53 |
|
|
| Simke |
Obsidian Order
intelligence officer
Supermoderator
hardware foruma |
|
| |
| Pridružio: 21 Jul 2007 |
| Poruke: 3986 |
Gde živiš: Kako kad
[Povratak na vrh] |
|
|
|
|
|
|
| dr_Bora :: | Da li ti je poznat ovaj program:
C:\WINDOWS\system32\pnyv4wnpl\PC Conservancy Pro.exe |
Jeste jos iz perioda dok sam imao KIS, bila slicna situacija, ali kao KIS je to sredio, bar tako je obavestenje dao. Ne secam se sada koja vrsta zaraze je bila jer nisam dobro ni video drugar doneo na flesu, prebacio na hdd i pokrenuo ga, to je bilo pre skoro mesec dana.
| dr_Bora :: | | ... upload-uj file: C:\WINDOWS\system32\pnyv4wnpl\99.exe |
Podigao sam. |
|
|
|
|
|
| Poslao: 01 Okt 2008 21:19 |
|
|
| dr_Bora |
Anti Malware Fighter
Rank 2
Supermoderator
tech foruma |
|
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 6704 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
|
|
|
|
Obriši kompletan folder: C:\WINDOWS\system32\pnyv4wnpl
Odradićemo još jednu proveru.
Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.
Dupli klik na gmer.exe za početak:- Izaberi Rootkit/Malware Tab na vrhu.
- Klikni na Scan.
- Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
- Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
- Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.
Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili. |
|
|
|
|
|
| Poslao: 01 Okt 2008 22:10 |
|
|
| Simke |
Obsidian Order
intelligence officer
Supermoderator
hardware foruma |
|
| |
| Pridružio: 21 Jul 2007 |
| Poruke: 3986 |
Gde živiš: Kako kad
[Povratak na vrh] |
|
|
|
|
|
|
|
|
|
|
|
| Poslao: 02 Okt 2008 19:44 |
|
|
| dr_Bora |
Anti Malware Fighter
Rank 2
Supermoderator
tech foruma |
|
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 6704 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
|
|
|
|
| Hajde ponovi prvo skeniranje Gmer-om (Rootkit/Malware scan) i priloži logfile uz poruku. |
|
|
|
|
|
| Poslao: 02 Okt 2008 23:01 |
|
|
| Simke |
Obsidian Order
intelligence officer
Supermoderator
hardware foruma |
|
| |
| Pridružio: 21 Jul 2007 |
| Poruke: 3986 |
Gde živiš: Kako kad
[Povratak na vrh] |
|
|
|
|
|
|
|
|
|
|
|
| Poslao: 03 Okt 2008 16:19 |
|
|
| dr_Bora |
Anti Malware Fighter
Rank 2
Supermoderator
tech foruma |
|
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 6704 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
|
|
|
|
Ovo izgleda ok, bar što se tiče malware-a.
- Klikni START a zatim RUN
- U liniju za unos teksta ukucaj Combofix /u i klikni OK
- Sačekaj da se proces deinstalacije završi
Gornja procedura će:
- Obrisati sledeće:
- ComboFix i njegove file-ove i foldere
- VundoFix Backups folder, ako postoji
- C:\Deckard folder, ako postoji
- C:\OtMoveIt folder, ako postoji
- Resetovati podešavanja sata na kompjuteru
- Sakriti ekstenzije file-ova, ako je potrebno
- Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
- Resetovati System Restore
Za ono u vezi pokretanja instalacije Office-a stvarno ne znam šta bih rekao. Jesi li pokušao da dozvoliš instalaciju? |
|
|
|
|
|
| Poslao: 03 Okt 2008 16:51 |
|
|
| Simke |
Obsidian Order
intelligence officer
Supermoderator
hardware foruma |
|
| |
| Pridružio: 21 Jul 2007 |
| Poruke: 3986 |
Gde živiš: Kako kad
[Povratak na vrh] |
|
|
|
|
|
|
| dr_Bora :: | | Za ono u vezi pokretanja instalacije Office-a stvarno ne znam šta bih rekao. Jesi li pokušao da dozvoliš instalaciju? |
Jesam stigne do pola i onda naravno trazi disk sa kojeg je instaliran. Deinstalirao sam ga pa ponovo instalirao i nista isto ( brisem MSOCache, sys restore je iskljucen, temp foldere redovno praznim, obrisao sam iz win instaler foldera zaostale exe fajlove office-a ).
Kada pokrenem foxit readera pokrene office, isto tako kada se pokrece karen who is, virtbox, neke igre ( manje ) i naravno same komponente office-a. Pazi nije to neki veliki problem, ali me nervira i sto je najgore ne mogu mu nista ( za sada, ali cekaj samo  ). Inace sve to manje - vise imam i u Visti i sve ok radi, nemam nikakvih problema. |
|
|
|
|
|
  |
Strana 1 od 1
|
(Registrovanim korisnicima se NE prikazuju reklame)
Ukupno su 225 korisnika na forumu :: 15 Registrovanih, 1 Sakrivenih i 209 Gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Korisnici trenutno na forumu: Brano, Da vam Bata nešto kaže..., despot77, grbe, ivanzj, juba, kole017, maha, miron, MSMarkoN, oblak, Ričard, Sirius, tmst, Žan Klod vam dam |
|
Skini ComboFix sa jedne od sledecih adresa na Desktop:
