Postoji li sta sumnjivo?

1

Postoji li sta sumnjivo?

offline
  • Pridružio: 21 Jan 2008
  • Poruke: 10

U poslednja 2 dana mi je jako usporio komp... Do pre neki dan sam koristio KAV ali je istekao pa sam ga izbrisao, nije valjda za tako kratklo vreme nesto uletelo?

Logfile of HijackThis v1.99.1
Scan saved at 6:48:53 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\backup LAST\26 sept\Mozilla Firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
D:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\dankoa\Desktop\dadad\tr3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.icq.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\cache\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0B887-339B-4F0C-BDF0-911F5BEDBAA6}: NameServer = 212.200.166.8 212.200.166.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zdravo,
U postavljenom logu nema niceg sumnjivog. Odradicemo jos jednu analizu za svaki slucaj.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 21 Jan 2008
  • Poruke: 10

Evo ga, usput se resetoavo racunar, i podugo je trajalo

ComboFix 08-01-23.1C - dankoa 2008-01-27 2:34:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.49 [GMT 1:00]
Running from: D:\BAckup2\TXT\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\6.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\7.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\7.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\7.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\7.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\7.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\7.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\7.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\7.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\7.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\Cache\00196DE3.bin
C:\Program Files\MyWebSearch\bar\Cache\0112C88B.bin
C:\Program Files\MyWebSearch\bar\Cache\0112F298.bin
C:\Program Files\MyWebSearch\bar\Cache\01131860.bin
C:\Program Files\MyWebSearch\bar\Cache\01157EE1.bin
C:\Program Files\MyWebSearch\bar\Cache\0115851A.bin
C:\Program Files\MyWebSearch\bar\Cache\01158F3C.bin
C:\Program Files\MyWebSearch\bar\Cache\0115ADC1.bin
C:\Program Files\MyWebSearch\bar\Cache\0115C07E.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\npf


((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 02:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-20 02:42 . 2008-01-20 02:42 268 --ah----- C:\sqmdata19.sqm
2008-01-20 02:42 . 2008-01-20 02:42 244 --ah----- C:\sqmnoopt19.sqm
2008-01-19 15:57 . 2008-01-19 15:57 <DIR> d-------- C:\Program Files\Funnsystems YuMp3Com-User-Authorization
2008-01-19 03:33 . 2008-01-19 03:33 268 --ah----- C:\sqmdata18.sqm
2008-01-19 03:33 . 2008-01-19 03:33 244 --ah----- C:\sqmnoopt18.sqm
2008-01-19 01:27 . 2008-01-19 01:27 268 --ah----- C:\sqmdata17.sqm
2008-01-19 01:27 . 2008-01-19 01:27 244 --ah----- C:\sqmnoopt17.sqm
2008-01-17 23:35 . 2008-01-17 23:35 268 --ah----- C:\sqmdata16.sqm
2008-01-17 23:35 . 2008-01-17 23:35 244 --ah----- C:\sqmnoopt16.sqm
2008-01-17 00:39 . 2008-01-17 00:39 268 --ah----- C:\sqmdata15.sqm
2008-01-17 00:39 . 2008-01-17 00:39 244 --ah----- C:\sqmnoopt15.sqm
2008-01-16 01:35 . 2008-01-16 01:35 268 --ah----- C:\sqmdata14.sqm
2008-01-16 01:35 . 2008-01-16 01:35 244 --ah----- C:\sqmnoopt14.sqm
2008-01-15 00:41 . 2008-01-15 00:41 268 --ah----- C:\sqmdata13.sqm
2008-01-15 00:41 . 2008-01-15 00:41 244 --ah----- C:\sqmnoopt13.sqm
2008-01-14 23:01 . 2008-01-14 23:01 268 --ah----- C:\sqmdata12.sqm
2008-01-14 23:01 . 2008-01-14 23:01 244 --ah----- C:\sqmnoopt12.sqm
2008-01-14 14:49 . 1998-10-29 14:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-13 18:17 . 2008-01-19 01:36 <DIR> d-------- C:\Program Files\ICQToolbar
2008-01-13 18:04 . 2008-01-13 18:06 <DIR> d-------- C:\Program Files\ICQ6
2008-01-13 15:03 . 2008-01-13 15:03 268 --ah----- C:\sqmdata11.sqm
2008-01-13 15:03 . 2008-01-13 15:03 244 --ah----- C:\sqmnoopt11.sqm
2008-01-12 11:20 . 2008-01-12 11:20 268 --ah----- C:\sqmdata10.sqm
2008-01-12 11:20 . 2008-01-12 11:20 244 --ah----- C:\sqmnoopt10.sqm
2008-01-11 17:27 . 2008-01-11 17:27 268 --ah----- C:\sqmdata09.sqm
2008-01-11 17:27 . 2008-01-11 17:27 244 --ah----- C:\sqmnoopt09.sqm
2007-12-28 11:29 . 2007-12-28 11:29 268 --ah----- C:\sqmdata08.sqm
2007-12-28 11:29 . 2007-12-28 11:29 244 --ah----- C:\sqmnoopt08.sqm
2007-12-27 23:01 . 2007-12-27 23:01 268 --ah----- C:\sqmdata07.sqm
2007-12-27 23:01 . 2007-12-27 23:01 244 --ah----- C:\sqmnoopt07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 19:39 --------- d-----w C:\Program Files\DivX
2007-12-22 19:37 --------- d-----w C:\Program Files\DivX Total Pack
2007-12-17 21:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 18:07 --------- d-----w C:\Program Files\MSBuild
2007-12-07 18:07 --------- d-----w C:\Program Files\Microsoft Works
2007-12-03 21:00 --------- d-----w C:\Program Files\UltimateBet
2006-02-22 21:11 90 -c--a-w C:\Program Files\LastSet.mv2
2006-02-22 21:11 501 -c--a-w C:\Program Files\MV2Player.rcn
2006-02-22 21:11 10,761 -c--a-w C:\Program Files\MV2Player.ini
2003-02-06 07:42 778,240 -c--a-w C:\Program Files\Mv2Player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:56 1667584]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 12:27 222208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - C:\Program Files\802.11 Wireless LAN\802.11b Wireless CardBus & PCI Adapter HW.11 V1.10\WlanCU.exe [2003-08-08 10:24:02 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 D:\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-03 23:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]
R3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\rtl8180.SYS [2003-06-16 10:18]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-27 02:45:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 2:49:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 01:49:48
.
2007-09-28 00:51:07 --- E O F ---

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Daj mi sledeci fajl na proveru:
C:\WINDOWS\System32\Drivers\SjyPkt.sys

Uploaduj ga preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 21 Jan 2008
  • Poruke: 10

Uploadovano...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Fajl je cist.

Kako se komp sada ponasa? Jel jos uvek preterano spor?

offline
  • Pridružio: 21 Jan 2008
  • Poruke: 10

Ubrzao je nesto.. I windows je relaivno star, mozda je i do toga... Hvala puno u svakom slucaju

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Cek, gde ces? Smile

C:\Program Files\UltimateBet <-- program za online opklade, jel to s namerom instalirano ili se samo nekako instaliralo?

offline
  • Pridružio: 21 Jan 2008
  • Poruke: 10

Bratovo je to delo, verovatno je s namerom Smile

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ajde mi uradi jos jedan log za kraj:

Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

Ko je trenutno na forumu
 

Ukupno su 1242 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 1195 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, AK - 230, Asparagus, babaroga, BORUTUS, cifra, croato, darcaud, dragoljub11987, Duh sa sekirom, Dvojac005, Excalibur13, FOX, GenZee, Georgius, hooraay, Istman, krkalon, Kruger, Krusarac, Krvava Devetka, lord sir giga, Lubica, Marko Marković, mercedesamg, naki011, nemkea71, NoOneEver Dreams, opt1, pera bager, Sančo, sombrero, Srky Boy, theNedjeljko, vasa.93, virked, VJ, Vlad000, voja64, VP6919, zdrebac