MyCity » Ambulanta -> Arhiva Ambulante » Šta s ovim?

Šta s ovim?

Napisano na dan: 3.3.2008
1

Šta s ovim?
Sledeća strana Pagination

Idi na vrh

Poslao: 03 Mar 2008 13:58
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18458
  • Gde živiš: I ja se pitam...

Pre dva dana moj sin je s drugarom nešto radio na kompu i ovaj je flešom očigledno nešto preneo. Kada uključim komp pojavi se ovakvo upozorenje:



O čemu je reč?

Poslao: 03 Mar 2008 16:58
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Ne vidi se šta je u pitanju (slika je premala).

Ako misliš da ima veze sa malware-om:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 03 Mar 2008 17:43
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18458
  • Gde živiš: I ja se pitam...

Tako sam i mislio. Čistio sam sad komp, pa ako se ponovo pojavi, napraviću veći sshot. Hvala u svakom slučaju.

-----

Logfile of HijackThis v1.99.1
Scan saved at 17:40:51, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Documents and Settings\Administrator\Desktop\TEST FOLDER\TESTFILE.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - Startup: Adobe Gamma.lnk
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Evo i loga koji sam uradio po upustvu. On mi je usput rekao da ne brišem ništa dok ne pitam.

Poslao: 03 Mar 2008 18:44
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Jesi li neki svoj USB drive spajao u međuvremenu na kompjuter?
Ako jesi, isprati uputstvo za Flash_Disinfector.


Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.




-------------------------------------------------------------------------------------



Zatim pokreni HT, skeniraj i čekiraj sledeću liniju:

F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe

Klikni Fix Checked.



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 03 Mar 2008 20:20
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18458
  • Gde živiš: I ja se pitam...

Uradio sam sve kako je rečeno. Evo loga. Hvala unapred.

ComboFix 08-03-03.15 - Administrator 2008-03-03 20:17:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.537 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-02-29 18:20 . 2002-11-20 21:16 180,224 --a------ C:\WINDOWS\system32\Ijl11.dll
2008-02-29 18:20 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-02-29 18:20 . 2001-11-22 15:00 24,626 --a------ C:\WINDOWS\system32\scrrntr.dll
2008-02-29 18:20 . 2007-03-27 15:25 20,480 --a------ C:\WINDOWS\system32\PAC.EXE.VIR
2008-02-28 07:45 . 2008-02-28 07:45 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-02-24 15:10 . 2008-02-24 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-24 15:08 . 2008-02-24 15:08 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-24 15:08 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-02-24 15:08 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-02-24 15:08 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-02-24 15:08 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-02-24 15:08 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-02-24 15:08 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-02-24 15:05 . 2005-07-29 21:55 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-24 15:05 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-24 15:05 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-24 15:05 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-24 15:05 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-21 10:05 . 2008-02-21 10:05 <DIR> d-------- C:\Program Files\PowerISO
2008-02-14 07:14 . 2008-02-14 07:14 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-13 23:16 . 2008-02-13 23:16 <DIR> d-------- C:\Program Files\Crawler
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-13 23:16 . 2008-03-03 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-08 07:40 . 2008-02-08 07:40 <DIR> d-------- C:\Program Files\Argente Software
2008-02-04 21:22 . 2008-03-02 12:55 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 21:17 . 2008-02-04 21:23 <DIR> d-------- C:\Program Files\ICQ6
2008-02-04 21:17 . 2008-02-04 21:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-02-03 11:28 . 2008-02-03 11:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Bitstream
2008-02-03 11:24 . 2008-02-28 22:01 2,984 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-02-03 11:24 . 2008-02-28 22:01 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\5D8A4B97B3.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 19:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-03-03 19:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-03 19:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-03-03 18:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-03-02 23:20 3,662 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-01 10:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-23 09:13 --------- d-----w C:\Program Files\Corel
2008-02-09 19:11 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-02-04 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 10:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-02 10:37 --------- d-----w C:\Program Files\PC Registry Cleaner
2008-01-31 18:28 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-01-31 18:27 --------- d-----w C:\Program Files\Mystery Case Files - Ravenhearst
2008-01-31 18:26 --------- d-----w C:\Program Files\BFG
2008-01-27 09:45 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-26 16:31 90,112 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 16:31 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2008-01-26 16:31 --------- d-----w C:\Program Files\TEXTware
2008-01-26 16:31 --------- d-----w C:\Program Files\IDM
2008-01-26 16:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-01-26 16:28 --------- d-----w C:\Program Files\Cambridge
2008-01-26 15:27 --------- d-----w C:\Program Files\3D Online Pool
2008-01-25 06:16 --------- d-----w C:\Program Files\Google
2008-01-23 15:41 --------- d-----w C:\Program Files\CDex_150
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-17 19:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-17 15:52 --------- d-----w C:\Program Files\YouTube Downloader
2008-01-15 13:41 --------- d-----w C:\Program Files\MagicISO
2008-01-14 14:53 --------- d-----w C:\Program Files\Common Files\Real
2008-01-13 11:06 --------- d-----w C:\Program Files\FLVPlayer
2008-01-12 23:09 --------- d-----w C:\Program Files\Microsoft
2008-01-12 18:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-01-12 18:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-12 15:19 --------- d-----w C:\Program Files\DNA
2008-01-12 15:19 --------- d-----w C:\Program Files\BitTorrent
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-12 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-12 14:27 --------- d-----w C:\Program Files\Bonjour
2008-01-12 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-01-12 14:22 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-12 14:02 --------- d-----w C:\Program Files\Warblade
2008-01-12 11:11 --------- d-----w C:\Program Files\Mustek 1200 UB Plus
2008-01-12 10:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-01-12 10:18 --------- d-----w C:\Program Files\WinSnap
2008-01-12 10:06 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 09:48 --------- d-----w C:\Program Files\Winamp
2008-01-12 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-01-11 22:14 --------- d-----w C:\Program Files\Avira
2008-01-11 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 21:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-11 21:11 --------- d-----w C:\Program Files\Skype
2008-01-11 21:11 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-11 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-11 20:42 --------- d-----w C:\Program Files\Yahoo!
2008-01-11 20:42 --------- d-----w C:\Program Files\CCleaner
2008-01-11 20:20 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-01-11 19:19 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-11 18:33 --------- d-----w C:\Program Files\TP-LINK
2008-01-11 18:27 --------- d-----w C:\Program Files\hp LaserJet 1000
2008-01-11 17:53 --------- d-----w C:\Program Files\XviD
2008-01-11 17:53 --------- d-----w C:\Program Files\Webteh
2008-01-11 17:53 --------- d-----w C:\Program Files\DivX
2008-01-11 17:53 --------- d-----w C:\Program Files\Crystal Player
2008-01-11 17:53 --------- d-----w C:\Program Files\AC3Filter
2008-01-11 15:36 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-11 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-11 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-11 14:20 --------- d-----w C:\Program Files\Common Files\L&H
2008-01-11 14:19 --------- d-----w C:\Program Files\Microsoft Works
2008-01-11 14:17 --------- d-----w C:\Program Files\CyberLink
2008-01-11 14:17 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-11 14:17 --------- d-----w C:\Program Files\Ahead
2008-01-11 14:16 --------- d-----w C:\Program Files\QuickTime Alternative
2008-01-11 14:16 --------- d-----w C:\Program Files\Media Player Classic
2008-01-11 14:16 --------- d-----w C:\Program Files\7-Zip
2008-01-11 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-11 14:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-11 14:10 --------- d-----w C:\Program Files\Unlocker
2007-12-20 22:11 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
.

------- Sigcheck -------

0601f83f6784c220ee302f03f702316e C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,448 2002-12-31 12:00:00 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:21 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-19 19:33 287040]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-11-27 23:45 588080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-24 18:56 171448]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 14:45 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 08:42 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-11 23:21 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-13 23:18 2834432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Watch.lnk - C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe [2008-01-12 12:11:30 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 17:11]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-14 07:14]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d432e5-e61f-11dc-a929-0013d43cf258}]
\Shell\Auto\command - H:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - H:\activexdebugger32.exe f
\Shell\open\Command - H:\activexdebugger32.exe f

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 20:19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 20:19:37
ComboFix2.txt 2008-03-03 19:16:12

Poslao: 03 Mar 2008 21:19
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj mi sledeće file-ove (ako možeš, upakuj ih u jedan zip, ako ne, onda pojedinačno):

C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll
C:\WINDOWS\system32\PAC.EXE.VIR


Upload link: http://www.mycity.rs/ambulanta-upload.php

Poslao: 03 Mar 2008 22:03
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18458
  • Gde živiš: I ja se pitam...

OK, poslao sam.
Kada sam hteo da uploadujem ovaj
C:\WINDOWS\system32\PAC.EXE.VIR
avira antivirus mi nije dao ga ga kopiram. Ja sam taj fajl obeležio za karantin i on je nestao odande. Da li sam dobro uradio? Ako nisam, kako da ga vratim iz karantina?

Poslao: 03 Mar 2008 22:50
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ne znam napamet nazive opcija za Aviru, tako da...
File je svejedno bio za brisanje. Hajde da počistimo i ovo ostalo...



Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d432e5-e61f-11dc-a929-0013d43cf258}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 04 Mar 2008 07:32
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18458
  • Gde živiš: I ja se pitam...

ComboFix 08-03-03.15 - Administrator 2008-03-04 7:28:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-02-28 07:45 . 2008-02-28 07:45 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-02-24 15:10 . 2008-02-24 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-24 15:08 . 2008-02-24 15:08 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-24 15:08 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-02-24 15:08 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-02-24 15:08 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-02-24 15:08 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-02-24 15:08 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-02-24 15:08 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-02-24 15:05 . 2005-07-29 21:55 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-24 15:05 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-24 15:05 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-24 15:05 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-24 15:05 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-21 10:05 . 2008-02-21 10:05 <DIR> d-------- C:\Program Files\PowerISO
2008-02-14 07:14 . 2008-02-14 07:14 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-13 23:16 . 2008-02-13 23:16 <DIR> d-------- C:\Program Files\Crawler
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-13 23:16 . 2008-03-03 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-08 07:40 . 2008-02-08 07:40 <DIR> d-------- C:\Program Files\Argente Software
2008-02-04 21:22 . 2008-03-02 12:55 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 21:17 . 2008-02-04 21:23 <DIR> d-------- C:\Program Files\ICQ6
2008-02-04 21:17 . 2008-02-04 21:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 06:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-03-04 06:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-03-04 06:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-04 06:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-03-02 23:20 3,662 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-01 10:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 21:01 88 --sh--r C:\Documents and Settings\All Users\Application Data\5D8A4B97B3.sys
2008-02-28 21:01 2,984 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-02-23 09:13 --------- d-----w C:\Program Files\Corel
2008-02-09 19:11 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-02-04 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 10:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bitstream
2008-02-03 10:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-02 10:37 --------- d-----w C:\Program Files\PC Registry Cleaner
2008-01-31 18:28 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-01-31 18:27 --------- d-----w C:\Program Files\Mystery Case Files - Ravenhearst
2008-01-31 18:26 --------- d-----w C:\Program Files\BFG
2008-01-27 09:45 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-26 16:31 90,112 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 16:31 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2008-01-26 16:31 --------- d-----w C:\Program Files\TEXTware
2008-01-26 16:31 --------- d-----w C:\Program Files\IDM
2008-01-26 16:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-01-26 16:28 --------- d-----w C:\Program Files\Cambridge
2008-01-26 15:27 --------- d-----w C:\Program Files\3D Online Pool
2008-01-25 06:16 --------- d-----w C:\Program Files\Google
2008-01-23 15:41 --------- d-----w C:\Program Files\CDex_150
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-17 19:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-17 15:52 --------- d-----w C:\Program Files\YouTube Downloader
2008-01-15 13:41 --------- d-----w C:\Program Files\MagicISO
2008-01-14 14:53 --------- d-----w C:\Program Files\Common Files\Real
2008-01-13 11:06 --------- d-----w C:\Program Files\FLVPlayer
2008-01-12 23:09 --------- d-----w C:\Program Files\Microsoft
2008-01-12 18:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-01-12 18:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-12 15:19 --------- d-----w C:\Program Files\DNA
2008-01-12 15:19 --------- d-----w C:\Program Files\BitTorrent
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-12 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-12 14:27 --------- d-----w C:\Program Files\Bonjour
2008-01-12 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-01-12 14:22 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-12 14:02 --------- d-----w C:\Program Files\Warblade
2008-01-12 11:11 --------- d-----w C:\Program Files\Mustek 1200 UB Plus
2008-01-12 10:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-01-12 10:18 --------- d-----w C:\Program Files\WinSnap
2008-01-12 10:06 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 09:48 --------- d-----w C:\Program Files\Winamp
2008-01-12 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-01-11 22:14 --------- d-----w C:\Program Files\Avira
2008-01-11 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 21:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-11 21:11 --------- d-----w C:\Program Files\Skype
2008-01-11 21:11 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-11 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-11 20:42 --------- d-----w C:\Program Files\Yahoo!
2008-01-11 20:42 --------- d-----w C:\Program Files\CCleaner
2008-01-11 20:20 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-01-11 19:19 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-11 18:33 --------- d-----w C:\Program Files\TP-LINK
2008-01-11 18:27 --------- d-----w C:\Program Files\hp LaserJet 1000
2008-01-11 17:53 --------- d-----w C:\Program Files\XviD
2008-01-11 17:53 --------- d-----w C:\Program Files\Webteh
2008-01-11 17:53 --------- d-----w C:\Program Files\DivX
2008-01-11 17:53 --------- d-----w C:\Program Files\Crystal Player
2008-01-11 17:53 --------- d-----w C:\Program Files\AC3Filter
2008-01-11 15:36 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-11 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-11 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-11 14:20 --------- d-----w C:\Program Files\Common Files\L&H
2008-01-11 14:19 --------- d-----w C:\Program Files\Microsoft Works
2008-01-11 14:17 --------- d-----w C:\Program Files\CyberLink
2008-01-11 14:17 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-11 14:17 --------- d-----w C:\Program Files\Ahead
2008-01-11 14:16 --------- d-----w C:\Program Files\QuickTime Alternative
2008-01-11 14:16 --------- d-----w C:\Program Files\Media Player Classic
2008-01-11 14:16 --------- d-----w C:\Program Files\7-Zip
2008-01-11 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-11 14:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-11 14:10 --------- d-----w C:\Program Files\Unlocker
2007-12-20 22:11 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
.

------- Sigcheck -------

0601f83f6784c220ee302f03f702316e C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,448 2002-12-31 12:00:00 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:21 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-19 19:33 287040]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-11-27 23:45 588080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-24 18:56 171448]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 14:45 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 08:42 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-11 23:21 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-13 23:18 2834432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Watch.lnk - C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe [2008-01-12 12:11:30 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 17:11]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-14 07:14]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 07:31:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 7:31:54
ComboFix-quarantined-files.txt 2008-03-04 06:31:52
ComboFix2.txt 2008-03-03 19:19:38
ComboFix3.txt 2008-03-03 19:16:12

Poslao: 04 Mar 2008 16:55
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

MyCity » Ambulanta -> Arhiva Ambulante » Šta s ovim?

Ko je trenutno na forumu
 

Ukupno su 1039 korisnika na forumu :: 50 registrovanih, 9 sakrivenih i 980 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aramis s, babaroga, Bobrock1, bokisha253, Boris90, CHARLIE JA., croato, darkangel, Darko8, Denaya, Djokkinen, DonRumataEstorski, dule10savic, Excalibur13, Frunze, goxin, havoc995, ILGromovnik, ivan1973, kjkszpj, kobaja77, Krvava Devetka, Kubovac, kuntalo, KUZMAR, kybonacci, laurusri, Lieutenant, ljuba, ljubacv, mackenzie, mercedesamg, milenko crazy north, N.e.m.a.nj.a., nenooo, panzerwaffe, pein, procesor, raptorsi, raykan, Ripanjac, RJ, Sir Budimir, Srky Boy, vathra, Vatreni Zmaj, wulfy, YugoSlav