pomoć TR/Crypt.XPACK.Gen

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Trebam pomoć....
imam Avira Antivir i cijelo vrijeme mi izbacuje da imam trojanca TR/Crypt.XPACK.Gen, pokazuje mi da su to fileovi money1.exe i dollar.exe

hvala unaprijed


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:04, on 9.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\firefox.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\msnsvc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Corel Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Mozilla Firefox] firefox.exe
O4 - HKLM\..\Run: [MSN Messenger Service] msnsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1292428093-630328440-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Obrt')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5136E569-A7E6-49C9-95FA-41D5A5360E36}: NameServer = 195.29.149.196 195.29.149.197
O17 - HKLM\System\CS1\Services\Tcpip\..\{5136E569-A7E6-49C9-95FA-41D5A5360E36}: NameServer = 195.29.149.196 195.29.149.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5605 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...




Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------------------------------------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-07-08.9 - Stipe 2008-07-09 22:23:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1174 [GMT 2:00]
Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\admintxt.txt

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM
2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-09 02:01 . 2008-07-09 02:01 41,984 -r-hs---- C:\WINDOWS\msnsvc.exe
2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca
2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca
2008-07-07 23:49 . 2008-07-08 02:38 39,424 -r-hs---- C:\WINDOWS\firefox.exe
2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech
2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech
2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech
2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys
2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM
2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ
2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel
2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java
2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire
2008-07-06 23:55 . 2008-07-09 00:07 <DIR> d-------- C:\Program Files\Garena
2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield
2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer
2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel
2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel
2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel
2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache
2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro
2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh
2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO
2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 19:22 . 2008-07-09 00:08 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent
2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp
2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver
2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX
2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe
2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe
2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe
2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu
2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu
2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu
2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA
2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys
2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL
2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll
2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys
2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"Mozilla Firefox"="firefox.exe" [2008-07-08 02:38 39424 C:\WINDOWS\firefox.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-09 22:26:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
.
**************************************************************************
.
Completion time: 2008-07-09 22:27:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 20:27:45

Pre-Run: 6,418,563,072 bytes free
Post-Run: 6,488,555,520 bytes free

207

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\msnsvc.exe
C:\WINDOWS\firefox.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Firefox"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-07-08.9 - Stipe 2008-07-10 0:43:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1148 [GMT 2:00]
Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stipe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\firefox.exe
C:\WINDOWS\msnsvc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\firefox.exe
C:\WINDOWS\msnsvc.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-10 00:29 . 2008-07-10 00:29 52,224 --a------ C:\asd.exe
2008-07-10 00:28 . 2008-07-10 00:28 41,984 --a------ C:\msnrav32.exe
2008-07-10 00:26 . 2008-07-10 00:26 40,960 -r-hs---- C:\WINDOWS\WinKettle.exe
2008-07-10 00:26 . 2008-07-10 00:26 40,960 --a------ C:\msn2.exe
2008-07-10 00:20 . 2008-07-10 00:20 52,224 -r-hs---- C:\WINDOWS\Windows Firewall.exe
2008-07-10 00:20 . 2008-07-10 00:20 52,224 --a------ C:\asdkfj.exe
2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM
2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca
2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca
2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech
2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech
2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech
2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys
2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM
2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ
2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel
2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java
2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire
2008-07-06 23:55 . 2008-07-09 23:19 <DIR> d-------- C:\Program Files\Garena
2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield
2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer
2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel
2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel
2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel
2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache
2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro
2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh
2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO
2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 19:22 . 2008-07-09 22:49 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent
2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp
2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver
2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX
2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe
2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe
2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe
2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu
2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu
2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu
2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA
2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys
2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL
2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll
2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys
2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"Windows Media Firewall"="Windows Firewall.exe" [2008-07-10 00:20 52224 C:\WINDOWS\Windows Firewall.exe]
"Windows Kernel Log"="WinKettle.exe" [2008-07-10 00:26 40960 C:\WINDOWS\WinKettle.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Media Firewall"="Windows Firewall.exe" [2008-07-10 00:20 52224 C:\WINDOWS\Windows Firewall.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Garena\\Garena.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-10 00:43:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-10 0:44:17
ComboFix-quarantined-files.txt 2008-07-09 22:44:14
ComboFix2.txt 2008-07-09 20:27:49

Pre-Run: 6,487,883,776 bytes free
Post-Run: 6,479,593,472 bytes free

209

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imamo još posla...



Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\asd.exe
C:\msnrav32.exe
C:\WINDOWS\WinKettle.exe
C:\msn2.exe
C:\WINDOWS\Windows Firewall.exe
C:\asdkfj.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Media Firewall"=-
"Windows Kernel Log"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Media Firewall"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-07-08.9 - Stipe 2008-07-11 14:21:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1160 [GMT 2:00]
Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stipe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\asd.exe
C:\asdkfj.exe
C:\msn2.exe
C:\msnrav32.exe
C:\WINDOWS\Windows Firewall.exe
C:\WINDOWS\WinKettle.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\asd.exe
C:\asdkfj.exe
C:\msn2.exe
C:\msnrav32.exe
C:\WINDOWS\Windows Firewall.exe
C:\WINDOWS\WinKettle.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-11 14:17 . 2008-07-11 14:17 421,888 --a------ C:\surf32.exe
2008-07-10 14:00 . 2008-07-10 14:00 511 --a------ C:\xb.exe
2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM
2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca
2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca
2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech
2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech
2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech
2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys
2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM
2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ
2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel
2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java
2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire
2008-07-06 23:55 . 2008-07-10 12:36 <DIR> d-------- C:\Program Files\Garena
2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield
2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer
2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel
2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel
2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel
2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache
2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro
2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh
2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO
2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 19:22 . 2008-07-09 22:49 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent
2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp
2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver
2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX
2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe
2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe
2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe
2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu
2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu
2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu
2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA
2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys
2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL
2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll
2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys
2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 20:25:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 11:36:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-07 06:46:11 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-11 12:17:48 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-07 06:46:11 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-11 12:17:48 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-11 12:18:48 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_e44.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"AntiVirusMonitorExe"="C:\surf32.exe" [2008-07-11 14:17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Garena\\Garena.exe"=
"C:\\surf32.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-11 14:22:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-11 14:23:06
ComboFix-quarantined-files.txt 2008-07-11 12:23:03
ComboFix2.txt 2008-07-09 22:44:18
ComboFix3.txt 2008-07-09 20:27:49

Pre-Run: 6,429,925,376 bytes free
Post-Run: 6,421,843,968 bytes free

221

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa neverovatno... Novi maliciozni file-ovi su kreirani nekoliko minuta pre no što si pokrenuo CF.

Idemo opet...


Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\surf32.exe
C:\xb.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiVirusMonitorExe"=-




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-07-08.9 - Stipe 2008-07-11 19:22:42.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1174 [GMT 2:00]
Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stipe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\surf32.exe
C:\xb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\surf32.exe
C:\xb.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM
2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca
2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca
2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech
2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech
2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech
2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys
2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech
2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM
2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ
2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel
2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java
2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire
2008-07-06 23:55 . 2008-07-10 12:36 <DIR> d-------- C:\Program Files\Garena
2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield
2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer
2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel
2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel
2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel
2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild
2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache
2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro
2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh
2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO
2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 19:22 . 2008-07-09 22:49 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent
2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp
2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira
2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver
2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX
2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe
2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe
2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe
2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu
2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu
2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu
2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA
2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys
2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL
2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll
2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys
2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 20:25:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 16:54:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-07 06:46:11 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-11 16:55:36 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-07 06:46:11 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-11 16:55:36 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Garena\\Garena.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}]
\Shell\AutoRun\command - I:\BugDVD.exe
\Shell\Install\command - I:\BugDVD.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-11 19:23:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-11 19:23:55
ComboFix-quarantined-files.txt 2008-07-11 17:23:52
ComboFix2.txt 2008-07-11 12:23:07
ComboFix3.txt 2008-07-09 22:44:18
ComboFix4.txt 2008-07-09 20:27:49

Pre-Run: 6,399,557,632 bytes free
Post-Run: 6,390,161,408 bytes free

208

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poslednji log je čist.


Kakvo je sada stanje? Neki problemi?