Možda tražite i:
TR/Crypt.XPACK.Gen [trojan]
kako da uklonim virus Win32:Trojan-gen. {UPX!} ?
w32.hllw.gaobot.gen
TR/Drroper.Gen Trojan

MyCity » Ambulanta -> Arhiva Ambulante » pomoć TR/Crypt.XPACK.Gen

pomoć TR/Crypt.XPACK.Gen

Napisano na dan: 9.7.2008

Strana:
1
2

pomoć TR/Crypt.XPACK.Gen

Sledeća strana

Pagination

Odgovori

Strana:
1
2

d1v1jak Poslao: 09 Jul 2008 14:33 Idi na vrh
offline d1v1jak Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trebam pomoć.... imam Avira Antivir i cijelo vrijeme mi izbacuje da imam trojanca TR/Crypt.XPACK.Gen, pokazuje mi da su to fileovi money1.exe i dollar.exe hvala unaprijed Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:28:04, on 9.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\firefox.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\msnsvc.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Corel Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Mozilla Firefox] firefox.exe O4 - HKLM\..\Run: [MSN Messenger Service] msnsvc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1292428093-630328440-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Obrt') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = ? O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5136E569-A7E6-49C9-95FA-41D5A5360E36}: NameServer = 195.29.149.196 195.29.149.197 O17 - HKLM\System\CS1\Services\Tcpip\..\{5136E569-A7E6-49C9-95FA-41D5A5360E36}: NameServer = 195.29.149.196 195.29.149.197 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 5605 bytes

Profil

dr_Bora Poslao: 09 Jul 2008 16:14 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

d1v1jak Poslao: 09 Jul 2008 22:30 Idi na vrh
offline d1v1jak Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-08.9 - Stipe 2008-07-09 22:23:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1174 [GMT 2:00] Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\admintxt.txt . ((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))) . 2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM 2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-07-09 02:01 . 2008-07-09 02:01 41,984 -r-hs---- C:\WINDOWS\msnsvc.exe 2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca 2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca 2008-07-07 23:49 . 2008-07-08 02:38 39,424 -r-hs---- C:\WINDOWS\firefox.exe 2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter 2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech 2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech 2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech 2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys 2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll 2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll 2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM 2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ 2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel 2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java 2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire 2008-07-06 23:55 . 2008-07-09 00:07 <DIR> d-------- C:\Program Files\Garena 2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield 2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer 2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel 2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel 2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel 2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works 2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache 2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro 2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh 2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO 2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent 2008-07-06 19:22 . 2008-07-09 00:08 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent 2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp 2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver 2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX 2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe 2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe 2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe 2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu 2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu 2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu 2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA 2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys 2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio 2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL 2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll 2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys 2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat 2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS 2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies 2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "Mozilla Firefox"="firefox.exe" [2008-07-08 02:38 39424 C:\WINDOWS\firefox.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - J:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe HKLM-Run-Cmaudio - cmicnfg.cpl ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-09 22:26:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe . ************************************************************************ . Completion time: 2008-07-09 22:27:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-09 20:27:45 Pre-Run: 6,418,563,072 bytes free Post-Run: 6,488,555,520 bytes free 207

Profil

dr_Bora Poslao: 09 Jul 2008 23:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\msnsvc.exe C:\WINDOWS\firefox.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mozilla Firefox"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

d1v1jak Poslao: 10 Jul 2008 00:47 Idi na vrh
offline d1v1jak Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-08.9 - Stipe 2008-07-10 0:43:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1148 [GMT 2:00] Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Stipe\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\firefox.exe C:\WINDOWS\msnsvc.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\firefox.exe C:\WINDOWS\msnsvc.exe . ((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))) . 2008-07-10 00:29 . 2008-07-10 00:29 52,224 --a------ C:\asd.exe 2008-07-10 00:28 . 2008-07-10 00:28 41,984 --a------ C:\msnrav32.exe 2008-07-10 00:26 . 2008-07-10 00:26 40,960 -r-hs---- C:\WINDOWS\WinKettle.exe 2008-07-10 00:26 . 2008-07-10 00:26 40,960 --a------ C:\msn2.exe 2008-07-10 00:20 . 2008-07-10 00:20 52,224 -r-hs---- C:\WINDOWS\Windows Firewall.exe 2008-07-10 00:20 . 2008-07-10 00:20 52,224 --a------ C:\asdkfj.exe 2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM 2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca 2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca 2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter 2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech 2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech 2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech 2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys 2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll 2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll 2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM 2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ 2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel 2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java 2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire 2008-07-06 23:55 . 2008-07-09 23:19 <DIR> d-------- C:\Program Files\Garena 2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield 2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer 2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel 2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel 2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel 2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works 2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache 2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro 2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh 2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO 2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent 2008-07-06 19:22 . 2008-07-09 22:49 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent 2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp 2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver 2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX 2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe 2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe 2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe 2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu 2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu 2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu 2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA 2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys 2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio 2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL 2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll 2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys 2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat 2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS 2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies 2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "Windows Media Firewall"="Windows Firewall.exe" [2008-07-10 00:20 52224 C:\WINDOWS\Windows Firewall.exe] "Windows Kernel Log"="WinKettle.exe" [2008-07-10 00:26 40960 C:\WINDOWS\WinKettle.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Windows Media Firewall"="Windows Firewall.exe" [2008-07-10 00:20 52224 C:\WINDOWS\Windows Firewall.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Garena\\Garena.exe"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - J:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-10 00:43:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-10 0:44:17 ComboFix-quarantined-files.txt 2008-07-09 22:44:14 ComboFix2.txt 2008-07-09 20:27:49 Pre-Run: 6,487,883,776 bytes free Post-Run: 6,479,593,472 bytes free 209

Profil

dr_Bora Poslao: 10 Jul 2008 16:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imamo još posla... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\asd.exe C:\msnrav32.exe C:\WINDOWS\WinKettle.exe C:\msn2.exe C:\WINDOWS\Windows Firewall.exe C:\asdkfj.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Media Firewall"=- "Windows Kernel Log"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Windows Media Firewall"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

d1v1jak Poslao: 11 Jul 2008 14:24 Idi na vrh
offline d1v1jak Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-08.9 - Stipe 2008-07-11 14:21:52.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1160 [GMT 2:00] Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Stipe\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\asd.exe C:\asdkfj.exe C:\msn2.exe C:\msnrav32.exe C:\WINDOWS\Windows Firewall.exe C:\WINDOWS\WinKettle.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\asd.exe C:\asdkfj.exe C:\msn2.exe C:\msnrav32.exe C:\WINDOWS\Windows Firewall.exe C:\WINDOWS\WinKettle.exe . ((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))) . 2008-07-11 14:17 . 2008-07-11 14:17 421,888 --a------ C:\surf32.exe 2008-07-10 14:00 . 2008-07-10 14:00 511 --a------ C:\xb.exe 2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM 2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca 2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca 2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter 2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech 2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech 2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech 2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys 2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll 2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll 2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM 2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ 2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel 2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java 2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire 2008-07-06 23:55 . 2008-07-10 12:36 <DIR> d-------- C:\Program Files\Garena 2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield 2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer 2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel 2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel 2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel 2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works 2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache 2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro 2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh 2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO 2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent 2008-07-06 19:22 . 2008-07-09 22:49 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent 2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp 2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver 2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX 2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe 2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe 2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe 2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu 2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu 2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu 2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA 2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys 2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio 2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL 2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll 2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys 2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat 2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS 2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies 2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-07-09_22.27.34.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-09 20:25:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-11 11:36:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-07-07 06:46:11 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-11 12:17:48 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-07 06:46:11 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-11 12:17:48 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-11 12:18:48 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_e44.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "AntiVirusMonitorExe"="C:\surf32.exe" [2008-07-11 14:17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Garena\\Garena.exe"= "C:\\surf32.exe"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - J:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-11 14:22:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-11 14:23:06 ComboFix-quarantined-files.txt 2008-07-11 12:23:03 ComboFix2.txt 2008-07-09 22:44:18 ComboFix3.txt 2008-07-09 20:27:49 Pre-Run: 6,429,925,376 bytes free Post-Run: 6,421,843,968 bytes free 221

Profil

dr_Bora Poslao: 11 Jul 2008 14:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa neverovatno... Novi maliciozni file-ovi su kreirani nekoliko minuta pre no što si pokrenuo CF. Idemo opet... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\surf32.exe C:\xb.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AntiVirusMonitorExe"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

d1v1jak Poslao: 11 Jul 2008 19:25 Idi na vrh
offline d1v1jak Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-08.9 - Stipe 2008-07-11 19:22:42.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1174 [GMT 2:00] Running from: C:\Documents and Settings\Stipe\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Stipe\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\surf32.exe C:\xb.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\surf32.exe C:\xb.exe . ((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))) . 2008-07-09 21:36 . 2008-07-09 21:36 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\AdobeUM 2008-07-09 16:56 . 2008-07-09 16:56 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-09 13:55 . 2008-07-09 13:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-09 13:07 . 2008-07-09 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-08 15:01 . 2008-07-08 15:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-08 15:01 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-08 15:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-07-08 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-08 14:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-08 14:39 . 2008-07-08 14:39 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Teleca 2008-07-08 12:24 . 2008-07-08 12:24 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Teleca 2008-07-07 23:08 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AC3Filter 2008-07-07 23:08 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-07-07 22:49 . 2008-07-07 22:50 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-07-07 22:49 . 2008-07-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-07-07 22:48 . 2008-07-07 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-07 22:48 . 2008-07-07 22:48 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2008-07-07 22:48 . 2008-07-07 22:48 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Logitech 2008-07-07 16:01 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Documents and Settings\Monika\Application Data\Logitech 2008-07-07 15:18 . 2008-07-07 15:18 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Logitech 2008-07-07 15:18 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys 2008-07-07 15:18 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Logitech 2008-07-07 15:17 . 2008-07-07 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-07-07 15:17 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll 2008-07-07 15:17 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-07-07 15:17 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-07-07 15:17 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll 2008-07-07 15:17 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2008-07-07 15:17 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-07-07 15:14 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-07-07 15:14 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-07-07 08:44 . 2008-07-07 08:46 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\AdobeUM 2008-07-07 08:32 . 2008-07-07 08:32 <DIR> d-------- C:\Program Files\PBZ 2008-07-07 08:29 . 2008-07-07 08:29 <DIR> d-------- C:\Documents and Settings\Obrt\Application Data\Corel 2008-07-07 01:54 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-07 01:30 . 2008-07-08 21:44 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\LimeWire 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Sun 2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Program Files\Java 2008-07-07 01:27 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-07 01:25 . 2008-07-07 01:25 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-07 01:22 . 2008-07-07 01:24 <DIR> d-------- C:\Program Files\LimeWire 2008-07-06 23:55 . 2008-07-10 12:36 <DIR> d-------- C:\Program Files\Garena 2008-07-06 23:55 . 2008-07-06 23:55 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\InstallShield 2008-07-06 23:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Apple Computer 2008-07-06 22:15 . 2008-07-07 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-06 22:15 . 2008-07-07 22:38 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Program Files\QuickTime 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-06 21:11 . 2008-07-06 21:13 <DIR> d-------- C:\Program Files\Corel 2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Corel 2008-07-06 21:09 . 2008-07-06 21:15 <DIR> d-------- C:\WINDOWS\Corel 2008-07-06 20:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\MSBuild 2008-07-06 20:56 . 2008-07-06 20:56 <DIR> d-------- C:\Program Files\Microsoft Works 2008-07-06 20:54 . 2008-07-06 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-06 20:53 . 2008-07-06 20:53 <DIR> dr-h----- C:\MSOCache 2008-07-06 20:53 . 2008-07-06 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-06 20:47 . 2008-07-06 20:47 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\DAEMON Tools Pro 2008-07-06 20:46 . 2008-07-06 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-07-06 20:44 . 2008-07-06 20:47 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-07-06 20:36 . 2008-07-06 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-06 19:30 . 2008-07-06 19:30 <DIR> d-------- C:\Program Files\Webteh 2008-07-06 19:30 . 2008-07-06 22:04 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\BSplayer PRO 2008-07-06 19:22 . 2008-07-06 19:22 <DIR> d-------- C:\Program Files\uTorrent 2008-07-06 19:22 . 2008-07-09 22:49 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\uTorrent 2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Program Files\Winamp 2008-07-06 19:09 . 2008-07-06 19:14 <DIR> d-------- C:\Documents and Settings\Stipe\Application Data\Winamp 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Program Files\Avira 2008-07-06 19:06 . 2008-07-06 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-06 17:48 . 2002-11-27 13:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2008-07-06 17:27 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com ADSL driver 2008-07-06 17:26 . 2008-07-06 17:27 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2008-07-06 17:22 . 2008-07-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-06 17:19 . 2008-07-06 17:19 <DIR> d-------- C:\Program Files\DivX 2008-07-06 17:18 . 2008-07-08 14:34 <DIR> d-------- C:\Program Files\ffdshow 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-07-06 17:15 . 2008-07-06 17:15 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-07-06 17:15 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvumctl.exe 2008-07-06 17:15 . 2004-06-18 14:57 172,032 --a------ C:\WINDOWS\system32\nvuide.exe 2008-07-06 17:15 . 2004-04-27 15:22 172,032 --a------ C:\WINDOWS\system32\nvugart.exe 2008-07-06 17:15 . 2004-04-27 15:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu 2008-07-06 17:15 . 2004-06-18 02:30 1,217 --a------ C:\WINDOWS\system32\nvmctl.nvu 2008-07-06 17:15 . 2004-06-18 02:30 789 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-07-06 17:15 . 2004-06-18 02:30 464 --a------ C:\WINDOWS\system32\nvide.nvu 2008-07-06 17:14 . 2008-07-06 17:14 <DIR> d-------- C:\NVIDIA 2008-07-06 17:08 . 2008-07-06 17:08 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-07-06 17:08 . 2003-02-19 08:58 46,976 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys 2008-07-06 17:07 . 2008-07-06 17:07 <DIR> d-------- C:\Program Files\C-Media 3D Audio 2008-07-06 17:06 . 2003-01-17 15:03 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL 2008-07-06 17:06 . 2002-11-13 09:10 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll 2008-07-06 17:06 . 2002-11-13 09:10 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys 2008-07-06 17:06 . 2002-11-27 13:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2008-07-06 17:06 . 2002-11-27 13:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2008-07-06 17:06 . 2002-11-27 13:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat 2008-07-06 17:05 . 2004-04-02 15:40 21,760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS 2008-07-06 17:03 . 2008-07-07 15:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\ATI Technologies 2008-07-06 17:03 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-07-06 17:02 . 2008-07-07 22:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-07-06 17:02 . 2008-07-06 17:02 <DIR> d-------- C:\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-06 14:53 --------- d-----w C:\Program Files\microsoft frontpage 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-07-09_22.27.34.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-09 20:25:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-11 16:54:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-07-07 06:46:11 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-11 16:55:36 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-07 06:46:11 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-11 16:55:36 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 12:23 208896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48 94208] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:17:44 593920] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Garena\\Garena.exe"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c2-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa3c1c3-4b77-11dd-a380-806d6172696f}] \Shell\AutoRun\command - J:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8dc28dc-4b6d-11dd-aaa9-806d6172696f}] \Shell\AutoRun\command - I:\BugDVD.exe \Shell\Install\command - I:\BugDVD.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-11 19:23:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-11 19:23:55 ComboFix-quarantined-files.txt 2008-07-11 17:23:52 ComboFix2.txt 2008-07-11 12:23:07 ComboFix3.txt 2008-07-09 22:44:18 ComboFix4.txt 2008-07-09 20:27:49 Pre-Run: 6,399,557,632 bytes free Post-Run: 6,390,161,408 bytes free 208

Profil

dr_Bora Poslao: 11 Jul 2008 20:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslednji log je čist. Kakvo je sada stanje? Neki problemi?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pomoć TR/Crypt.XPACK.Gen

Ko je trenutno na forumu

Ukupno su 584 korisnika na forumu :: 7 registrovanih, 0 sakrivenih i 577 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Dorcolac, Koridor, nenad81, oganj123, Shilok, slonic_tonic, TBF1D

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by