Outlook nece da se poveze sa Exchange serverom

1

Outlook nece da se poveze sa Exchange serverom

offline
  • Srđan Tot
  • Am I evil? I am man, yes I am.
  • Pridružio: 12 Jul 2005
  • Poruke: 2483
  • Gde živiš: Ljubljana

Juce sam pokusao da uz pomoc nekih programa otvorim Access bazu za koju sam zaboravio sifru, i medju tim programima sam pokrenui i neki koji je imao virus kojeg AVG Free nije detektovao.

Kasnije u toku dana sam pustio konzolnu verziju McAfee antivirusa koji je pronasao i obrisao neke *.exe fajlove (nije mi palo na pamet da zapisem koje Sad ).

Sve u svemu... sada AVG Free nece da se pokrene (za njegove servise i *.exe fajlove windows kaze da nisu validni Win32 fajlovi) i Outlook nece da se poveze na Exchange server.

Predpostavljam da je jos nesto od tog virusa ostalo na racunaru.

Evo log fajla.


Logfile of HijackThis v1.99.1
Scan saved at 8:32:00, on 21.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CLIENTSERVICE.EXE
C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hMailServer\Bin\hMailServer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
C:\DOCUME~1\srdjant\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\CodeGear\RAD Studio\5.0\bin\bds.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\srdjant\Desktop\New Folder\gfd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....8312537000
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zaslon-telecom.si
O17 - HKLM\Software\..\Telephony: DomainName = zaslon-telecom.si
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zaslon-telecom.si
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zaslon-telecom.si
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = zaslon-telecom.si
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CTI Client (ClientService4Com) - Unknown owner - C:\WINDOWS\system32\CLIENTSERVICE.EXE
O23 - Service: hMailServer - hMailServer - C:\Program Files\hMailServer\Bin\hMailServer.exe
O23 - Service: hMailServerMySQL - Unknown owner - C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL (file missing)
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...





Pošalji mi sledeći file: C:\WINDOWS\system32\CLIENTSERVICE.EXE

Upload link: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Srđan Tot
  • Am I evil? I am man, yes I am.
  • Pridružio: 12 Jul 2005
  • Poruke: 2483
  • Gde živiš: Ljubljana

Poslao sam fajl.

Dopuna: 21 Jan 2008 10:25

Sad sam primetio da u procesima imam jedan koji se zove wintems.exe. Koristio sam Total Commander da pronadjem taj fajl i nasao ga je u Windows\System32, ali kad taj folder otvorim tamo fajla nema (ukljucio sam da vidim sve fajlove... i skrivene i sistemske).

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Isprati uputstvo za ComboFix...

offline
  • Srđan Tot
  • Am I evil? I am man, yes I am.
  • Pridružio: 12 Jul 2005
  • Poruke: 2483
  • Gde živiš: Ljubljana

Nisam imao vremena da ga pokrenem do sad. Evo loga.

ComboFix 08-01-20.1 - srdjant 2008-01-21 10:27:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1577 [GMT 1:00]
Running from: C:\Documents and Settings\srdjant\Desktop\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 10:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-18 14:00 . 2004-07-23 10:01 842,457 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-18 14:00 . 2008-01-18 14:40 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-18 13:58 . 2008-01-21 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-18 13:56 . 2008-01-18 14:02 <DIR> d-------- C:\Program Files\Access Workgroup Password
2008-01-18 13:32 . 2008-01-18 13:32 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\DrekSoftware
2008-01-18 13:21 . 2008-01-18 13:22 275 --a------ C:\WINDOWS\acpr.ini
2008-01-18 13:19 . 2000-08-04 15:28 56 --a------ C:\WINDOWS\system32\Acpr.ini
2008-01-18 13:03 . 2008-01-18 13:03 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-18 13:03 . 2008-01-18 13:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-16 14:31 . 2008-01-16 14:31 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\.ICSharpCode
2008-01-16 14:30 . 2008-01-16 14:30 <DIR> d-------- C:\Program Files\SharpDevelop
2008-01-14 16:12 . 2008-01-14 16:12 4,916,736 --a------ C:\ODAP.BAK
2008-01-14 14:22 . 2008-01-14 14:22 24,371 --a------ C:\layout.ini
2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Crystal Player
2008-01-06 00:51 . 2008-01-06 00:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-03 22:14 . 2008-01-18 13:58 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\AVG7
2008-01-03 22:13 . 2008-01-03 22:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-01-03 22:13 . 2008-01-20 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-03 22:13 . 2008-01-03 22:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-03 22:13 . 2008-01-03 22:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-01-01 23:48 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Xvid
2008-01-01 23:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-01 23:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-01 23:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-30 13:50 . 2007-12-30 13:50 72 ---hs---- C:\desktop.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CodeGear
2008-01-18 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-16 13:31 --------- d-----w C:\Documents and Settings\srdjant\Application Data\.ICSharpCode
2007-12-21 09:02 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-19 14:10 --------- d-----w C:\Documents and Settings\srdjant\Application Data\CoSoSys
2007-12-14 13:07 --------- d-----w C:\Program Files\hMailServer
2007-12-12 12:06 --------- d-----w C:\Documents and Settings\srdjant\Application Data\ZASLON_TELECOM_d.o.o
2007-11-30 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 07:40 --------- d-----w C:\Program Files\ZASLON-TELECOM
2007-11-27 14:15 --------- d-----w C:\Program Files\Totalcmd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"eyeBeam SIP Client"="C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 15:06 5186048]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R2 ClientService4Com;CTI Client;C:\WINDOWS\system32\CLIENTSERVICE.EXE [2003-06-25 13:39]
R2 hMailServer;hMailServer;C:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService []
R2 hMailServerMySQL;hMailServerMySQL;"C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL []
R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 10:36:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2008-01-21 10:41:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 09:41:04
.
2008-01-15 02:02:37 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skini i pokreni sledeći program:
http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair.exe


-------------------------------------------------------------------------------------



Ponovo ćemo koristiti program ComboFix...

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe

DirLook::
C:\WINDOWS\system32\drivers\down

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Srđan Tot
  • Am I evil? I am man, yes I am.
  • Pridružio: 12 Jul 2005
  • Poruke: 2483
  • Gde živiš: Ljubljana

SafeBootKeyRepair log

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

Dopuna: 21 Jan 2008 11:29

ComboFix log

ComboFix 08-01-20.1 - srdjant 2008-01-21 11:21:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1453 [GMT 1:00]
Running from: C:\Documents and Settings\srdjant\Desktop\New Folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\srdjant\Desktop\New Folder\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 10:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-18 13:58 . 2008-01-21 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-18 13:32 . 2008-01-18 13:32 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\DrekSoftware
2008-01-18 13:21 . 2008-01-18 13:22 275 --a------ C:\WINDOWS\acpr.ini
2008-01-18 13:19 . 2000-08-04 15:28 56 --a------ C:\WINDOWS\system32\Acpr.ini
2008-01-18 13:03 . 2008-01-18 13:03 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-18 13:03 . 2008-01-18 13:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-16 14:31 . 2008-01-16 14:31 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\.ICSharpCode
2008-01-16 14:30 . 2008-01-16 14:30 <DIR> d-------- C:\Program Files\SharpDevelop
2008-01-14 16:12 . 2008-01-14 16:12 4,916,736 --a------ C:\ODAP.BAK
2008-01-14 14:22 . 2008-01-14 14:22 24,371 --a------ C:\layout.ini
2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Crystal Player
2008-01-06 00:51 . 2008-01-06 00:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-03 22:14 . 2008-01-18 13:58 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\AVG7
2008-01-03 22:13 . 2008-01-03 22:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-01-03 22:13 . 2008-01-20 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-03 22:13 . 2008-01-03 22:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-03 22:13 . 2008-01-03 22:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-01-01 23:48 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Xvid
2008-01-01 23:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-01 23:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-01 23:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-30 13:50 . 2007-12-30 13:50 72 ---hs---- C:\desktop.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CodeGear
2008-01-18 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-16 13:31 --------- d-----w C:\Documents and Settings\srdjant\Application Data\.ICSharpCode
2007-12-21 09:02 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-19 14:10 --------- d-----w C:\Documents and Settings\srdjant\Application Data\CoSoSys
2007-12-14 13:07 --------- d-----w C:\Program Files\hMailServer
2007-12-12 12:06 --------- d-----w C:\Documents and Settings\srdjant\Application Data\ZASLON_TELECOM_d.o.o
2007-11-30 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 07:40 --------- d-----w C:\Program Files\ZASLON-TELECOM
2007-11-27 14:15 --------- d-----w C:\Program Files\Totalcmd
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\drivers\down ----

2008-01-21 10:24 9761 --a------ C:\WINDOWS\system32\drivers\down\308359.exe
2008-01-21 10:24 873 --a------ C:\WINDOWS\system32\drivers\down\297265.exe
2008-01-21 10:24 115 --a------ C:\WINDOWS\system32\drivers\down\300671.exe
2008-01-21 10:23 7896 --a------ C:\WINDOWS\system32\drivers\down\258546.exe
2008-01-21 10:23 648 --a------ C:\WINDOWS\system32\drivers\down\232875.exe
2008-01-21 10:23 34214 --a------ C:\WINDOWS\system32\drivers\down\217125.exe
2008-01-21 10:23 212 --a------ C:\WINDOWS\system32\drivers\down\266312.exe
2008-01-21 10:23 212 --a------ C:\WINDOWS\system32\drivers\down\263859.exe
2008-01-21 10:23 212 --a------ C:\WINDOWS\system32\drivers\down\261109.exe
2008-01-21 10:23 1621 --a------ C:\WINDOWS\system32\drivers\down\270890.exe
2008-01-21 10:23 1609 --a------ C:\WINDOWS\system32\drivers\down\264359.exe
2008-01-21 10:23 115 --a------ C:\WINDOWS\system32\drivers\down\268437.exe
2008-01-21 10:22 8085 --a------ C:\WINDOWS\system32\drivers\down\191375.exe
2008-01-21 10:22 805 --a------ C:\WINDOWS\system32\drivers\down\194500.exe
2008-01-21 10:22 8035 --a------ C:\WINDOWS\system32\drivers\down\174609.exe
2008-01-21 10:22 70656 --a------ C:\WINDOWS\system32\drivers\down\165187.exe
2008-01-21 10:22 6958 --a------ C:\WINDOWS\system32\drivers\down\199718.exe
2008-01-21 10:22 685 --a------ C:\WINDOWS\system32\drivers\down\215531.exe
2008-01-21 10:22 657412 --a------ C:\WINDOWS\system32\drivers\down\156468.exe
2008-01-21 10:22 628 --a------ C:\WINDOWS\system32\drivers\down\169328.exe
2008-01-21 10:22 494 --a------ C:\WINDOWS\system32\drivers\down\213671.exe
2008-01-21 10:22 1125 --a------ C:\WINDOWS\system32\drivers\down\195375.exe
2008-01-21 10:21 70656 --a------ C:\WINDOWS\system32\drivers\down\140687.exe
2008-01-21 10:21 13824 --a------ C:\WINDOWS\system32\drivers\down\155093.exe
2008-01-21 08:23 9761 --a------ C:\WINDOWS\system32\drivers\down\204093.exe
2008-01-21 08:23 873 --a------ C:\WINDOWS\system32\drivers\down\199281.exe
2008-01-21 08:23 632 --a------ C:\WINDOWS\system32\drivers\down\200640.exe
2008-01-21 08:22 8085 --a------ C:\WINDOWS\system32\drivers\down\120390.exe
2008-01-21 08:22 805 --a------ C:\WINDOWS\system32\drivers\down\121937.exe
2008-01-21 08:22 7896 --a------ C:\WINDOWS\system32\drivers\down\154343.exe
2008-01-21 08:22 6958 --a------ C:\WINDOWS\system32\drivers\down\142828.exe
2008-01-21 08:22 685 --a------ C:\WINDOWS\system32\drivers\down\146203.exe
2008-01-21 08:22 648 --a------ C:\WINDOWS\system32\drivers\down\148734.exe
2008-01-21 08:22 608 --a------ C:\WINDOWS\system32\drivers\down\171343.exe
2008-01-21 08:22 494 --a------ C:\WINDOWS\system32\drivers\down\144375.exe
2008-01-21 08:22 34214 --a------ C:\WINDOWS\system32\drivers\down\147671.exe
2008-01-21 08:22 212 --a------ C:\WINDOWS\system32\drivers\down\169828.exe
2008-01-21 08:22 212 --a------ C:\WINDOWS\system32\drivers\down\158937.exe
2008-01-21 08:22 212 --a------ C:\WINDOWS\system32\drivers\down\157187.exe
2008-01-21 08:22 1621 --a------ C:\WINDOWS\system32\drivers\down\172968.exe
2008-01-21 08:22 1609 --a------ C:\WINDOWS\system32\drivers\down\160421.exe
2008-01-21 08:21 8035 --a------ C:\WINDOWS\system32\drivers\down\102015.exe
2008-01-21 08:21 70656 --a------ C:\WINDOWS\system32\drivers\down\79609.exe
2008-01-21 08:21 657412 --a------ C:\WINDOWS\system32\drivers\down\85828.exe
2008-01-21 08:21 628 --a------ C:\WINDOWS\system32\drivers\down\89546.exe
2008-01-21 08:21 13824 --a------ C:\WINDOWS\system32\drivers\down\85203.exe
2008-01-18 14:41 9761 --a------ C:\WINDOWS\system32\drivers\down\186359.exe
2008-01-18 14:41 873 --a------ C:\WINDOWS\system32\drivers\down\181875.exe
2008-01-18 14:41 7896 --a------ C:\WINDOWS\system32\drivers\down\145437.exe
2008-01-18 14:41 685 --a------ C:\WINDOWS\system32\drivers\down\139843.exe
2008-01-18 14:41 648 --a------ C:\WINDOWS\system32\drivers\down\142062.exe
2008-01-18 14:41 632 --a------ C:\WINDOWS\system32\drivers\down\183031.exe
2008-01-18 14:41 608 --a------ C:\WINDOWS\system32\drivers\down\155343.exe
2008-01-18 14:41 494 --a------ C:\WINDOWS\system32\drivers\down\134953.exe
2008-01-18 14:41 34214 --a------ C:\WINDOWS\system32\drivers\down\141015.exe
2008-01-18 14:41 212 --a------ C:\WINDOWS\system32\drivers\down\152750.exe
2008-01-18 14:41 212 --a------ C:\WINDOWS\system32\drivers\down\147109.exe
2008-01-18 14:41 1621 --a------ C:\WINDOWS\system32\drivers\down\156828.exe
2008-01-18 14:41 1609 --a------ C:\WINDOWS\system32\drivers\down\147890.exe
2008-01-18 14:40 8085 --a------ C:\WINDOWS\system32\drivers\down\113937.exe
2008-01-18 14:40 805 --a------ C:\WINDOWS\system32\drivers\down\116343.exe
2008-01-18 14:40 8035 --a------ C:\WINDOWS\system32\drivers\down\102750.exe
2008-01-18 14:40 70660 --a------ C:\WINDOWS\system32\drivers\down\97312.exe
2008-01-18 14:40 70660 --a------ C:\WINDOWS\system32\drivers\down\90734.exe
2008-01-18 14:40 6958 --a------ C:\WINDOWS\system32\drivers\down\121562.exe
2008-01-18 14:40 657412 --a------ C:\WINDOWS\system32\drivers\down\96109.exe
2008-01-18 14:40 628 --a------ C:\WINDOWS\system32\drivers\down\99515.exe
2008-01-18 14:40 3502 --a------ C:\WINDOWS\system32\drivers\down\108812.exe
2008-01-18 14:40 13824 --a------ C:\WINDOWS\system32\drivers\down\95546.exe
2008-01-18 14:40 1125 --a------ C:\WINDOWS\system32\drivers\down\116812.exe
2008-01-18 14:12 9761 --a------ C:\WINDOWS\system32\drivers\down\213468.exe
2008-01-18 14:12 873 --a------ C:\WINDOWS\system32\drivers\down\208406.exe
2008-01-18 14:12 632 --a------ C:\WINDOWS\system32\drivers\down\210156.exe
2008-01-18 14:11 93188 --a------ C:\WINDOWS\system32\drivers\down\143234.exe
2008-01-18 14:11 8085 --a------ C:\WINDOWS\system32\drivers\down\161140.exe
2008-01-18 14:11 805 --a------ C:\WINDOWS\system32\drivers\down\162484.exe
2008-01-18 14:11 8035 --a------ C:\WINDOWS\system32\drivers\down\150031.exe
2008-01-18 14:11 7896 --a------ C:\WINDOWS\system32\drivers\down\175968.exe
2008-01-18 14:11 6958 --a------ C:\WINDOWS\system32\drivers\down\164562.exe
2008-01-18 14:11 685 --a------ C:\WINDOWS\system32\drivers\down\167500.exe
2008-01-18 14:11 657412 --a------ C:\WINDOWS\system32\drivers\down\139875.exe
2008-01-18 14:11 648 --a------ C:\WINDOWS\system32\drivers\down\172250.exe
2008-01-18 14:11 628 --a------ C:\WINDOWS\system32\drivers\down\146156.exe
2008-01-18 14:11 608 --a------ C:\WINDOWS\system32\drivers\down\182093.exe
2008-01-18 14:11 494 --a------ C:\WINDOWS\system32\drivers\down\165828.exe
2008-01-18 14:11 3502 --a------ C:\WINDOWS\system32\drivers\down\155218.exe
2008-01-18 14:11 34214 --a------ C:\WINDOWS\system32\drivers\down\171156.exe
2008-01-18 14:11 212 --a------ C:\WINDOWS\system32\drivers\down\180515.exe
2008-01-18 14:11 212 --a------ C:\WINDOWS\system32\drivers\down\177593.exe
2008-01-18 14:11 212 --a------ C:\WINDOWS\system32\drivers\down\177437.exe
2008-01-18 14:11 1621 --a------ C:\WINDOWS\system32\drivers\down\183546.exe
2008-01-18 14:11 1609 --a------ C:\WINDOWS\system32\drivers\down\177812.exe
2008-01-18 14:11 1125 --a------ C:\WINDOWS\system32\drivers\down\163015.exe
2008-01-18 14:10 70660 --a------ C:\WINDOWS\system32\drivers\down\135156.exe
2008-01-18 14:10 483844 --a------ C:\WINDOWS\system32\drivers\down\137109.exe
2008-01-18 14:10 13824 --a------ C:\WINDOWS\system32\drivers\down\139406.exe
2008-01-18 14:03 9761 --a------ C:\WINDOWS\system32\drivers\down\6396468.exe
2008-01-18 14:02 7896 --a------ C:\WINDOWS\system32\drivers\down\6342453.exe
2008-01-18 14:02 632 --a------ C:\WINDOWS\system32\drivers\down\6392812.exe
2008-01-18 14:02 608 --a------ C:\WINDOWS\system32\drivers\down\6355578.exe
2008-01-18 14:02 212 --a------ C:\WINDOWS\system32\drivers\down\6351359.exe
2008-01-18 14:02 212 --a------ C:\WINDOWS\system32\drivers\down\6346390.exe
2008-01-18 14:02 212 --a------ C:\WINDOWS\system32\drivers\down\6345593.exe
2008-01-18 14:02 1621 --a------ C:\WINDOWS\system32\drivers\down\6357843.exe
2008-01-18 14:02 1609 --a------ C:\WINDOWS\system32\drivers\down\6347562.exe
2008-01-18 14:01 8085 --a------ C:\WINDOWS\system32\drivers\down\6300921.exe
2008-01-18 14:01 805 --a------ C:\WINDOWS\system32\drivers\down\6310328.exe
2008-01-18 14:01 8035 --a------ C:\WINDOWS\system32\drivers\down\6275906.exe
2008-01-18 14:01 6958 --a------ C:\WINDOWS\system32\drivers\down\6326421.exe
2008-01-18 14:01 685 --a------ C:\WINDOWS\system32\drivers\down\6330125.exe
2008-01-18 14:01 648 --a------ C:\WINDOWS\system32\drivers\down\6334281.exe
2008-01-18 14:01 494 --a------ C:\WINDOWS\system32\drivers\down\6327890.exe
2008-01-18 14:01 3502 --a------ C:\WINDOWS\system32\drivers\down\6289359.exe
2008-01-18 14:01 34214 --a------ C:\WINDOWS\system32\drivers\down\6331906.exe
2008-01-18 14:01 1125 --a------ C:\WINDOWS\system32\drivers\down\6311031.exe
2008-01-18 14:00 70660 --a------ C:\WINDOWS\system32\drivers\down\6267609.exe
2008-01-18 14:00 70660 --a------ C:\WINDOWS\system32\drivers\down\6261484.exe
2008-01-18 14:00 657412 --a------ C:\WINDOWS\system32\drivers\down\6266000.exe
2008-01-18 14:00 483844 --a------ C:\WINDOWS\system32\drivers\down\6263750.exe
2008-01-18 14:00 13824 --a------ C:\WINDOWS\system32\drivers\down\6265281.exe


((((((((((((((((((((((((((((( snapshot@2008-01-21_10.40.52.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 10:21:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 10:21:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 10:21:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 10:21:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 09:27:00 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-21 10:21:44 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 09:27:00 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 10:21:44 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-20 11:48:41 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-21 09:40:30 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-20 11:48:41 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-21 09:40:30 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"eyeBeam SIP Client"="C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 15:06 5186048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

R2 ClientService4Com;CTI Client;C:\WINDOWS\system32\CLIENTSERVICE.EXE [2003-06-25 13:39]
R2 hMailServer;hMailServer;C:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService []
R2 hMailServerMySQL;hMailServerMySQL;"C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL []
R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 11:23:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2008-01-21 11:23:38
ComboFix-quarantined-files.txt 2008-01-21 10:23:23
ComboFix2.txt 2008-01-21 09:41:07
.
2008-01-15 02:02:37 --- E O F ---

BTW Sad vise ne mogu sa svig racunara da idem na internet. Probacu da ga resetujem.

Dopuna: 21 Jan 2008 11:34

Posle restarta proradio net.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

ComboFix prekida internet konekciju kako bi sprečio download novog malware-a u toku čišćenja/skeniranja - znači, ništa zabrinjavajuće oko toga.


Treba da odradimo još neke stvari...



Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\WINDOWS\system32\drivers\down

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Dopuna: 21 Jan 2008 12:18

Jedno pitanje - kakvu konekciju koristiš? Da li ti je problem da download-uješ nekih 15 MB?

offline
  • Srđan Tot
  • Am I evil? I am man, yes I am.
  • Pridružio: 12 Jul 2005
  • Poruke: 2483
  • Gde živiš: Ljubljana

Nije problem... konekcija je 10MB/10MB

Evo loga

ComboFix 08-01-20.1 - srdjant 2008-01-21 12:12:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1472 [GMT 1:00]
Running from: C:\Documents and Settings\srdjant\Desktop\New Folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\srdjant\Desktop\New Folder\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\102015.exe
C:\WINDOWS\system32\drivers\down\102750.exe
C:\WINDOWS\system32\drivers\down\108812.exe
C:\WINDOWS\system32\drivers\down\113937.exe
C:\WINDOWS\system32\drivers\down\116343.exe
C:\WINDOWS\system32\drivers\down\116812.exe
C:\WINDOWS\system32\drivers\down\120390.exe
C:\WINDOWS\system32\drivers\down\121562.exe
C:\WINDOWS\system32\drivers\down\121937.exe
C:\WINDOWS\system32\drivers\down\134953.exe
C:\WINDOWS\system32\drivers\down\135156.exe
C:\WINDOWS\system32\drivers\down\137109.exe
C:\WINDOWS\system32\drivers\down\139406.exe
C:\WINDOWS\system32\drivers\down\139843.exe
C:\WINDOWS\system32\drivers\down\139875.exe
C:\WINDOWS\system32\drivers\down\140687.exe
C:\WINDOWS\system32\drivers\down\141015.exe
C:\WINDOWS\system32\drivers\down\142062.exe
C:\WINDOWS\system32\drivers\down\142828.exe
C:\WINDOWS\system32\drivers\down\143234.exe
C:\WINDOWS\system32\drivers\down\144375.exe
C:\WINDOWS\system32\drivers\down\145437.exe
C:\WINDOWS\system32\drivers\down\146156.exe
C:\WINDOWS\system32\drivers\down\146203.exe
C:\WINDOWS\system32\drivers\down\147109.exe
C:\WINDOWS\system32\drivers\down\147671.exe
C:\WINDOWS\system32\drivers\down\147890.exe
C:\WINDOWS\system32\drivers\down\148734.exe
C:\WINDOWS\system32\drivers\down\150031.exe
C:\WINDOWS\system32\drivers\down\152750.exe
C:\WINDOWS\system32\drivers\down\154343.exe
C:\WINDOWS\system32\drivers\down\155093.exe
C:\WINDOWS\system32\drivers\down\155218.exe
C:\WINDOWS\system32\drivers\down\155343.exe
C:\WINDOWS\system32\drivers\down\156468.exe
C:\WINDOWS\system32\drivers\down\156828.exe
C:\WINDOWS\system32\drivers\down\157187.exe
C:\WINDOWS\system32\drivers\down\158937.exe
C:\WINDOWS\system32\drivers\down\160421.exe
C:\WINDOWS\system32\drivers\down\161140.exe
C:\WINDOWS\system32\drivers\down\162484.exe
C:\WINDOWS\system32\drivers\down\163015.exe
C:\WINDOWS\system32\drivers\down\164562.exe
C:\WINDOWS\system32\drivers\down\165187.exe
C:\WINDOWS\system32\drivers\down\165828.exe
C:\WINDOWS\system32\drivers\down\167500.exe
C:\WINDOWS\system32\drivers\down\169328.exe
C:\WINDOWS\system32\drivers\down\169828.exe
C:\WINDOWS\system32\drivers\down\171156.exe
C:\WINDOWS\system32\drivers\down\171343.exe
C:\WINDOWS\system32\drivers\down\172250.exe
C:\WINDOWS\system32\drivers\down\172968.exe
C:\WINDOWS\system32\drivers\down\174609.exe
C:\WINDOWS\system32\drivers\down\175968.exe
C:\WINDOWS\system32\drivers\down\177437.exe
C:\WINDOWS\system32\drivers\down\177593.exe
C:\WINDOWS\system32\drivers\down\177812.exe
C:\WINDOWS\system32\drivers\down\180515.exe
C:\WINDOWS\system32\drivers\down\181875.exe
C:\WINDOWS\system32\drivers\down\182093.exe
C:\WINDOWS\system32\drivers\down\183031.exe
C:\WINDOWS\system32\drivers\down\183546.exe
C:\WINDOWS\system32\drivers\down\186359.exe
C:\WINDOWS\system32\drivers\down\191375.exe
C:\WINDOWS\system32\drivers\down\194500.exe
C:\WINDOWS\system32\drivers\down\195375.exe
C:\WINDOWS\system32\drivers\down\199281.exe
C:\WINDOWS\system32\drivers\down\199718.exe
C:\WINDOWS\system32\drivers\down\200640.exe
C:\WINDOWS\system32\drivers\down\204093.exe
C:\WINDOWS\system32\drivers\down\208406.exe
C:\WINDOWS\system32\drivers\down\210156.exe
C:\WINDOWS\system32\drivers\down\213468.exe
C:\WINDOWS\system32\drivers\down\213671.exe
C:\WINDOWS\system32\drivers\down\215531.exe
C:\WINDOWS\system32\drivers\down\217125.exe
C:\WINDOWS\system32\drivers\down\232875.exe
C:\WINDOWS\system32\drivers\down\258546.exe
C:\WINDOWS\system32\drivers\down\261109.exe
C:\WINDOWS\system32\drivers\down\263859.exe
C:\WINDOWS\system32\drivers\down\264359.exe
C:\WINDOWS\system32\drivers\down\266312.exe
C:\WINDOWS\system32\drivers\down\268437.exe
C:\WINDOWS\system32\drivers\down\270890.exe
C:\WINDOWS\system32\drivers\down\297265.exe
C:\WINDOWS\system32\drivers\down\300671.exe
C:\WINDOWS\system32\drivers\down\308359.exe
C:\WINDOWS\system32\drivers\down\6261484.exe
C:\WINDOWS\system32\drivers\down\6263750.exe
C:\WINDOWS\system32\drivers\down\6265281.exe
C:\WINDOWS\system32\drivers\down\6266000.exe
C:\WINDOWS\system32\drivers\down\6267609.exe
C:\WINDOWS\system32\drivers\down\6275906.exe
C:\WINDOWS\system32\drivers\down\6289359.exe
C:\WINDOWS\system32\drivers\down\6300921.exe
C:\WINDOWS\system32\drivers\down\6310328.exe
C:\WINDOWS\system32\drivers\down\6311031.exe
C:\WINDOWS\system32\drivers\down\6326421.exe
C:\WINDOWS\system32\drivers\down\6327890.exe
C:\WINDOWS\system32\drivers\down\6330125.exe
C:\WINDOWS\system32\drivers\down\6331906.exe
C:\WINDOWS\system32\drivers\down\6334281.exe
C:\WINDOWS\system32\drivers\down\6342453.exe
C:\WINDOWS\system32\drivers\down\6345593.exe
C:\WINDOWS\system32\drivers\down\6346390.exe
C:\WINDOWS\system32\drivers\down\6347562.exe
C:\WINDOWS\system32\drivers\down\6351359.exe
C:\WINDOWS\system32\drivers\down\6355578.exe
C:\WINDOWS\system32\drivers\down\6357843.exe
C:\WINDOWS\system32\drivers\down\6392812.exe
C:\WINDOWS\system32\drivers\down\6396468.exe
C:\WINDOWS\system32\drivers\down\79609.exe
C:\WINDOWS\system32\drivers\down\85203.exe
C:\WINDOWS\system32\drivers\down\85828.exe
C:\WINDOWS\system32\drivers\down\89546.exe
C:\WINDOWS\system32\drivers\down\90734.exe
C:\WINDOWS\system32\drivers\down\95546.exe
C:\WINDOWS\system32\drivers\down\96109.exe
C:\WINDOWS\system32\drivers\down\97312.exe
C:\WINDOWS\system32\drivers\down\99515.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 10:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-18 13:32 . 2008-01-18 13:32 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\DrekSoftware
2008-01-18 13:21 . 2008-01-18 13:22 275 --a------ C:\WINDOWS\acpr.ini
2008-01-18 13:19 . 2000-08-04 15:28 56 --a------ C:\WINDOWS\system32\Acpr.ini
2008-01-18 13:03 . 2008-01-18 13:03 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-18 13:03 . 2008-01-18 13:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-16 14:31 . 2008-01-16 14:31 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\.ICSharpCode
2008-01-16 14:30 . 2008-01-16 14:30 <DIR> d-------- C:\Program Files\SharpDevelop
2008-01-14 16:12 . 2008-01-14 16:12 4,916,736 --a------ C:\ODAP.BAK
2008-01-14 14:22 . 2008-01-14 14:22 24,371 --a------ C:\layout.ini
2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Crystal Player
2008-01-06 00:51 . 2008-01-06 00:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-03 22:14 . 2008-01-18 13:58 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\AVG7
2008-01-03 22:13 . 2008-01-03 22:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-01-03 22:13 . 2008-01-20 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-03 22:13 . 2008-01-03 22:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-03 22:13 . 2008-01-03 22:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-01-01 23:48 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Xvid
2008-01-01 23:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-01 23:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-01 23:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-30 13:50 . 2007-12-30 13:50 72 ---hs---- C:\desktop.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CodeGear
2008-01-18 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-16 13:31 --------- d-----w C:\Documents and Settings\srdjant\Application Data\.ICSharpCode
2007-12-21 09:02 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-19 14:10 --------- d-----w C:\Documents and Settings\srdjant\Application Data\CoSoSys
2007-12-14 13:07 --------- d-----w C:\Program Files\hMailServer
2007-12-12 12:06 --------- d-----w C:\Documents and Settings\srdjant\Application Data\ZASLON_TELECOM_d.o.o
2007-11-30 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 07:40 --------- d-----w C:\Program Files\ZASLON-TELECOM
2007-11-27 14:15 --------- d-----w C:\Program Files\Totalcmd
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-21_10.40.52.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 11:12:29 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 11:12:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 11:12:29 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 11:12:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 09:27:00 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-21 11:12:29 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 09:27:00 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 11:12:30 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-20 11:48:41 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-21 09:40:30 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-20 11:48:41 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-21 09:40:30 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"eyeBeam SIP Client"="C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 15:06 5186048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

R2 ClientService4Com;CTI Client;C:\WINDOWS\system32\CLIENTSERVICE.EXE [2003-06-25 13:39]
R2 hMailServer;hMailServer;C:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService []
R2 hMailServerMySQL;hMailServerMySQL;"C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL []
R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 12:17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2008-01-21 12:17:56
ComboFix-quarantined-files.txt 2008-01-21 11:17:42
ComboFix2.txt 2008-01-21 10:23:38
ComboFix3.txt 2008-01-21 09:41:07
.
2008-01-15 02:02:37 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi Norman Malware Cleaner na Desktop.

Uraditi sledeće:
Dvoklikom pokrenuti Norman_Malware_Cleaner.exe
Kliknuti Accept da bi prešli na sledeći ekran
Pokrenuti skeniranje klikom na Start Scan i sačekati da se završi
Ukoliko se pojavi upit o restartovanju kompjutera:

Kliknuti Yes
Nakon restarta, skeniranje/čišćenje će biti nastavljeno

Kada proces bude završen, zatvoriti program klikom na Quit
Uz iduću poruku priložiti logfile NFix_datum_vreme.log koji se nalazi na Desktopu




Kad ovo gore odradiš, restartuj PC i reci mi kakvo je sada stanje.
Inače, zašto ne koristiš AV?

Ko je trenutno na forumu
 

Ukupno su 707 korisnika na forumu :: 26 registrovanih, 3 sakrivenih i 678 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, _Sale, alkatraz080, Atomski čoban, babaroga, Belac91, Brankoni, Chainsaw, cikadeda, dac, DH, helen1, ivan979, Khaless, kybonacci, ljuba, manda87, MB120mm, mcgunner, Milan A. Nikolic, Mlav, MrNo, nemkea71, nenad81, Smiljke, 79693