MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Pomoc

Napisano na dan: 27.2.2008
2

Pomoc
Pagination Prethodna strana

Idi na vrh

Poslao: 29 Feb 2008 17:39
Idi na vrh
offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

Postavljen je sadrzaj tog foldera na upload



Poslao: 29 Feb 2008 17:55
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Bio sam u pravu, i ovo je malware.
Slobodno obrisi taj folder.

Napravi mi svez ComboFix log, da vidim ima li jos cega.



Poslao: 29 Feb 2008 18:04
Idi na vrh
offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

ComboFix 08-02-25.3 - Sasa 2008-02-29 17:59:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT 1:00]
Running from: C:\Documents and Settings\Sasa\Desktop\cccc\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-28 17:56 . 2008-02-28 17:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-28 17:56 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-28 17:56 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 17:56 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 17:56 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 17:56 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 17:56 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 17:56 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 17:56 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 17:56 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 16:03 . 2008-02-28 16:03 289,280 --a------ C:\WINDOWS\system32\vtstr.dll.vir
2008-02-28 01:04 . 2008-02-28 01:04 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Thinstall
2008-02-27 22:54 . 2008-02-27 22:54 85,056 --a------ C:\WINDOWS\system32\jkagtpna.dll.vir
2008-02-27 22:53 . 2008-02-27 22:53 91,712 --a------ C:\WINDOWS\system32\yrdnpntp.dll.vir
2008-02-27 20:00 . 2008-02-27 20:00 289,280 --a------ C:\WINDOWS\system32\awtqq.dll.vir
2008-02-27 19:57 . 2008-02-28 16:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 19:40 . 2008-02-27 19:40 36,004 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-27 18:16 . 2008-02-27 18:16 85,056 --a------ C:\WINDOWS\system32\xrenbspi.dll.vir
2008-02-27 18:15 . 2008-02-28 01:26 99,139 --a------ C:\WINDOWS\BM9bf0db13.xml
2008-02-27 18:15 . 2008-02-28 16:53 22 --a------ C:\WINDOWS\pskt.ini
2008-02-27 18:14 . 2008-02-27 18:14 91,712 --a------ C:\WINDOWS\system32\wvdkljwu.dll.vir
2008-02-27 17:57 . 2008-02-27 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-27 16:57 . 2008-02-27 16:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 16:57 . 2008-02-27 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-27 16:53 . 2008-02-27 16:53 <DIR> d-------- C:\Program Files\CCleaner
2008-02-26 13:45 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-26 13:45 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-26 13:45 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-26 13:45 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-26 13:45 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-26 13:45 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-26 13:45 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-26 13:45 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-26 13:45 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-25 20:57 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-25 13:56 . 2008-02-25 22:02 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-02-24 21:48 . 2008-02-24 21:48 37,888 --a------ C:\WINDOWS\system32\wvuvsqq.dll.vir
2008-02-24 03:55 . 2008-02-24 03:55 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-24 03:10 . 2008-02-24 03:22 <DIR> d-------- C:\Program Files\AdvancedCleaner Free
2008-02-24 03:07 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-24 02:23 . 2008-02-24 03:31 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\AntiSpywareSuite
2008-02-23 23:14 . 2007-02-28 10:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-02-23 23:14 . 2007-02-28 10:53 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-02-23 23:14 . 2007-02-28 10:15 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-02-23 20:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-23 20:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-23 20:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-23 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-23 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-23 20:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-22 16:28 . 2008-02-22 16:29 1,255,317 --ahs---- C:\WINDOWS\system32\sbhckldm.tmp
2008-02-20 22:11 . 2008-02-20 22:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-20 21:38 . 2008-02-20 21:38 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-20 21:37 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-20 21:27 . 2008-02-24 02:51 192,544 --a------ C:\Documents and Settings\Sasa\Application Data\antivirusinstallfreenm_en[1].exe
2008-02-18 18:52 . 2008-02-18 18:52 268 --ah----- C:\sqmdata06.sqm
2008-02-18 18:52 . 2008-02-18 18:52 244 --ah----- C:\sqmnoopt06.sqm
2008-02-18 18:44 . 2008-02-18 18:44 244 --ah----- C:\sqmnoopt05.sqm
2008-02-18 18:44 . 2008-02-18 18:44 232 --ah----- C:\sqmdata05.sqm
2008-02-16 23:07 . 2008-02-16 23:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-16 22:52 . 2008-02-16 21:50 83,968 --a------ C:\WINDOWS\system32\wbcsvc.exe.vir
2008-02-09 17:37 . 2008-02-09 17:37 632 --a------ C:\WINDOWS\CoD.INI
2008-02-09 16:16 . 2008-02-09 16:16 618 --a------ C:\WINDOWS\EReg515.dat
2008-02-09 15:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-09 15:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-02-09 15:37 . 2008-02-09 15:37 217,088 --a------ C:\WINDOWS\system32\srkey.exe
2008-02-09 15:26 . 2008-02-09 15:26 137,344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys
2008-02-09 15:26 . 2008-02-09 15:26 9,472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys
2008-02-03 21:56 . 2008-02-03 21:56 244 --ah----- C:\sqmnoopt04.sqm
2008-02-03 21:56 . 2008-02-03 21:56 232 --ah----- C:\sqmdata04.sqm
2008-02-03 21:18 . 2008-02-25 22:00 <DIR> d-------- C:\Online
2008-02-03 13:40 . 2008-02-03 14:07 <DIR> d-------- C:\Program Files\Achilles-Script 3.7
2008-02-03 12:22 . 2008-02-03 12:22 33 --a------ C:\WINDOWS\Multimedia manager.INI
2008-02-02 16:06 . 2008-02-02 16:06 <DIR> d-------- C:\WINDOWS\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 19:32 --------- d-----w C:\Program Files\Picasa2
2008-02-28 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 18:13 --------- d-----w C:\Program Files\Lavasoft
2008-02-28 18:13 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Lavasoft
2008-02-28 15:23 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Skype
2008-02-28 15:22 --------- d-----w C:\Program Files\Yahoo!
2008-02-28 15:22 --------- d-----w C:\Program Files\BearShare Applications
2008-02-28 13:57 --------- d-----w C:\Documents and Settings\Sasa\Application Data\AVG7
2008-02-27 16:49 --------- d--h--r C:\Documents and Settings\Sasa\Application Data\yahoo!
2008-02-27 16:28 --------- d-----w C:\Program Files\Google
2008-02-24 19:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-23 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 20:22 --------- d-----w C:\Documents and Settings\Sasa\Application Data\BearShare
2008-02-06 20:32 --------- d-----w C:\Documents and Settings\Sasa\Application Data\TransRender
2008-02-03 13:15 --------- d-----w C:\Documents and Settings\Sasa\Application Data\mIRC
2008-02-03 12:05 --------- d-----w C:\Program Files\Alien Stars
2008-01-26 23:22 --------- d-----w C:\Program Files\XviD
2008-01-26 23:20 --------- d-----w C:\Program Files\DivXCodec
2008-01-26 23:17 --------- d-----w C:\Program Files\AC3Filter
2008-01-26 20:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-17 15:30 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Temporary
2008-01-04 01:27 --------- d-----w C:\Documents and Settings\Sasa\Application Data\ConvertTemp
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-19 17:27 579 ----a-w C:\Documents and Settings\Sasa\Application Data\dcpini.dat
2007-09-06 11:59 56 --sh--r C:\WINDOWS\system32\2A85166AD3.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04 1415824]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 13:17 4621816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 17:06 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 16:22 86016]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-04-19 14:48 319488]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03 49263]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-01-14 18:19 77870]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-11-16 16:29:56 1183744]
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2006-10-16 17:46:02 57344]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2006-10-16 16:53]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-06-16 16:11]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-06-16 16:11]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-06-16 16:11]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-06-16 16:11]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-06-16 16:11]
S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-02-29 18:01:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-02-29 18:03:53
.
2008-02-26 13:29:36 --- E O F ---

Poslao: 29 Feb 2008 18:24
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\jkagtpna.dll.vir
C:\WINDOWS\system32\yrdnpntp.dll.vir
C:\WINDOWS\system32\awtqq.dll.vir
C:\WINDOWS\system32\xrenbspi.dll.vir
C:\WINDOWS\system32\wvdkljwu.dll.vir
C:\WINDOWS\system32\wvuvsqq.dll.vir
C:\Documents and Settings\Sasa\Application Data\antivirusinstallfreenm_en[1].exe

Folder::
C:\Program Files\AdvancedCleaner Free
C:\Documents and Settings\Sasa\Application Data\AntiSpywareSuite
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Program Files\MalwareAlarm


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MapEDC"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 29 Feb 2008 18:45
Idi na vrh
offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

ComboFix 08-02-25.3 - Sasa 2008-02-29 18:36:29.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT 1:00]
Running from: C:\Documents and Settings\Sasa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sasa\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Sasa\Application Data\antivirusinstallfreenm_en[1].exe
C:\WINDOWS\system32\awtqq.dll.vir
C:\WINDOWS\system32\jkagtpna.dll.vir
C:\WINDOWS\system32\wvdkljwu.dll.vir
C:\WINDOWS\system32\wvuvsqq.dll.vir
C:\WINDOWS\system32\xrenbspi.dll.vir
C:\WINDOWS\system32\yrdnpntp.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\Sasa\Application Data\AntiSpywareSuite
C:\Documents and Settings\Sasa\Application Data\AntiSpywareSuite\Logs\threats.log
C:\Documents and Settings\Sasa\Application Data\AntiSpywareSuite\Logs\update.log
C:\Documents and Settings\Sasa\Application Data\AntiSpywareSuite\PGE.dat
C:\Documents and Settings\Sasa\Application Data\antivirusinstallfreenm_en[1].exe
C:\Program Files\AdvancedCleaner Free
C:\Program Files\AdvancedCleaner Free\unins000.exe
C:\Program Files\MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\WINDOWS\system32\awtqq.dll.vir
C:\WINDOWS\system32\jkagtpna.dll.vir
C:\WINDOWS\system32\wvdkljwu.dll.vir
C:\WINDOWS\system32\wvuvsqq.dll.vir
C:\WINDOWS\system32\xrenbspi.dll.vir
C:\WINDOWS\system32\yrdnpntp.dll.vir

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-28 17:56 . 2008-02-28 17:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-28 17:56 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-28 17:56 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 17:56 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 17:56 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 17:56 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 17:56 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 17:56 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 17:56 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 17:56 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 16:03 . 2008-02-28 16:03 289,280 --a------ C:\WINDOWS\system32\vtstr.dll.vir
2008-02-28 01:04 . 2008-02-28 01:04 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Thinstall
2008-02-27 19:57 . 2008-02-28 16:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 19:40 . 2008-02-27 19:40 36,004 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-27 18:15 . 2008-02-28 01:26 99,139 --a------ C:\WINDOWS\BM9bf0db13.xml
2008-02-27 18:15 . 2008-02-28 16:53 22 --a------ C:\WINDOWS\pskt.ini
2008-02-27 17:57 . 2008-02-27 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-27 16:57 . 2008-02-27 16:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 16:57 . 2008-02-27 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-27 16:53 . 2008-02-27 16:53 <DIR> d-------- C:\Program Files\CCleaner
2008-02-26 13:45 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-26 13:45 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-26 13:45 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-26 13:45 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-26 13:45 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-26 13:45 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-26 13:45 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-26 13:45 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-26 13:45 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-25 20:57 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-24 03:55 . 2008-02-24 03:55 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-24 03:07 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-23 23:14 . 2007-02-28 10:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-02-23 23:14 . 2007-02-28 10:53 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-02-23 23:14 . 2007-02-28 10:15 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-02-23 20:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-23 20:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-23 20:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-23 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-23 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-23 20:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-22 16:28 . 2008-02-22 16:29 1,255,317 --ahs---- C:\WINDOWS\system32\sbhckldm.tmp
2008-02-20 22:11 . 2008-02-20 22:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-20 21:37 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-18 18:52 . 2008-02-18 18:52 268 --ah----- C:\sqmdata06.sqm
2008-02-18 18:52 . 2008-02-18 18:52 244 --ah----- C:\sqmnoopt06.sqm
2008-02-18 18:44 . 2008-02-18 18:44 244 --ah----- C:\sqmnoopt05.sqm
2008-02-18 18:44 . 2008-02-18 18:44 232 --ah----- C:\sqmdata05.sqm
2008-02-16 23:07 . 2008-02-16 23:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-16 22:52 . 2008-02-16 21:50 83,968 --a------ C:\WINDOWS\system32\wbcsvc.exe.vir
2008-02-09 17:37 . 2008-02-09 17:37 632 --a------ C:\WINDOWS\CoD.INI
2008-02-09 16:16 . 2008-02-09 16:16 618 --a------ C:\WINDOWS\EReg515.dat
2008-02-09 15:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-09 15:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-02-09 15:37 . 2008-02-09 15:37 217,088 --a------ C:\WINDOWS\system32\srkey.exe
2008-02-09 15:26 . 2008-02-09 15:26 137,344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys
2008-02-09 15:26 . 2008-02-09 15:26 9,472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys
2008-02-03 21:56 . 2008-02-03 21:56 244 --ah----- C:\sqmnoopt04.sqm
2008-02-03 21:56 . 2008-02-03 21:56 232 --ah----- C:\sqmdata04.sqm
2008-02-03 21:18 . 2008-02-25 22:00 <DIR> d-------- C:\Online
2008-02-03 13:40 . 2008-02-03 14:07 <DIR> d-------- C:\Program Files\Achilles-Script 3.7
2008-02-03 12:22 . 2008-02-03 12:22 33 --a------ C:\WINDOWS\Multimedia manager.INI
2008-02-02 16:06 . 2008-02-02 16:06 <DIR> d-------- C:\WINDOWS\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 19:32 --------- d-----w C:\Program Files\Picasa2
2008-02-28 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 18:13 --------- d-----w C:\Program Files\Lavasoft
2008-02-28 18:13 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Lavasoft
2008-02-28 15:23 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Skype
2008-02-28 15:22 --------- d-----w C:\Program Files\Yahoo!
2008-02-28 15:22 --------- d-----w C:\Program Files\BearShare Applications
2008-02-28 13:57 --------- d-----w C:\Documents and Settings\Sasa\Application Data\AVG7
2008-02-27 16:49 --------- d--h--r C:\Documents and Settings\Sasa\Application Data\yahoo!
2008-02-27 16:28 --------- d-----w C:\Program Files\Google
2008-02-24 19:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-23 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 20:22 --------- d-----w C:\Documents and Settings\Sasa\Application Data\BearShare
2008-02-06 20:32 --------- d-----w C:\Documents and Settings\Sasa\Application Data\TransRender
2008-02-03 13:15 --------- d-----w C:\Documents and Settings\Sasa\Application Data\mIRC
2008-02-03 12:05 --------- d-----w C:\Program Files\Alien Stars
2008-01-26 23:22 --------- d-----w C:\Program Files\XviD
2008-01-26 23:20 --------- d-----w C:\Program Files\DivXCodec
2008-01-26 23:17 --------- d-----w C:\Program Files\AC3Filter
2008-01-26 20:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-17 15:30 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Temporary
2008-01-04 01:27 --------- d-----w C:\Documents and Settings\Sasa\Application Data\ConvertTemp
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-19 17:27 579 ----a-w C:\Documents and Settings\Sasa\Application Data\dcpini.dat
2007-09-06 11:59 56 --sh--r C:\WINDOWS\system32\2A85166AD3.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04 1415824]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 13:17 4621816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 17:06 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 16:22 86016]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-04-19 14:48 319488]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03 49263]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-01-14 18:19 77870]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-11-16 16:29:56 1183744]
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2006-10-16 17:46:02 57344]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2006-10-16 16:53]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-06-16 16:11]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-06-16 16:11]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-06-16 16:11]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-06-16 16:11]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-06-16 16:11]
S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-02-29 18:38:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-02-29 18:40:05
ComboFix-quarantined-files.txt 2008-02-29 17:39:12
ComboFix2.txt 2008-02-29 17:03:54
.
2008-02-26 13:29:36 --- E O F ---

Poslao: 29 Feb 2008 19:40
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvini, zaboravio sam na jedan fajl Sad
Mozes ga obrisati i rucno.
Fajl je C:\WINDOWS\system32\vtstr.dll.vir

Ja ne vidim nista vise sporno u logu. Kako se tebi cini, jel komp sada OK?

Poslao: 01 Mar 2008 07:32
Idi na vrh
offline
  • Pridružio: 21 Feb 2008
  • Poruke: 16

Obrisao sam fajl i cini mi se da sada racunar radi normalno Hvala na pomoci.

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Ko je trenutno na forumu
 

Ukupno su 2195 korisnika na forumu :: 88 registrovanih, 10 sakrivenih i 2097 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 4719 - dana 07 Dec 2025 13:00

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: acatomic, Agape, alex71, alexbr, Apok, Belac91, blue, Bobrock1, bojan_t, Boris BM, Borkanović, borya90, Cicumile, cifra, CikaKURE, cinoeye, Citalac, Darko Jovanovic, dekan.m, Despot Đurađ, Dimitrije Paunovic, Dimitrise93, Dioniss, draganl, dukajov, ElvisP, foksmolder, galerija, GandorCC, goflja76, gomago, gregorxix, hmrkovic, ikan, Insan, IQ116, Jaxupa, jeen yuhs, jodzula, Kajzer Soze, KimiMR, korin911, kybonacci, lacko, Leonov, Ljusa, Lucije Kvint, madza, Makssd85, mat, Mcdado, mexo, Miki281, milan radosavljevic, milan.tatanac1, Milos ZA, niksa517, nobutado, Paklenica, pceklic, Pekman, ping15, Primus17, proka89, raso76, rodoljub, sajorg, samocitam, sasa87, Scarecrow994, Sevatar, stegonosa, Tomo988, tooljan, trajkoni018, vaci, vathra, Velizar Laro, vensla, vidra boy, VJ, vjetar, Vlada1389, Vlada78, Vrač, vuksa72, Yekaterinburg, zillbg