Pored sata izbacio VIRUS ALERT!

2

Pored sata izbacio VIRUS ALERT!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jel nestalo ono obavestenje na koje si se zalio?

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 65
  • Gde živiš: Beograd

Obavestenja su nestala, ali cim se konektujem na net odmah mi ukljuci Firefox i pokusava da ode na 'onaj' sajt.
Vratilo se sve iz starta, dok se na desku nisu vratili pobrisani shortcatovi.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zavrsena je analiza ponasanja onih fajlova koje si mi poslao na proveru.
Prvi pokusava da otvori neki sajt.
Drugi izigrava web server.
Treci ne pokazuje nikakvo ponasanje. Najverovatnije reaguje tek kad mu neki od prva dva nesto kazu da uradi.

Hajmo ovako:

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 65
  • Gde živiš: Beograd

Ikonice su sada sve na broju Wink
Vise ne otvara Firefox prilikom net konekcije!
Spybot mi trazi da odobrim ili ne sledece:


A ComboFix sam vec skinuo prekljuce, pa mi je sada kada sam ga pokrenuo trazio da uradim update, sto sam odbio Sad

Evo loga:

ComboFix 08-08-17.03 - Vedas 2008-08-22 21:57:10.4 - NTFSx86
Running from: C:\Documents and Settings\Vedas\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vedas\UserData
C:\Documents and Settings\Vedas\UserData\index.dat
C:\WINDOWS\etnd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.

2008-08-22 21:33 . 2008-08-22 21:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-22 21:33 . 2008-08-22 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-22 21:28 . 2008-08-22 21:28 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\Media Player Classic
2008-08-22 18:25 . 2008-08-22 18:25 2,500 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-21 16:43 . 2008-08-21 16:52 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-19 23:13 . 2008-08-19 17:37 380,928 --a------ C:\WINDOWS\twmxbsqrmtn.dll
2008-08-19 23:13 . 2008-08-19 23:14 147,456 ---hs---- C:\Documents and Settings\Vedas\ppxcs.exe
2008-08-19 23:13 . 2008-08-19 23:13 134,144 ---hs---- C:\Documents and Settings\Vedas\intelOP.exe
2008-08-19 23:13 . 2008-08-19 23:13 103,936 ---hs---- C:\Documents and Settings\Vedas\sccs.exe
2008-08-19 23:13 . 2008-08-19 23:13 103,424 ---hs---- C:\Documents and Settings\Vedas\css.exe
2008-08-19 23:13 . 2008-08-19 17:37 86,016 --a------ C:\WINDOWS\tqwolser.exe
2008-08-19 23:12 . 2008-08-19 23:12 73,728 ---hs---- C:\Documents and Settings\Vedas\MediaTubeCodec_ver1.1463.0.exe
2008-08-17 22:11 . 2008-08-17 22:11 <DIR> d-------- C:\Program Files\Dream Match Tennis Online
2008-08-17 21:45 . 2008-08-17 21:45 <DIR> d-------- C:\Program Files\Dream Match Tennis Pro
2008-08-17 13:21 . 2008-08-17 13:21 <DIR> d-------- C:\Program Files\Studio V5
2008-08-17 12:07 . 2008-08-17 12:07 <DIR> d-------- C:\Program Files\Alex Feinman
2008-08-13 18:04 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 17:46 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 23:32 . 2008-08-17 15:28 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\gtk-2.0
2008-08-11 23:30 . 2008-08-11 23:30 <DIR> d-------- C:\Documents and Settings\Vedas\.thumbnails
2008-08-11 21:50 . 2008-08-11 23:30 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-08-11 21:50 . 2008-08-17 15:29 <DIR> d-------- C:\Documents and Settings\Vedas\.gimp-2.4
2008-08-09 15:25 . 2008-08-09 15:25 <DIR> d-------- C:\Program Files\Panerai
2008-08-07 18:01 . 2008-08-07 18:03 <DIR> d-------- C:\Program Files\ZoneRings
2008-08-07 18:01 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2008-08-07 00:51 . 2008-08-07 00:51 81 --a------ C:\WINDOWS\system32\thview.ini
2008-08-07 00:23 . 2008-08-18 17:44 <DIR> d-------- C:\WINDOWS\system32\drivers\itech0
2008-08-06 18:07 . 2008-08-06 18:07 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-08-06 17:55 . 2007-06-08 17:15 1,519,616 --a------ C:\WINDOWS\system32\mxpvct25.dat
2008-08-06 17:55 . 2004-03-09 16:45 132,880 --a------ C:\WINDOWS\system32\mxpvct22.dat
2008-08-06 16:59 . 2008-08-06 17:01 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\MessengerLog6
2008-08-05 20:53 . 2008-08-05 20:53 <DIR> d-------- C:\Documents and Settings\Vedas\dwhelper
2008-08-01 21:13 . 2008-08-01 21:13 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-27 22:20 . 2008-07-27 22:20 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\PCF-VLC
2008-07-27 22:17 . 2008-07-27 22:17 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\Participatory Culture Foundation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 19:17 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-22 19:14 --------- d-----w C:\Documents and Settings\Vedas\Application Data\AVG7
2008-08-22 19:10 --------- d-----w C:\Program Files\Real
2008-08-22 19:10 --------- d-----w C:\Program Files\Common Files\Real
2008-08-22 18:48 --------- d-----w C:\Documents and Settings\Vedas\Application Data\uTorrent
2008-08-20 17:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 16:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 21:14 --------- d-----w C:\Program Files\Orbitdownloader
2008-08-17 17:10 --------- d-----w C:\Program Files\TechSmith
2008-08-17 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-08-17 17:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-17 12:53 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-17 12:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 12:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-13 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-10 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-08-06 16:54 --------- d-----w C:\Program Files\WhatsRunning
2008-08-01 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-27 21:19 --------- d-----w C:\Program Files\WLM Ripper
2008-07-06 10:25 --------- d-----w C:\Documents and Settings\Vedas\Application Data\GrabPro
2008-07-06 10:19 --------- d-----w C:\Documents and Settings\Vedas\Application Data\Orbit
2008-06-29 19:25 --------- d-----w C:\Documents and Settings\Vedas\Application Data\GeoVid
2008-06-29 19:13 --------- d-----w C:\Program Files\GeoVid
2008-06-29 19:13 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-06-29 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-28 17:34 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-28 16:57 88 --sh--r C:\Documents and Settings\All Users\Application Data\741EA877E1.sys
2008-06-02 21:18 146,645,318 ----a-w C:\registrybackup.reg
2008-03-24 22:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 16:19 2,293,848 ---ha-w C:\Program Files\FLV Player2FCSetup.exe
2007-04-06 23:03 1,333,336 ---ha-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-09 16:46 88 --sha-r C:\WINDOWS\system32\741EA877E1.sys
2008-04-28 19:25 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_17.40.40.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-21 14:52:16 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-08-21 14:52:18 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-07-25 08:34:36 683,520 ----a-w C:\WINDOWS\system32\divx.dll
+ 2008-07-25 08:34:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
- 2007-06-03 13:31:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
+ 2008-06-12 18:36:38 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
- 2008-08-13 15:40:57 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-08-17 03:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-08-13 15:41:09 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-08-17 03:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-08-13 15:41:09 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-08-17 03:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2006-11-15 21:01:36 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2008-07-23 16:50:52 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
- 2008-08-13 15:41:43 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-08-17 03:00:00 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2007-09-04 16:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
- 2006-11-01 13:52:38 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 12:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
- 2006-11-01 13:54:30 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2008-01-10 12:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
- 2008-08-18 15:29:56 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-08-22 20:04:45 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-08-18 15:29:56 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-08-22 20:04:45 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-08-22 20:04:47 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008082220080823\index.dat
+ 2008-08-22 20:04:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
- 2008-08-18 15:29:56 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-22 20:04:45 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-19 22:24 579584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"Sccs"="C:\Documents and Settings\Vedas\sccs.exe" [2008-08-19 23:13 103936]
"Css"="C:\Documents and Settings\Vedas\css.exe" [2008-08-19 23:13 103424]
"ppxcs"="C:\Documents and Settings\Vedas\ppxcs.exe" [2008-08-19 23:14 147456]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-06-19 22:18 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Windows\\System32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.ivimp3en"= ivimp3en.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Vedas^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Vedas^Start Menu^Programs^Startup^Slide.exe.lnk]
backup=C:\WINDOWS\pss\Slide.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\EcrTool_SR\\ECRSrvAPI.exe"=
"C:\\Program Files\\Valve\\hltv.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\amsn\\bin\\wish.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Dream Match Tennis Pro\\FA.exe"=
"C:\\Program Files\\Dream Match Tennis Online\\FA.exe"=
"C:\\Documents and Settings\\Vedas\\ppxcs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
S1 TapurVirtualCable;Tapur Virtual Cable;C:\WINDOWS\system32\drivers\tprvckmd.sys []
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys [2007-02-07 16:50]
S3 2hotspot controller;2hotspot Miniport;C:\WINDOWS\system32\DRIVERS\acontrol.sys []
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 11:03]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 16:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f10b73a-08b2-11dd-b7e8-4d6564696130}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - rundll32.exe .\\stclivnt.dll,InstallM
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []

2007-11-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-22 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D4797268-4778-49A3-80BB-7C8258A542E8} - C:\WINDOWS\rafbsvnx.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-itech0 - C:\WINDOWS\system32\drivers\itech0\itech.exe
SSODL-tsxngabr-{8B9ACF96-1A11-465C-8115-B5F4B0342AB3} - C:\WINDOWS\tsxngabr.dll
SSODL-vtqnxfko-{EA469EB2-8C5E-4D2C-A9AA-A55B3866D7E4} - C:\WINDOWS\vtqnxfko.dll
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Vedas\Application Data\Mozilla\Firefox\Profiles\7wmf17in.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - http:/google.com
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-22 22:05:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Sccs = C:\Documents and Settings\Vedas\sccs.exe?6???????
Css = C:\Documents and Settings\Vedas\css.exe??????????
ppxcs = C:\Documents and Settings\Vedas\ppxcs.exe???!???=

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-08-22 22:15:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-22 20:15:47
ComboFix2.txt 2008-03-25 21:15:06

Pre-Run: 74,525,716,480 bytes free
Post-Run: 74,504,916,992 bytes free

309 --- E O F --- 2008-08-20 16:50:33

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Moramo prvo da iskljucimo Spybot, ne daje nam da ocistimo reg. bazu.


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

- Zatim skinuti file sa ovog linka na Desktop.
- Pokrenuti file dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\twmxbsqrmtn.dll
C:\Documents and Settings\Vedas\ppxcs.exe
C:\Documents and Settings\Vedas\intelOP.exe
C:\Documents and Settings\Vedas\sccs.exe
C:\Documents and Settings\Vedas\css.exe
C:\WINDOWS\tqwolser.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sccs"=-
"Css"=-
"ppxcs"=-

DirLook::
C:\WINDOWS\system32\drivers\itech0


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 65
  • Gde živiš: Beograd

ComboFix opet trazio upgrade i opet mu nisam dozvolio - ne znam da li smem?
ResetTeaTimer log:
Windows Script Host access is disabled on this machine.
Post this in the forum please.

ComboFix 08-08-17.03 - Vedas 2008-08-24 21:53:41.5 - NTFSx86
Running from: C:\Documents and Settings\Vedas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vedas\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Vedas\css.exe
C:\Documents and Settings\Vedas\intelOP.exe
C:\Documents and Settings\Vedas\ppxcs.exe
C:\Documents and Settings\Vedas\sccs.exe
C:\WINDOWS\tqwolser.exe
C:\WINDOWS\twmxbsqrmtn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vedas\css.exe
C:\Documents and Settings\Vedas\intelOP.exe
C:\Documents and Settings\Vedas\ppxcs.exe
C:\Documents and Settings\Vedas\sccs.exe
C:\WINDOWS\tqwolser.exe
C:\WINDOWS\twmxbsqrmtn.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-22 21:33 . 2008-08-22 21:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-22 21:33 . 2008-08-22 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-22 21:28 . 2008-08-22 21:28 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\Media Player Classic
2008-08-22 18:25 . 2008-08-22 18:25 2,500 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-21 16:43 . 2008-08-21 16:52 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-19 23:12 . 2008-08-19 23:12 73,728 ---hs---- C:\Documents and Settings\Vedas\MediaTubeCodec_ver1.1463.0.exe
2008-08-17 22:11 . 2008-08-17 22:11 <DIR> d-------- C:\Program Files\Dream Match Tennis Online
2008-08-17 21:45 . 2008-08-23 00:07 <DIR> d-------- C:\Program Files\Dream Match Tennis Pro
2008-08-17 13:21 . 2008-08-17 13:21 <DIR> d-------- C:\Program Files\Studio V5
2008-08-17 12:07 . 2008-08-17 12:07 <DIR> d-------- C:\Program Files\Alex Feinman
2008-08-13 18:04 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 17:46 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 23:32 . 2008-08-17 15:28 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\gtk-2.0
2008-08-11 23:30 . 2008-08-11 23:30 <DIR> d-------- C:\Documents and Settings\Vedas\.thumbnails
2008-08-11 21:50 . 2008-08-11 23:30 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-08-11 21:50 . 2008-08-17 15:29 <DIR> d-------- C:\Documents and Settings\Vedas\.gimp-2.4
2008-08-09 15:25 . 2008-08-09 15:25 <DIR> d-------- C:\Program Files\Panerai
2008-08-07 18:01 . 2008-08-07 18:03 <DIR> d-------- C:\Program Files\ZoneRings
2008-08-07 18:01 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2008-08-07 00:51 . 2008-08-07 00:51 81 --a------ C:\WINDOWS\system32\thview.ini
2008-08-07 00:23 . 2008-08-18 17:44 <DIR> d-------- C:\WINDOWS\system32\drivers\itech0
2008-08-06 18:07 . 2008-08-06 18:07 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-08-06 17:55 . 2007-06-08 17:15 1,519,616 --a------ C:\WINDOWS\system32\mxpvct25.dat
2008-08-06 17:55 . 2004-03-09 16:45 132,880 --a------ C:\WINDOWS\system32\mxpvct22.dat
2008-08-06 16:59 . 2008-08-06 17:01 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\MessengerLog6
2008-08-05 20:53 . 2008-08-05 20:53 <DIR> d-------- C:\Documents and Settings\Vedas\dwhelper
2008-08-01 21:13 . 2008-08-01 21:13 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-27 22:20 . 2008-07-27 22:20 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\PCF-VLC
2008-07-27 22:17 . 2008-07-27 22:17 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\Participatory Culture Foundation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 19:56 --------- d-----w C:\Documents and Settings\Vedas\Application Data\AVG7
2008-08-22 22:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-22 20:48 --------- d-----w C:\Program Files\TVTool
2008-08-22 19:17 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-22 19:10 --------- d-----w C:\Program Files\Real
2008-08-22 19:10 --------- d-----w C:\Program Files\Common Files\Real
2008-08-22 18:48 --------- d-----w C:\Documents and Settings\Vedas\Application Data\uTorrent
2008-08-20 17:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 16:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 21:14 --------- d-----w C:\Program Files\Orbitdownloader
2008-08-17 17:10 --------- d-----w C:\Program Files\TechSmith
2008-08-17 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-08-17 17:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-17 12:53 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-17 12:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-13 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-10 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-08-06 16:54 --------- d-----w C:\Program Files\WhatsRunning
2008-08-01 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-27 21:19 --------- d-----w C:\Program Files\WLM Ripper
2008-07-06 10:25 --------- d-----w C:\Documents and Settings\Vedas\Application Data\GrabPro
2008-07-06 10:19 --------- d-----w C:\Documents and Settings\Vedas\Application Data\Orbit
2008-06-29 19:25 --------- d-----w C:\Documents and Settings\Vedas\Application Data\GeoVid
2008-06-29 19:13 --------- d-----w C:\Program Files\GeoVid
2008-06-29 19:13 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-06-29 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-28 17:34 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-28 16:57 88 --sh--r C:\Documents and Settings\All Users\Application Data\741EA877E1.sys
2008-06-02 21:18 146,645,318 ----a-w C:\registrybackup.reg
2008-03-24 22:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 16:19 2,293,848 ---ha-w C:\Program Files\FLV Player2FCSetup.exe
2007-04-06 23:03 1,333,336 ---ha-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-09 16:46 88 --sha-r C:\WINDOWS\system32\741EA877E1.sys
2008-04-28 19:25 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\drivers\itech0 ----

2008-08-07 00:53 73 --a------ C:\WINDOWS\system32\drivers\itech0\browse_setting.ini
2008-08-07 00:53 63 --a------ C:\WINDOWS\system32\drivers\itech0\setting.ini
2008-08-07 00:49 81920 --a------ C:\WINDOWS\system32\drivers\itech0\th_imgbrowser.ocx
2008-08-07 00:49 61440 --a------ C:\WINDOWS\system32\drivers\itech0\install_lsp.exe
2008-08-07 00:49 40960 --a------ C:\WINDOWS\system32\drivers\itech0\th_imgview.ocx
2008-08-07 00:49 17180 --a------ C:\WINDOWS\system32\drivers\itech0\bar.jpg
2008-08-07 00:49 1706800 --a------ C:\WINDOWS\system32\drivers\itech0\gdiplus.dll
2008-08-07 00:49 122880 --a------ C:\WINDOWS\system32\drivers\itech0\ImageView.exe
2008-08-07 00:43 40960 --a------ C:\WINDOWS\system32\drivers\itech0\anti_end.dll
2008-08-07 00:23 90112 --a------ C:\WINDOWS\system32\drivers\itech0\imonlsp.dll


((((((((((((((((((((((((((((( snapshot_2008-08-22_22.15.06.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-16 12:01:00 6,108,928 -c--a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll
+ 2008-05-16 12:01:00 6,108,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nv4_disp.dll
+ 2008-05-16 12:01:00 6,557,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nv4_mini.sys
+ 2008-05-16 12:01:00 425,984 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvapi.dll
+ 2008-05-16 12:01:00 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvcod.dll
+ 2008-05-16 12:01:00 13,529,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvcpl.dll
+ 2008-05-16 12:01:00 1,241,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvcuda.dll
+ 2008-05-16 12:01:00 6,582,272 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvdisps.dll
+ 2008-05-16 12:01:00 3,391,488 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvgames.dll
+ 2008-05-16 12:01:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvmccs.dll
+ 2008-05-16 12:01:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvmccss.dll
+ 2008-05-16 12:01:00 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvmctray.dll
+ 2008-05-16 12:01:00 1,257,472 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvmobls.dll
+ 2008-05-16 12:01:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvnt4cpl.dll
+ 2008-05-16 12:01:00 8,769,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvoglnt.dll
+ 2008-05-16 12:01:00 159,812 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvsvc32.exe
+ 2008-05-16 12:01:00 3,776,512 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvvitvs.dll
+ 2008-05-16 12:01:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvwddi.dll
+ 2008-05-16 12:01:00 2,629,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvwss.dll
- 2008-08-22 20:04:45 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-08-24 20:00:58 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-08-22 20:04:45 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-08-24 20:00:59 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-08-24 20:00:59 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008082420080825\index.dat
+ 2008-08-24 20:00:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_704.dat
- 2008-08-22 20:04:45 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-24 20:00:58 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-19 22:24 579584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-06-19 22:18 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Windows\\System32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.ivimp3en"= ivimp3en.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Vedas^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Vedas^Start Menu^Programs^Startup^Slide.exe.lnk]
backup=C:\WINDOWS\pss\Slide.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\EcrTool_SR\\ECRSrvAPI.exe"=
"C:\\Program Files\\Valve\\hltv.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\amsn\\bin\\wish.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Dream Match Tennis Online\\FA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
S1 TapurVirtualCable;Tapur Virtual Cable;C:\WINDOWS\system32\drivers\tprvckmd.sys []
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys [2007-02-07 16:50]
S3 2hotspot controller;2hotspot Miniport;C:\WINDOWS\system32\DRIVERS\acontrol.sys []
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 11:03]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 16:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f10b73a-08b2-11dd-b7e8-4d6564696130}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - rundll32.exe .\\stclivnt.dll,InstallM
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []

2007-11-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-24 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-24 22:01:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
.
**************************************************************************
.
Completion time: 2008-08-24 22:11:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 20:11:45
ComboFix2.txt 2008-08-22 20:15:53
ComboFix3.txt 2008-03-25 21:15:06

Pre-Run: 74,381,041,664 bytes free
Post-Run: 74,364,710,912 bytes free

279 --- E O F --- 2008-08-20 16:50:33

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Imamo problem sa resetovanjem TeaTimera (deo SpyBot S&D) jer ti je iskljucena jedna Windows komponenta koja nam je potrebna da bi smo to obavili.
TeaTimer ce uporno da vraca sve sto mi sredjujemo, sve dok ne uspem da ga resetujem.

Moracu da ti se izvinim, ali veceras necemo moci nista da uradimo jer je vec kasno (a ja ustajem rano za na posao).
Probacu sutra poslepodne da smislim nesto kako ovo da resimo.

Inace, ima li nekog vidljivog napretka?

I jos nesto, sledeci put pusti ComboFix da se updatuje.

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 65
  • Gde živiš: Beograd

Ok....nigde ne zurim.....ionako sve radi kako treba, jedino sto ti vidis da nije sve 100% cisto.

Ovih dana ako uspes da smislis, ostavi mi poruku, a za ovo do sada jedno Veliko HVALA Wink

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ako umes da se snadjes u regeditu, onda pronadji sledece kljuceve:
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\ pa na desnoj strani obrisi kljuc "Enabled"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled pa na desnoj strani obrisi kljuc "Enabled"

Javi ukoliko to uspes da uradis. Ako ne uspevas, onda moramo da smislimo neki elegantniji nacin Smile

offline
  • Pridružio: 01 Sep 2007
  • Poruke: 65
  • Gde živiš: Beograd

Prvog nema...pise samo ab[default] REG_SZ (value not set)
Drugi je prisutan....da ga brisem?

I da li pre toga treba da uradim onaj deo sa gasenjem TeaTimera u Spybot-u?

Ko je trenutno na forumu
 

Ukupno su 651 korisnika na forumu :: 10 registrovanih, 1 sakriven i 640 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Battlehammer, bojank, DPera, dragoljub11987, gorantrojka, hyla, Krvava Devetka, Lord Nem, nemkea71, slonic_tonic