MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Task Manager-om

Problem sa Task Manager-om

Napisano na dan: 19.1.2009
2

Problem sa Task Manager-om
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 22 Jan 2009 08:51
Idi na vrh
offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Zdravo,
evo sadrzaja iz ComboFix-quarantined-files.txt:

2008-12-26 13:22:55 A------- 3 C:\Qoobox\Quarantine\C\Program Files\2009\Notes.txt.vir
2008-12-26 13:22:55 A------- 5,957 C:\Qoobox\Quarantine\C\Program Files\2009\unins000.dat.vir
2008-12-26 13:22:55 A------- 12,208 C:\Qoobox\Quarantine\C\Program Files\2009\start.dxr.vir
2008-12-26 13:22:55 A------- 51,262 C:\Qoobox\Quarantine\C\Program Files\2009\PF2009.ico.vir
2008-12-26 13:22:55 A------- 114,688 C:\Qoobox\Quarantine\C\Program Files\2009\editor\calc.exe.vir
2008-12-26 13:22:55 A------- 142,838 C:\Qoobox\Quarantine\C\Program Files\2009\img.cxt.vir
2008-12-26 13:22:55 A------- 407,175 C:\Qoobox\Quarantine\C\Program Files\2009\agenda.dxr.vir
2008-12-26 13:22:55 A------- 552,960 C:\Qoobox\Quarantine\C\Program Files\2009\editor\Notepad2.exe.vir
2008-12-26 13:22:55 A------- 720,138 C:\Qoobox\Quarantine\C\Program Files\2009\unins000.exe.vir
2008-12-26 13:22:55 A------- 2,249,384 C:\Qoobox\Quarantine\C\Program Files\2009\2009.exe.vir
2008-12-26 13:22:56 A------- 6 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\MAJ.txt.vir
2008-12-26 13:22:56 A------- 7 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\JULI.txt.vir
2008-12-26 13:22:56 A------- 7 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\JUNI.txt.vir
2008-12-26 13:22:56 A------- 8 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\APRIL.txt.vir
2008-12-26 13:22:56 A------- 8 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\MART.txt.vir
2008-12-26 13:22:56 A------- 9 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\july.txt.vir
2008-12-26 13:22:56 A------- 9 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\june.txt.vir
2008-12-26 13:22:56 A------- 9 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\may.txt.vir
2008-12-26 13:22:56 A------- 9 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\AVGUST.txt.vir
2008-12-26 13:22:56 A------- 10 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\march.txt.vir
2008-12-26 13:22:56 A------- 10 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\OKTOBAR.txt.vir
2008-12-26 13:22:56 A------- 11 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\april.txt.vir
2008-12-26 13:22:56 A------- 11 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\DECEMBAR.txt.vir
2008-12-26 13:22:56 A------- 11 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\FEBRUAR.txt.vir
2008-12-26 13:22:56 A------- 11 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\NOVEMBAR.txt.vir
2008-12-26 13:22:56 A------- 12 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\august.txt.vir
2008-12-26 13:22:56 A------- 12 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\january.txt.vir
2008-12-26 13:22:56 A------- 12 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\NOTES.txt.vir
2008-12-26 13:22:56 A------- 12 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\SEPTEMBAR.txt.vir
2008-12-26 13:22:56 A------- 13 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\february.txt.vir
2008-12-26 13:22:56 A------- 13 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\october.txt.vir
2008-12-26 13:22:56 A------- 14 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\december.txt.vir
2008-12-26 13:22:56 A------- 14 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\november.txt.vir
2008-12-26 13:22:56 A------- 15 C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\september.txt.vir
2008-12-26 13:22:56 A------- 15 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\CONTACTS.txt.vir
2008-12-26 13:22:56 A------- 26 C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\JANUAR.txt.vir
2008-12-26 13:22:56 A------- 43 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\PMATIC.reg.vir
2008-12-26 13:22:56 A------- 49 C:\Qoobox\Quarantine\C\Program Files\2009\kLODOVIK.url.vir
2008-12-26 13:22:56 A------- 164 C:\Qoobox\Quarantine\C\Program Files\2009\files\prezentacija\3.txt.vir
2008-12-26 13:22:56 A------- 429 C:\Qoobox\Quarantine\C\Program Files\2009\files\prezentacija\1.txt.vir
2008-12-26 13:22:56 A------- 988 C:\Qoobox\Quarantine\C\Program Files\2009\files\licencesr.txt.vir
2008-12-26 13:22:56 A------- 4,271 C:\Qoobox\Quarantine\C\Program Files\2009\editor\Notepad2.reg.vir
2008-12-26 13:22:56 A------- 40,960 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\FileIo.x32.vir
2008-12-26 13:22:56 A------- 49,152 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\LZComprs.x32.vir
2008-12-26 13:22:56 A------- 49,152 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\ZipXtra.x32.vir
2008-12-26 13:22:56 A------- 53,248 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Squish.x32.vir
2008-12-26 13:22:56 A------- 61,440 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Actor Control.x32.vir
2008-12-26 13:22:56 A------- 65,536 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Cursor Asset.x32.vir
2008-12-26 13:22:56 A------- 69,632 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Font Asset.x32.vir
2008-12-26 13:22:56 A------- 69,632 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\SWADCmpr.x32.vir
2008-12-26 13:22:56 A------- 90,112 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\TextAuth.x32.vir
2008-12-26 13:22:56 A------- 98,304 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Text Asset.x32.vir
2008-12-26 13:22:56 A------- 110,592 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Cursor Options.x32.vir
2008-12-26 13:22:56 A------- 126,976 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Font Asset Dialog.x32.vir
2008-12-26 13:22:56 A------- 200,704 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\budapi.x32.vir
2008-12-26 13:22:56 A------- 282,624 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Font Xtra.x32.vir
2008-12-26 13:22:56 A------- 339,968 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Flash Asset\Flash Asset.x32.vir
2008-12-26 13:22:56 A------- 348,160 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\TextXtra.x32.vir
2008-12-26 13:22:56 A------- 351,744 C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\PMATIC.X32.vir
2009-01-19 13:25:31 A------- 162 C:\Qoobox\Quarantine\catchme.log
2009-01-19 13:27:23 A------- 4,629 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

Poslao: 22 Jan 2009 17:52
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Iskljuci Antivirus.


Otvoriti Notepad i iskopirati sledeci tekst:

DeQuarantine::
C:\Qoobox\Quarantine\C\Program Files\2009

File::
c:\windows\system32\drivers\SbCtri.exe
c:\windows\system32\drivers\trz1.tmp

Driver::
Service Controler

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 23 Jan 2009 09:08
Idi na vrh
offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Sada sam dobio dva izvestaja:

ComboFix 09-01-20.05 - user 2009-01-23 8:57:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.999 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090122-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\SbCtri.exe
c:\windows\system32\drivers\trz1.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SbCtri.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SERVICE_CONTROLER
-------\Service_Service Controler


((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-23 08:56 . 2009-01-23 08:56 <DIR> d-------- c:\program files\2009
2009-01-22 15:51 . 2009-01-22 16:19 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-22 15:45 . 2008-09-17 23:55 453,152 --a------ c:\windows\system32\nvuninst.exe
2009-01-22 15:45 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2009-01-22 08:40 . 2009-01-22 08:40 2,878,213 --a------ C:\Qoobox.rar
2009-01-19 11:58 . 2009-01-19 11:58 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-19 11:57 . 2009-01-19 11:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 11:57 . 2009-01-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 11:57 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 11:57 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 11:27 . 2009-01-19 11:27 1,409 --a------ c:\windows\system32\tmpE1028.FOT
2009-01-19 11:27 . 2009-01-19 11:27 1,409 --a------ c:\windows\system32\tmp54428.FOT
2009-01-19 09:48 . 2009-01-19 09:48 1,409 --a------ c:\windows\system32\tmpCD9A0.FOT
2009-01-19 09:48 . 2009-01-19 09:48 1,409 --a------ c:\windows\system32\tmp039A0.FOT
2009-01-19 09:22 . 2009-01-19 09:22 1,409 --a------ c:\windows\system32\tmpE41B0.FOT
2009-01-19 09:22 . 2009-01-19 09:22 1,409 --a------ c:\windows\system32\tmp333B0.FOT
2009-01-19 08:43 . 2009-01-19 08:43 1,409 --a------ c:\windows\system32\tmpA66D0.FOT
2008-12-31 10:32 . 2008-12-31 10:32 1,409 --a------ c:\windows\system32\tmpFC3D5.FOT
2008-12-31 10:32 . 2008-12-31 10:32 1,409 --a------ c:\windows\system32\tmpD14D5.FOT
2008-12-27 08:38 . 2008-12-27 08:38 1,409 --a------ c:\windows\system32\tmp6A801.FOT
2008-12-27 08:38 . 2008-12-27 08:38 1,409 --a------ c:\windows\system32\tmp2A601.FOT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 08:01 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-01-23 07:50 --------- d-----w c:\documents and settings\user\Application Data\Skype
2009-01-19 11:41 --------- d-----w c:\program files\CCLEANER
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-04-03 08:04 14,290 ----a-w c:\program files\settings.dat
2007-07-10 08:40 114 -c--a-w c:\program files\plugin.ini
2004-10-05 15:12 138,430 -c--a-w c:\program files\Readme.rtf
.

((((((((((((((((((((((((((((( snapshot@2009-01-19_13.28.12.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2007-03-15 16:16:42 236,928 -c----w c:\windows\system32\dllcache\WgaLogon.dll
+ 2008-09-05 22:30:42 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
- 2007-03-15 16:17:08 336,768 -c----w c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-05 22:29:58 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
- 2005-08-02 08:35:00 3,198,560 ----a-w c:\windows\system32\drivers\nv4_mini.sys
+ 2008-09-17 22:55:00 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
- 2005-08-02 08:35:00 393,216 -c--a-w c:\windows\system32\keystone.exe
+ 2008-09-17 22:55:00 436,768 ----a-w c:\windows\system32\keystone.exe
- 2007-10-11 13:12:48 1,468,968 ------w c:\windows\system32\LegitCheckControl.dll
+ 2008-09-05 22:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
- 2005-08-02 08:35:00 3,908,864 ----a-w c:\windows\system32\nv4_disp.dll
+ 2008-09-17 22:55:00 6,057,472 ----a-w c:\windows\system32\nv4_disp.dll
+ 2008-09-17 22:55:00 475,136 ----a-w c:\windows\system32\nvapi.dll
- 2005-08-02 08:35:00 442,368 -c--a-w c:\windows\system32\nvappbar.exe
+ 2008-09-17 22:55:00 449,056 ----a-w c:\windows\system32\nvappbar.exe
- 2005-08-02 08:35:00 32,768 ----a-w c:\windows\system32\nvcod.dll
+ 2008-09-17 22:55:00 122,880 ----a-w c:\windows\system32\nvcod.dll
- 2005-08-02 08:35:00 32,768 -c--a-w c:\windows\system32\nvcodins.dll
+ 2008-09-17 22:55:00 122,880 ----a-w c:\windows\system32\nvcodins.dll
- 2005-08-02 08:35:00 147,456 -c--a-w c:\windows\system32\nvcolor.exe
+ 2008-09-17 22:55:00 143,360 ----a-w c:\windows\system32\nvcolor.exe
- 2005-08-02 08:35:00 7,110,656 ----a-w c:\windows\system32\nvcpl.dll
+ 2008-09-17 22:55:00 13,574,144 ----a-w c:\windows\system32\nvcpl.dll
+ 2008-09-17 22:55:00 797,216 ----a-w c:\windows\system32\nvcplui.exe
+ 2008-09-17 22:55:00 1,108,512 ----a-w c:\windows\system32\nvcpluir.dll
+ 2008-09-17 22:55:00 1,368,064 ----a-w c:\windows\system32\nvcuda.dll
+ 2008-09-17 22:55:00 3,989,504 ----a-w c:\windows\system32\nvdisps.dll
+ 2008-09-17 22:55:00 5,799,936 ----a-w c:\windows\system32\nvdispsr.dll
- 2005-08-02 08:35:00 1,339,392 -c--a-w c:\windows\system32\nvdspsch.exe
+ 2008-09-17 22:55:00 1,346,080 ----a-w c:\windows\system32\nvdspsch.exe
+ 2008-09-17 22:55:00 3,444,736 ----a-w c:\windows\system32\nvgames.dll
+ 2008-09-17 22:55:00 3,457,024 ----a-w c:\windows\system32\nvgamesr.dll
- 2005-08-02 08:35:00 1,466,368 ----a-w c:\windows\system32\nview.dll
+ 2008-09-17 22:55:00 1,503,232 ----a-w c:\windows\system32\nview.dll
+ 2008-09-17 22:55:00 229,376 ----a-w c:\windows\system32\nvmccs.dll
+ 2008-09-17 22:55:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll
+ 2008-09-17 22:55:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
+ 2008-09-17 22:55:00 458,752 ----a-w c:\windows\system32\nvmccssr.dll
- 2005-08-02 08:35:00 86,016 ----a-w c:\windows\system32\nvmctray.dll
+ 2008-09-17 22:55:00 86,016 ----a-w c:\windows\system32\nvmctray.dll
+ 2008-09-17 22:55:00 1,257,472 ----a-w c:\windows\system32\nvmobls.dll
+ 2008-09-17 22:55:00 2,854,912 ----a-w c:\windows\system32\nvmoblsr.dll
- 2005-08-02 08:35:00 286,720 -c--a-w c:\windows\system32\nvnt4cpl.dll
+ 2008-09-17 22:55:00 286,720 ----a-w c:\windows\system32\nvnt4cpl.dll
- 2005-08-02 08:35:00 5,140,480 ----a-w c:\windows\system32\nvoglnt.dll
+ 2008-09-17 22:55:00 8,826,880 ----a-w c:\windows\system32\nvoglnt.dll
- 2005-08-02 08:35:00 315,392 -c--a-w c:\windows\system32\nvrsar.dll
+ 2008-09-17 22:55:00 331,776 ----a-w c:\windows\system32\nvrsar.dll
- 2005-08-02 08:35:00 233,472 ----a-w c:\windows\system32\nvrscs.dll
+ 2008-09-17 22:55:00 245,760 ----a-w c:\windows\system32\nvrscs.dll
- 2005-08-02 08:35:00 241,664 -c--a-w c:\windows\system32\nvrsda.dll
+ 2008-09-17 22:55:00 253,952 ----a-w c:\windows\system32\nvrsda.dll
- 2005-08-02 08:35:00 266,240 -c--a-w c:\windows\system32\nvrsde.dll
+ 2008-09-17 22:55:00 278,528 ----a-w c:\windows\system32\nvrsde.dll
- 2005-08-02 08:35:00 270,336 -c--a-w c:\windows\system32\nvrsel.dll
+ 2008-09-17 22:55:00 282,624 ----a-w c:\windows\system32\nvrsel.dll
- 2005-08-02 08:35:00 237,568 ----a-w c:\windows\system32\nvrseng.dll
+ 2008-09-17 22:55:00 245,760 ----a-w c:\windows\system32\nvrseng.dll
- 2005-08-02 08:35:00 270,336 ----a-w c:\windows\system32\nvrses.dll
+ 2008-09-17 22:55:00 282,624 ----a-w c:\windows\system32\nvrses.dll
- 2005-08-02 08:35:00 262,144 -c--a-w c:\windows\system32\nvrsesm.dll
+ 2008-09-17 22:55:00 274,432 ----a-w c:\windows\system32\nvrsesm.dll
- 2005-08-02 08:35:00 237,568 -c--a-w c:\windows\system32\nvrsfi.dll
+ 2008-09-17 22:55:00 249,856 ----a-w c:\windows\system32\nvrsfi.dll
- 2005-08-02 08:35:00 270,336 -c--a-w c:\windows\system32\nvrsfr.dll
+ 2008-09-17 22:55:00 282,624 ----a-w c:\windows\system32\nvrsfr.dll
- 2005-08-02 08:35:00 311,296 -c--a-w c:\windows\system32\nvrshe.dll
+ 2008-09-17 22:55:00 331,776 ----a-w c:\windows\system32\nvrshe.dll
- 2005-08-02 08:35:00 245,760 -c--a-w c:\windows\system32\nvrshu.dll
+ 2008-09-17 22:55:00 258,048 ----a-w c:\windows\system32\nvrshu.dll
- 2005-08-02 08:35:00 270,336 -c--a-w c:\windows\system32\nvrsit.dll
+ 2008-09-17 22:55:00 278,528 ----a-w c:\windows\system32\nvrsit.dll
- 2005-08-02 08:35:00 253,952 -c--a-w c:\windows\system32\nvrsja.dll
+ 2008-09-17 22:55:00 270,336 ----a-w c:\windows\system32\nvrsja.dll
- 2005-08-02 08:35:00 249,856 -c--a-w c:\windows\system32\nvrsko.dll
+ 2008-09-17 22:55:00 262,144 ----a-w c:\windows\system32\nvrsko.dll
- 2005-08-02 08:35:00 262,144 -c--a-w c:\windows\system32\nvrsnl.dll
+ 2008-09-17 22:55:00 274,432 ----a-w c:\windows\system32\nvrsnl.dll
- 2005-08-02 08:35:00 241,664 -c--a-w c:\windows\system32\nvrsno.dll
+ 2008-09-17 22:55:00 253,952 ----a-w c:\windows\system32\nvrsno.dll
- 2005-08-02 08:35:00 241,664 -c--a-w c:\windows\system32\nvrspl.dll
+ 2008-09-17 22:55:00 253,952 ----a-w c:\windows\system32\nvrspl.dll
- 2005-08-02 08:35:00 262,144 -c--a-w c:\windows\system32\nvrspt.dll
+ 2008-09-17 22:55:00 270,336 ----a-w c:\windows\system32\nvrspt.dll
- 2005-08-02 08:35:00 253,952 -c--a-w c:\windows\system32\nvrsptb.dll
+ 2008-09-17 22:55:00 266,240 ----a-w c:\windows\system32\nvrsptb.dll
- 2005-08-02 08:35:00 258,048 -c--a-w c:\windows\system32\nvrsru.dll
+ 2008-09-17 22:55:00 266,240 ----a-w c:\windows\system32\nvrsru.dll
- 2005-08-02 08:35:00 245,760 -c--a-w c:\windows\system32\nvrssk.dll
+ 2008-09-17 22:55:00 258,048 ----a-w c:\windows\system32\nvrssk.dll
- 2005-08-02 08:35:00 241,664 -c--a-w c:\windows\system32\nvrssl.dll
+ 2008-09-17 22:55:00 258,048 ----a-w c:\windows\system32\nvrssl.dll
- 2005-08-02 08:35:00 241,664 -c--a-w c:\windows\system32\nvrssv.dll
+ 2008-09-17 22:55:00 253,952 ----a-w c:\windows\system32\nvrssv.dll
+ 2008-09-17 22:55:00 253,952 ----a-w c:\windows\system32\nvrsth.dll
- 2005-08-02 08:35:00 245,760 -c--a-w c:\windows\system32\nvrstr.dll
+ 2008-09-17 22:55:00 253,952 ----a-w c:\windows\system32\nvrstr.dll
- 2005-08-02 08:35:00 212,992 -c--a-w c:\windows\system32\nvrszhc.dll
+ 2008-09-17 22:55:00 225,280 ----a-w c:\windows\system32\nvrszhc.dll
- 2005-08-02 08:35:00 114,688 -c--a-w c:\windows\system32\nvrszht.dll
+ 2008-09-17 22:55:00 122,880 ----a-w c:\windows\system32\nvrszht.dll
- 2005-08-02 08:35:00 466,944 ----a-w c:\windows\system32\nvshell.dll
+ 2008-09-17 22:55:00 466,944 ----a-w c:\windows\system32\nvshell.dll
- 2005-08-02 08:35:00 127,043 ----a-w c:\windows\system32\nvsvc32.exe
+ 2008-09-17 22:55:00 163,908 ----a-w c:\windows\system32\nvsvc32.exe
- 2005-08-02 08:35:00 176,128 ----a-w c:\windows\system32\nvudisp.exe
+ 2008-09-17 22:55:00 453,152 ----a-w c:\windows\system32\nvudisp.exe
+ 2008-09-17 22:55:00 3,764,224 ----a-w c:\windows\system32\nvvitvs.dll
+ 2008-09-17 22:55:00 4,149,248 ----a-w c:\windows\system32\nvvitvsr.dll
- 2005-08-02 08:35:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
+ 2008-09-17 22:55:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
- 2005-08-02 08:35:00 1,662,976 -c--a-w c:\windows\system32\nvwdmcpl.dll
+ 2008-09-17 22:55:00 1,724,416 ----a-w c:\windows\system32\nvwdmcpl.dll
- 2005-08-02 08:35:00 1,019,904 -c--a-w c:\windows\system32\nvwimg.dll
+ 2008-09-17 22:55:00 1,101,824 ----a-w c:\windows\system32\nvwimg.dll
- 2005-08-02 08:35:00 282,624 -c--a-w c:\windows\system32\nvwrsar.dll
+ 2008-09-17 22:55:00 282,624 ----a-w c:\windows\system32\nvwrsar.dll
- 2005-08-02 08:35:00 286,720 -c--a-w c:\windows\system32\nvwrscs.dll
+ 2008-09-17 22:55:00 286,720 ----a-w c:\windows\system32\nvwrscs.dll
- 2005-08-02 08:35:00 294,912 -c--a-w c:\windows\system32\nvwrsda.dll
+ 2008-09-17 22:55:00 294,912 ----a-w c:\windows\system32\nvwrsda.dll
- 2005-08-02 08:35:00 311,296 -c--a-w c:\windows\system32\nvwrsde.dll
+ 2008-09-17 22:55:00 311,296 ----a-w c:\windows\system32\nvwrsde.dll
- 2005-08-02 08:35:00 335,872 -c--a-w c:\windows\system32\nvwrsel.dll
+ 2008-09-17 22:55:00 335,872 ----a-w c:\windows\system32\nvwrsel.dll
- 2005-08-02 08:35:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
+ 2008-09-17 22:55:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
- 2005-08-02 08:35:00 335,872 -c--a-w c:\windows\system32\nvwrses.dll
+ 2008-09-17 22:55:00 335,872 ----a-w c:\windows\system32\nvwrses.dll
- 2005-08-02 08:35:00 327,680 -c--a-w c:\windows\system32\nvwrsesm.dll
+ 2008-09-17 22:55:00 327,680 ----a-w c:\windows\system32\nvwrsesm.dll
- 2005-08-02 08:35:00 303,104 -c--a-w c:\windows\system32\nvwrsfi.dll
+ 2008-09-17 22:55:00 303,104 ----a-w c:\windows\system32\nvwrsfi.dll
- 2005-08-02 08:35:00 327,680 -c--a-w c:\windows\system32\nvwrsfr.dll
+ 2008-09-17 22:55:00 327,680 ----a-w c:\windows\system32\nvwrsfr.dll
- 2005-08-02 08:35:00 278,528 -c--a-w c:\windows\system32\nvwrshe.dll
+ 2008-09-17 22:55:00 278,528 ----a-w c:\windows\system32\nvwrshe.dll
- 2005-08-02 08:35:00 315,392 -c--a-w c:\windows\system32\nvwrshu.dll
+ 2008-09-17 22:55:00 315,392 ----a-w c:\windows\system32\nvwrshu.dll
- 2005-08-02 08:35:00 323,584 -c--a-w c:\windows\system32\nvwrsit.dll
+ 2008-09-17 22:55:00 323,584 ----a-w c:\windows\system32\nvwrsit.dll
- 2005-08-02 08:35:00 212,992 -c--a-w c:\windows\system32\nvwrsja.dll
+ 2008-09-17 22:55:00 212,992 ----a-w c:\windows\system32\nvwrsja.dll
- 2005-08-02 08:35:00 196,608 -c--a-w c:\windows\system32\nvwrsko.dll
+ 2008-09-17 22:55:00 196,608 ----a-w c:\windows\system32\nvwrsko.dll
- 2005-08-02 08:35:00 319,488 -c--a-w c:\windows\system32\nvwrsnl.dll
+ 2008-09-17 22:55:00 319,488 ----a-w c:\windows\system32\nvwrsnl.dll
- 2005-08-02 08:35:00 299,008 -c--a-w c:\windows\system32\nvwrsno.dll
+ 2008-09-17 22:55:00 299,008 ----a-w c:\windows\system32\nvwrsno.dll
- 2005-08-02 08:35:00 294,912 -c--a-w c:\windows\system32\nvwrspl.dll
+ 2008-09-17 22:55:00 294,912 ----a-w c:\windows\system32\nvwrspl.dll
- 2005-08-02 08:35:00 323,584 -c--a-w c:\windows\system32\nvwrspt.dll
+ 2008-09-17 22:55:00 323,584 ----a-w c:\windows\system32\nvwrspt.dll
- 2005-08-02 08:35:00 319,488 -c--a-w c:\windows\system32\nvwrsptb.dll
+ 2008-09-17 22:55:00 319,488 ----a-w c:\windows\system32\nvwrsptb.dll
- 2005-08-02 08:35:00 315,392 -c--a-w c:\windows\system32\nvwrsru.dll
+ 2008-09-17 22:55:00 315,392 ----a-w c:\windows\system32\nvwrsru.dll
- 2005-08-02 08:35:00 299,008 -c--a-w c:\windows\system32\nvwrssk.dll
+ 2008-09-17 22:55:00 299,008 ----a-w c:\windows\system32\nvwrssk.dll
- 2005-08-02 08:35:00 303,104 -c--a-w c:\windows\system32\nvwrssl.dll
+ 2008-09-17 22:55:00 303,104 ----a-w c:\windows\system32\nvwrssl.dll
- 2005-08-02 08:35:00 294,912 -c--a-w c:\windows\system32\nvwrssv.dll
+ 2008-09-17 22:55:00 294,912 ----a-w c:\windows\system32\nvwrssv.dll
+ 2008-09-17 22:55:00 290,816 ----a-w c:\windows\system32\nvwrsth.dll
- 2005-08-02 08:35:00 303,104 -c--a-w c:\windows\system32\nvwrstr.dll
+ 2008-09-17 22:55:00 303,104 ----a-w c:\windows\system32\nvwrstr.dll
- 2005-08-02 08:35:00 163,840 -c--a-w c:\windows\system32\nvwrszhc.dll
+ 2008-09-17 22:55:00 163,840 ----a-w c:\windows\system32\nvwrszhc.dll
- 2005-08-02 08:35:00 167,936 -c--a-w c:\windows\system32\nvwrszht.dll
+ 2008-09-17 22:55:00 167,936 ----a-w c:\windows\system32\nvwrszht.dll
+ 2008-09-17 22:55:00 2,686,976 ----a-w c:\windows\system32\nvwss.dll
+ 2008-09-17 22:55:00 2,981,888 ----a-w c:\windows\system32\nvwssr.dll
- 2005-08-02 08:35:00 1,519,616 ----a-w c:\windows\system32\nwiz.exe
+ 2008-09-17 22:55:00 1,657,376 ----a-w c:\windows\system32\nwiz.exe
+ 2005-08-02 08:35:00 3,908,864 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nv4_disp.dll
+ 2005-08-02 08:35:00 3,198,560 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nv4_mini.sys
+ 2005-08-02 08:35:00 32,768 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvcod.dll
+ 2005-08-02 08:35:00 7,110,656 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvcpl.dll
+ 2005-08-02 08:35:00 540,672 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvhwvid.dll
+ 2005-08-02 08:35:00 86,016 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvmctray.dll
+ 2005-08-02 08:35:00 286,720 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvnt4cpl.dll
+ 2005-08-02 08:35:00 5,140,480 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvoglnt.dll
+ 2005-08-02 08:35:00 127,043 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvsvc32.exe
+ 2005-08-02 08:35:00 81,920 ----a-w c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvwddi.dll
- 2007-03-15 16:16:42 236,928 ------w c:\windows\system32\WgaLogon.dll
+ 2008-09-05 22:30:42 241,704 ----a-w c:\windows\system32\WgaLogon.dll
- 2007-03-15 16:17:08 336,768 ------w c:\windows\system32\WgaTray.exe
+ 2008-09-05 22:29:58 917,032 ------w c:\windows\system32\WgaTray.exe
+ 2009-01-23 08:01:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_55c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-22 184320]
"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-05-27 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-09-14 249927]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-03 113664]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-03 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\3d max\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2006-04-14 43512]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2006-04-14 179482]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 111184]
R3 SMBus_2k;SMBus_2k;c:\windows\system32\drivers\SMBus_2k.sys [2006-04-04 14208]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560]
R4 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2006-04-14 5088]
R4 HDDFC;Hard Disk Noise Control;c:\program files\Fujitsu Siemens\Hard Disk Noise Control\HDDFC.exe [2005-03-22 155745]
R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {11E41D21-F58E-4956-938C-41741B79A8A7} = 192.168.0.11,91.150.90.2,91.150.90.3
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\ltag9nch.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-23 09:01:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\rundll32.exe
c:\program files\TeamViewer3\TeamViewer.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-01-23 9:04:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 08:04:39
ComboFix2.txt 2009-01-21 07:52:13
ComboFix3.txt 2009-01-19 12:29:35
C:\DeQuarantine.txt

Pre-Run: 9,241,972,736 bytes free
Post-Run: 9,185,353,728 bytes free

359 --- E O F --- 2009-01-14 15:04:03


i:

C:\Qoobox\Quarantine\C\Program Files\2009\2009.exe -> C:\Program Files\2009\2009.exe
C:\Qoobox\Quarantine\C\Program Files\2009\agenda.dxr -> C:\Program Files\2009\agenda.dxr
C:\Qoobox\Quarantine\C\Program Files\2009\img.cxt -> C:\Program Files\2009\img.cxt
C:\Qoobox\Quarantine\C\Program Files\2009\kLODOVIK.url -> C:\Program Files\2009\kLODOVIK.url
C:\Qoobox\Quarantine\C\Program Files\2009\Notes.txt -> C:\Program Files\2009\Notes.txt
C:\Qoobox\Quarantine\C\Program Files\2009\PF2009.ico -> C:\Program Files\2009\PF2009.ico
C:\Qoobox\Quarantine\C\Program Files\2009\start.dxr -> C:\Program Files\2009\start.dxr
C:\Qoobox\Quarantine\C\Program Files\2009\unins000.dat -> C:\Program Files\2009\unins000.dat
C:\Qoobox\Quarantine\C\Program Files\2009\unins000.exe -> C:\Program Files\2009\unins000.exe
C:\Qoobox\Quarantine\C\Program Files\2009\editor\calc.exe -> C:\Program Files\2009\editor\calc.exe
C:\Qoobox\Quarantine\C\Program Files\2009\editor\Notepad2.exe -> C:\Program Files\2009\editor\Notepad2.exe
C:\Qoobox\Quarantine\C\Program Files\2009\editor\Notepad2.reg -> C:\Program Files\2009\editor\Notepad2.reg
C:\Qoobox\Quarantine\C\Program Files\2009\files\licencesr.txt -> C:\Program Files\2009\files\licencesr.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\april.txt -> C:\Program Files\2009\files\meseci\april.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\august.txt -> C:\Program Files\2009\files\meseci\august.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\december.txt -> C:\Program Files\2009\files\meseci\december.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\february.txt -> C:\Program Files\2009\files\meseci\february.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\january.txt -> C:\Program Files\2009\files\meseci\january.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\july.txt -> C:\Program Files\2009\files\meseci\july.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\june.txt -> C:\Program Files\2009\files\meseci\june.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\march.txt -> C:\Program Files\2009\files\meseci\march.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\may.txt -> C:\Program Files\2009\files\meseci\may.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\november.txt -> C:\Program Files\2009\files\meseci\november.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\october.txt -> C:\Program Files\2009\files\meseci\october.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\meseci\september.txt -> C:\Program Files\2009\files\meseci\september.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\APRIL.txt -> C:\Program Files\2009\files\mjeseci\APRIL.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\AVGUST.txt -> C:\Program Files\2009\files\mjeseci\AVGUST.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\CONTACTS.txt -> C:\Program Files\2009\files\mjeseci\CONTACTS.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\DECEMBAR.txt -> C:\Program Files\2009\files\mjeseci\DECEMBAR.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\FEBRUAR.txt -> C:\Program Files\2009\files\mjeseci\FEBRUAR.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\JANUAR.txt -> C:\Program Files\2009\files\mjeseci\JANUAR.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\JULI.txt -> C:\Program Files\2009\files\mjeseci\JULI.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\JUNI.txt -> C:\Program Files\2009\files\mjeseci\JUNI.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\MAJ.txt -> C:\Program Files\2009\files\mjeseci\MAJ.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\MART.txt -> C:\Program Files\2009\files\mjeseci\MART.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\NOTES.txt -> C:\Program Files\2009\files\mjeseci\NOTES.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\NOVEMBAR.txt -> C:\Program Files\2009\files\mjeseci\NOVEMBAR.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\OKTOBAR.txt -> C:\Program Files\2009\files\mjeseci\OKTOBAR.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\mjeseci\SEPTEMBAR.txt -> C:\Program Files\2009\files\mjeseci\SEPTEMBAR.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\prezentacija\1.txt -> C:\Program Files\2009\files\prezentacija\1.txt
C:\Qoobox\Quarantine\C\Program Files\2009\files\prezentacija\3.txt -> C:\Program Files\2009\files\prezentacija\3.txt
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\budapi.x32 -> C:\Program Files\2009\Xtras\budapi.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\PMATIC.reg -> C:\Program Files\2009\Xtras\PMATIC.reg
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\PMATIC.X32 -> C:\Program Files\2009\Xtras\PMATIC.X32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Flash Asset\Flash Asset.x32 -> C:\Program Files\2009\Xtras\Flash Asset\Flash Asset.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Actor Control.x32 -> C:\Program Files\2009\Xtras\Media Support\Actor Control.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Cursor Asset.x32 -> C:\Program Files\2009\Xtras\Media Support\Cursor Asset.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Cursor Options.x32 -> C:\Program Files\2009\Xtras\Media Support\Cursor Options.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\FileIo.x32 -> C:\Program Files\2009\Xtras\Media Support\FileIo.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Font Asset Dialog.x32 -> C:\Program Files\2009\Xtras\Media Support\Font Asset Dialog.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Font Asset.x32 -> C:\Program Files\2009\Xtras\Media Support\Font Asset.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Font Xtra.x32 -> C:\Program Files\2009\Xtras\Media Support\Font Xtra.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\LZComprs.x32 -> C:\Program Files\2009\Xtras\Media Support\LZComprs.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Squish.x32 -> C:\Program Files\2009\Xtras\Media Support\Squish.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\SWADCmpr.x32 -> C:\Program Files\2009\Xtras\Media Support\SWADCmpr.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\Text Asset.x32 -> C:\Program Files\2009\Xtras\Media Support\Text Asset.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\TextAuth.x32 -> C:\Program Files\2009\Xtras\Media Support\TextAuth.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\TextXtra.x32 -> C:\Program Files\2009\Xtras\Media Support\TextXtra.x32
C:\Qoobox\Quarantine\C\Program Files\2009\Xtras\Media Support\ZipXtra.x32 -> C:\Program Files\2009\Xtras\Media Support\ZipXtra.x32
59 File(s) copied

Poslao: 23 Jan 2009 10:15
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Da li ima nekih problema sada?

Poslao: 23 Jan 2009 10:26
Idi na vrh
offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Imam sa mrezom tj. ne mogu da mu pristupim sa drugog racunara i nije moguce koristiti stampac koji je na njemu preko mreze.

Poslao: 23 Jan 2009 16:51
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zipuj/raruj mi sledeci folder:
C:\qoobox\quarantine

i posalji ga preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

Poslao: 26 Jan 2009 08:54
Idi na vrh
offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Uradio sam po uputstvu.

Poslao: 26 Jan 2009 18:15
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Skinuti SDFix na Desktop.

Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakivanju.


Restartovati kompjuter u Safe Mode
Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat
Stisnuti Y da bi se zapocelo skeniranje
Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan
Pritisnuti bilo koji taster da bi se kompjuter restartovao
Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished
Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan
Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis

Poslao: 27 Jan 2009 08:56
Idi na vrh
offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Zdravo,
uradjeno po uputstvu i evo izvestaja.


SDFix: Version 1.240
Run by Administrator on 27/01/2009 at 08:39

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-27 08:45:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\3d max\\3dsmax.exe"="C:\\Program Files\\3d max\\3dsmax.exe:*:Enabled:3ds max 7"
"C:\\Program Files\\backburner 2\\monitor.exe"="C:\\Program Files\\backburner 2\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\backburner 2\\manager.exe"="C:\\Program Files\\backburner 2\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\backburner 2\\server.exe"="C:\\Program Files\\backburner 2\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :


Finished!



i drugi


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:35, on 27/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\Program Files\Fujitsu Siemens\Hard Disk Noise Control\HDDFC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\user\Desktop\New Folder\Azra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E41D21-F58E-4956-938C-41741B79A8A7}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E41D21-F58E-4956-938C-41741B79A8A7}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Hard Disk Noise Control (HDDFC) - Fujitsu Siemens Computers - c:\Program Files\Fujitsu Siemens\Hard Disk Noise Control\HDDFC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 8686 bytes


Jedina promena koju sam primetio posle restarta tj. skeniranja SDFix-a je ta da je iskljucen ``Automatic Updates``.

Poslao: 27 Jan 2009 09:03
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Jel imas jos problema sa mrezom?

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Task Manager-om

Ko je trenutno na forumu
 

Ukupno su 750 korisnika na forumu :: 13 registrovanih, 1 sakriven i 736 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Battlehammer, bojank, darios, ILGromovnik, Kenanjoz, Mixelotti, nemkea71, Nikolaa11, nuke92, S1Mk3, saputnik plavetnila, slonic_tonic, VladaKG1980