Poslao: 16 Sep 2008 17:57
|
offline
- pancevac2008
- Novi MyCity građanin
- Pridružio: 16 Sep 2008
- Poruke: 14
|
Kao sto stoji u naslovu....
Racunar kao da se muci dok radi, desava se da mis "secka", odnosno dok ga pomeram kao da zastajkuje.
Cini mi se da ima nekih cudnih, meni nepoznatih procesa.
Zamolio bih za proveru log fajla i eventualna uputstva ako su potrebna.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:00 PM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Zlaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
c:\temps\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = rs1.travian.com/build.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\real\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=092608
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [minyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_080913a.dll tan16d
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Internet Service - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: TCP IP Service (Messager) - Unknown owner - c:\temps\svchost.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 7887 bytes
|
|
|
|
|
Poslao: 17 Sep 2008 00:11
|
offline
- pancevac2008
- Novi MyCity građanin
- Pridružio: 16 Sep 2008
- Poruke: 14
|
Kao prvo, hvala na pomoci.
Uradio sam kako si napisao i evo kopiram ovde sadrzaj ComboFix.txt fajla.
ComboFix 08-09-15.02 - Zlaja 2008-09-16 23:42:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.83 [GMT 2:00]
Running from: C:\Documents and Settings\Zlaja\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Zlaja\LOCALS~1\Temp\WowInitcode.dll
C:\WINDOWS\dcbdcatys32_080913a.dll
C:\WINDOWS\MSSqlServer.dll
C:\WINDOWS\smss.exe
C:\WINDOWS\system\sgcxcxxaspf080913.exe
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\FOLESVR.DLL
C:\WINDOWS\system32\inf\scsys16_080913.dll
C:\WINDOWS\system32\inf\sppdcrs080913.scr
C:\WINDOWS\system32\inf\svchoct.exe
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
C:\WINDOWS\system32\tmpacj0.exe
C:\WINDOWS\tawisys.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_INTERNET_SERVICE
-------\Legacy_SVCHOST
-------\Service_Internet Service
-------\Service_svchost
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-16 23:56 . 2008-09-16 23:56 319,234 --a------ C:\notpad.exe
2008-09-15 19:50 . 2008-09-15 19:51 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\BarbieIP
2008-09-15 02:41 . 2008-09-15 02:40 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-15 02:41 . 2008-09-15 02:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-09-14 05:12 . 2008-09-14 05:12 <DIR> d--hs---- C:\temps
2008-09-12 20:28 . 2008-09-12 20:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-09-07 20:19 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-09-07 20:19 . 2008-09-07 20:20 <DIR> d-------- C:\Documents and Settings\Zlaja\.SimpleCenter
2008-09-07 20:18 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\SimpleCenter
2008-09-07 20:11 . 2008-09-07 20:11 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-06 11:17 . 2008-09-16 23:44 <DIR> d-------- C:\WINDOWS\system32\inf
2008-08-29 17:48 . 2008-08-29 17:48 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\Disney Interactive Studios
2008-08-29 17:37 . 2008-08-29 17:37 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-08-29 17:36 . 2008-08-29 17:36 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\InstallShield
2008-08-22 13:34 . 2008-08-22 13:36 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\ScannerData
2008-08-22 09:06 . 2008-08-22 09:06 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-22 09:04 . 2008-08-22 09:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-22 09:04 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-22 09:02 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-22 09:02 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-22 09:02 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-22 09:02 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-22 09:02 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-22 09:02 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-20 09:52 . 2008-08-22 09:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-20 09:52 . 2008-08-20 09:52 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:17 --------- d-----w C:\Program Files\Activision
2008-09-15 00:49 --------- d-----w C:\Program Files\ESET
2008-09-13 06:32 --------- d-----w C:\Program Files\Build in Time
2008-09-08 01:46 --------- d-----w C:\Program Files\Nokia
2008-09-08 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-08 01:45 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-07 18:15 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\PC Suite
2008-09-06 09:50 --------- d-----w C:\Program Files\HyperVRE
2008-08-29 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 06:53 --------- d-----w C:\Program Files\Opera
2008-08-10 09:14 --------- d-----w C:\Program Files\Battleship
2008-08-06 18:44 --------- d-----w C:\Program Files\Fantasysoft-Studio
2008-08-06 10:52 3,001 --sha-w C:\Documents and Settings\Zlaja\ppUser.dat
2008-08-02 12:11 --------- d-----w C:\Program Files\Google
2008-08-02 11:27 --------- d-----w C:\Program Files\Nobilis
2008-07-29 21:20 --------- d-----w C:\Program Files\Ubisoft
2008-07-29 08:04 --------- d-----w C:\Program Files\SysSense
2008-07-28 14:55 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-07-28 14:49 --------- d-----w C:\Program Files\BearPaw 2400CU Plus
2008-07-19 17:02 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\Skype
2008-07-19 17:01 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\skypePM
2008-07-17 11:23 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\uTorrent
2008-05-13 14:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
------- Sigcheck -------
2004-08-04 00:56 14336 1242f3a2ba2edab2cedd8209feab86a9 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe" [2008-02-16 54272]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-15 917504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk
backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Zlaja^Start Menu^Programs^Startup^Ovulation Calendar.lnk]
path=C:\Documents and Settings\Zlaja\Start Menu\Programs\Startup\Ovulation Calendar.lnk
backup=C:\WINDOWS\pss\Ovulation Calendar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-02-22 23:21 32768 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-02-22 22:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 12:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-09 22:05 133104 C:\Documents and Settings\Zlaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-16 21:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2005-09-28 15:15 90112 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\BACKUP\\Ivana Igrice\\Tenis Pro\\DMTP2.08\\Dream Match Tennis Pro.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"C:\\Program Files\\netGangsters\\simGangster (2007)\\simgangster.exe"=
"C:\\Program Files\\Global Star Software\\Jetfighter V\\Game.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"C:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R2 Messager;TCP IP Service;c:\temps\svchost.exe [2008-09-17 502272]
S2 seiuctol;Security Control;c:\windows\system32\rundll32.exe adubes.dll,test [ ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
svchost
*Newly Created Service* - MESSAGER
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Explorer_Run-minyust - C:\WINDOWS\system32\inf\svchoct.exe
MSConfigStartUp-PC Suite Tray - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
MSConfigStartUp-Uniblue SpyEraser - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zlaja\Application Data\Mozilla\Firefox\Profiles\9b0vfa9w.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Documents and Settings\Zlaja\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-16 23:56:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-17 0:04:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-16 22:04:07
Pre-Run: 6,637,449,216 bytes free
Post-Run: 7,046,086,656 bytes free
235
|
|
|
|
|
Poslao: 18 Sep 2008 01:35
|
offline
- pancevac2008
- Novi MyCity građanin
- Pridružio: 16 Sep 2008
- Poruke: 14
|
Uradio sam sve po uputstvu i kopiram dobijeni log:
ComboFix 08-09-15.02 - Zlaja 2008-09-18 1:07:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT 2:00]
Running from: C:\Documents and Settings\Zlaja\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zlaja\Desktop\CFScript.txt
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\notpad.exe
C:\temps\svchost.exe
C:\WINDOWS\system32\inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MESSAGER
-------\Legacy_SEIUCTOL
-------\Service_Messager
-------\Service_seiuctol
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
2008-09-18 01:21 . 502,272 C:\notpad.exe
2008-09-15 19:50 . 2008-09-15 19:51 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\BarbieIP
2008-09-15 02:41 . 2008-09-15 02:40 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-15 02:41 . 2008-09-15 02:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-09-14 05:12 . 2008-09-18 01:22 <DIR> d--hs---- C:\temps
2008-09-12 20:28 . 2008-09-12 20:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-09-07 20:19 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-09-07 20:19 . 2008-09-07 20:20 <DIR> d-------- C:\Documents and Settings\Zlaja\.SimpleCenter
2008-09-07 20:18 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\SimpleCenter
2008-09-07 20:11 . 2008-09-07 20:11 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-29 17:48 . 2008-08-29 17:48 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\Disney Interactive Studios
2008-08-29 17:37 . 2008-08-29 17:37 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-08-29 17:36 . 2008-08-29 17:36 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\InstallShield
2008-08-22 13:34 . 2008-08-22 13:36 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\ScannerData
2008-08-22 09:06 . 2008-08-22 09:06 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-22 09:04 . 2008-08-22 09:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-22 09:04 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-22 09:02 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-22 09:02 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-22 09:02 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-22 09:02 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-22 09:02 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-22 09:02 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-20 09:52 . 2008-08-22 09:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-20 09:52 . 2008-08-20 09:52 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:17 --------- d-----w C:\Program Files\Activision
2008-09-15 00:49 --------- d-----w C:\Program Files\ESET
2008-09-14 03:09 91,136 ----a-w C:\WINDOWS\system32\msgsvc.dll
2008-09-13 06:32 --------- d-----w C:\Program Files\Build in Time
2008-09-08 01:46 --------- d-----w C:\Program Files\Nokia
2008-09-08 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-08 01:45 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-07 18:15 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\PC Suite
2008-09-06 09:50 --------- d-----w C:\Program Files\HyperVRE
2008-08-29 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 06:53 --------- d-----w C:\Program Files\Opera
2008-08-10 09:14 --------- d-----w C:\Program Files\Battleship
2008-08-06 18:44 --------- d-----w C:\Program Files\Fantasysoft-Studio
2008-08-06 10:52 3,001 --sha-w C:\Documents and Settings\Zlaja\ppUser.dat
2008-08-02 12:11 --------- d-----w C:\Program Files\Google
2008-08-02 11:27 --------- d-----w C:\Program Files\Nobilis
2008-07-29 21:20 --------- d-----w C:\Program Files\Ubisoft
2008-07-29 08:04 --------- d-----w C:\Program Files\SysSense
2008-07-28 14:55 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-07-28 14:49 --------- d-----w C:\Program Files\BearPaw 2400CU Plus
2008-07-19 17:02 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\Skype
2008-07-19 17:01 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\skypePM
2008-07-17 11:23 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\uTorrent
2008-05-13 14:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
------- Sigcheck -------
2004-08-04 00:56 14336 1242f3a2ba2edab2cedd8209feab86a9 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe" [2008-02-16 54272]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-15 917504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk
backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Zlaja^Start Menu^Programs^Startup^Ovulation Calendar.lnk]
path=C:\Documents and Settings\Zlaja\Start Menu\Programs\Startup\Ovulation Calendar.lnk
backup=C:\WINDOWS\pss\Ovulation Calendar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-02-22 23:21 32768 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-02-22 22:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 12:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-09 22:05 133104 C:\Documents and Settings\Zlaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-16 21:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2005-09-28 15:15 90112 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\BACKUP\\Ivana Igrice\\Tenis Pro\\DMTP2.08\\Dream Match Tennis Pro.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"C:\\Program Files\\netGangsters\\simGangster (2007)\\simgangster.exe"=
"C:\\Program Files\\Global Star Software\\Jetfighter V\\Game.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"C:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R2 Messager;TCP IP Service;c:\temps\svchost.exe [2008-09-18 502272]
*Newly Created Service* - MESSAGER
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-18 01:21:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-09-18 1:29:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 23:29:18
ComboFix2.txt 2008-09-16 22:04:47
Pre-Run: 6,705,754,112 bytes free
Post-Run: 6,991,900,672 bytes free
201
|
|
|
|
|
|
Poslao: 18 Sep 2008 21:29
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Postavi i poslednji ComboFix log - lokacija mu je C:\ComboFix.txt .
|
|
|
|
|
Poslao: 19 Sep 2008 13:20
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder
Dvoklikom pokreni avenger.exe
Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:
Drivers to delete:
Messager
Files to delete:
C:\notpad.exe
Folders to delete:
C:\temps
Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti
Kompjuter će se restartovati (dva puta) i započeti će proces čišćenja/skeniranja
Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.
Takođe, odmah nakon toga uploaduj file: C:\Avenger\backup.zip
preko ovog linka: http://www.mycity.rs/ambulanta-upload.php
|
|
|
|