Racunar radi usporeno - Mis "secka" pri pomeranju

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio. Evo ga sadrzaj avenger.txt

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "Messager" deleted successfully.
File "C:\notpad.exe" deleted successfully.
Folder "C:\temps" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Dopuna: 19 Sep 2008 19:10

Takodje sam i uploadovao onaj fajl backup.zip

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1) Ponovi skeniranja programom Gmer po ranije datom uputstvu i priloži logove uz poruku.



2) Preuzmi Dr.Web CureIt (~10 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu (ili ga priloži uz poruku).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

1) prvi zadatak uradjen
mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 21 Sep 2008 2:27

Evo i Dr Web loga.
mycity.rs/must-login.png


svchost.exe c:\temps Trojan.LowZones.1015 Deleted.
notpad.exe C:\ Trojan.LowZones.1015 Deleted.
ipk[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\78RJ2LMW Trojan.LowZones.1015 Deleted.
ComboFix.exe\32788R22FWJFW\psexec.cfexe C:\Documents and Settings\Zlaja\Desktop\ComboFix.exe Program.PsExec.171
ComboFix.exe C:\Documents and Settings\Zlaja\Desktop Archive contains infected objects Moved.
EWMSCSBA.NQF C:\Program Files\ESET\infected Trojan.Hitpop.origin Incurable.Moved.
PQV22OBA.NQF C:\Program Files\ESET\infected Trojan.Hitpop.547 Deleted.
TNK4HLAA.NQF C:\Program Files\ESET\infected BackDoor.Pigeon.origin Incurable.Moved.
notpad.exe.vir C:\QooBox\Quarantine\C Trojan.LowZones.1015 Deleted.
WowInitcode.dll.vir C:\QooBox\Quarantine\C\DOCUME~1\Zlaja\LOCALS~1\Temp Trojan.PWS.Gamania.13483 Deleted.
svchost.exe.vir C:\QooBox\Quarantine\C\temps Trojan.LowZones.1015 Deleted.
sgcxcxxaspf080913.exe.vir C:\QooBox\Quarantine\C\WINDOWS\system Trojan.Hitpop.origin Incurable.Moved.
scsys16_080913.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32\inf Trojan.Hitpop.547 Deleted.
sppdcrs080913.scr.vir C:\QooBox\Quarantine\C\WINDOWS\system32\inf Trojan.Hitpop.origin Incurable.Moved.
A0000002.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Trojan.LowZones.1015 Deleted.
A0000003.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Trojan.LowZones.1015 Deleted.
A0000028.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Trojan.LowZones.1015 Deleted.
A0000033.EXE C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Program.PsExec.170 Incurable.Moved.
A0001023.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Trojan.LowZones.1015 Deleted.
A0001024.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Trojan.LowZones.1015 Deleted.
A0002023.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Trojan.LowZones.1015 Deleted.
A0002040.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP2 Trojan.LowZones.1015 Deleted.
A0002059.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP3 Trojan.LowZones.1015 Deleted.
A0003047.EXE C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP3 Program.PsExec.170 Incurable.Moved.
A0004037.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP3 Trojan.LowZones.1015 Deleted.
A0004038.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP3 Trojan.LowZones.1015 Deleted.
A0004214.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP4 Trojan.LowZones.1015 Deleted.
A0004243.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP4 Trojan.LowZones.1015 Deleted.
A0004244.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP4 Trojan.LowZones.1015 Deleted.
A0004371.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5 Trojan.LowZones.1015 Deleted.
A0004372.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5 Trojan.LowZones.1015 Deleted.
A0004373.exe\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5\A0004373.exe Program.PsExec.171
A0004373.exe C:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5 Archive contains infected objects Moved.
i03F07MW.exe_ C:\WINDOWS\system32 Trojan.Click.19619 Deleted.
ma[1].exe C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1KDOFICB BackDoor.Pigeon.origin Incurable.Moved.
Westward2_FocusTest.exe\data013 D:\BACKUP\Ivana Igrice\West Ward\Westward2_FocusTest.exe Adware.SpywareStorm
Westward2_FocusTest.exe D:\BACKUP\Ivana Igrice\West Ward Archive contains infected objects Moved.
PizzaChef.exe D:\DVD\Games\1234_pizza\Pizza Chef Trojan.Swizzor.based Deleted.
j4_f.wav D:\DVD\Games\G T A\GTA3\GTA3\audio Modification of V2Px.1190 Moved.
keygen.exe D:\DVD\Graficki Software\Vue Scan\0950VUSCPRED8452_www.softarchive.net\Keygen Trojan.MulDrop.9295 Deleted.
data002\data002 D:\DVD\Tools\Bandwidth_Meter\BMSetup.exe\data002 Program.SrvAny
data002 D:\DVD\Tools\Bandwidth_Meter\BMSetup.exe Archive contains infected objects
BMSetup.exe D:\DVD\Tools\Bandwidth_Meter Archive contains infected objects Moved.
A0004375.exe\data013 D:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5\A0004375.exe Adware.SpywareStorm
A0004375.exe D:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5 Archive contains infected objects Moved.
A0004376.exe D:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5 Trojan.Swizzor.based Deleted.
A0004377.exe D:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5 Trojan.MulDrop.9295 Deleted.
data002\data002 D:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5\A0004378.exe\data002 Program.SrvAny
data002 D:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5\A0004378.exe Archive contains infected objects
A0004378.exe D:\System Volume Information\_restore{307D819A-EEB6-4818-AD05-77AA2B9F5CCD}\RP5 Archive contains infected objects Moved.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa evo drugi dan, cini mi se da je sada ok.
Imam NOD32 koji mi po neki put izbaci neko upozorenje ali mi se cini da je to zanemarljivo.

Kompjuter radi mnogo lakse.

Hvala puno na pomoci doktore!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hteo bih još nešto da proverim...

Dvoklikom pokreni ComboFix i postavi ovde logfile koji dobiješ na kraju procesa.

Pri pokretanju, program će možda ponuditi da se update-uje - dozvoli mu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Opet je Nod32 poceo da mi izbacuje neke poruke kada pokrenem firefox.

Evo ga log:

ComboFix 08-09-22.05 - Zlaja 2008-09-23 22:22:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.234 [GMT 2:00]
Running from: C:\Documents and Settings\Zlaja\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-21 02:30 . 2008-09-21 02:32 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-09-20 11:13 . 2008-09-20 11:43 <DIR> d-------- C:\Documents and Settings\Zlaja\DoctorWeb
2008-09-19 18:59 . 2008-09-20 11:15 <DIR> d--hs---- C:\temps
2008-09-19 02:56 . 2008-09-19 02:56 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-18 20:32 . 2008-09-20 03:24 250 --a------ C:\WINDOWS\gmer.ini
2008-09-15 19:50 . 2008-09-15 19:51 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\BarbieIP
2008-09-15 02:41 . 2008-09-15 02:40 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-15 02:41 . 2008-09-15 02:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-09-12 20:28 . 2008-09-12 20:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-09-07 20:19 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-09-07 20:19 . 2008-09-07 20:20 <DIR> d-------- C:\Documents and Settings\Zlaja\.SimpleCenter
2008-09-07 20:18 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\SimpleCenter
2008-09-07 20:11 . 2008-09-07 20:11 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-29 17:48 . 2008-08-29 17:48 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\Disney Interactive Studios
2008-08-29 17:37 . 2008-08-29 17:37 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-08-29 17:36 . 2008-08-29 17:36 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 17:14 --------- d-----w C:\Program Files\ESET
2008-09-19 00:56 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-19 00:55 --------- d-----w C:\Program Files\Nokia
2008-09-15 17:17 --------- d-----w C:\Program Files\Activision
2008-09-14 03:09 91,136 ----a-w C:\WINDOWS\system32\msgsvc.dll
2008-09-13 06:32 --------- d-----w C:\Program Files\Build in Time
2008-09-08 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-07 18:15 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\PC Suite
2008-09-06 09:50 --------- d-----w C:\Program Files\HyperVRE
2008-08-29 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 11:36 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\ScannerData
2008-08-22 07:04 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-16 06:53 --------- d-----w C:\Program Files\Opera
2008-08-10 09:14 --------- d-----w C:\Program Files\Battleship
2008-08-06 18:44 --------- d-----w C:\Program Files\Fantasysoft-Studio
2008-08-06 10:52 3,001 --sha-w C:\Documents and Settings\Zlaja\ppUser.dat
2008-08-02 12:11 --------- d-----w C:\Program Files\Google
2008-08-02 11:27 --------- d-----w C:\Program Files\Nobilis
2008-07-29 21:20 --------- d-----w C:\Program Files\Ubisoft
2008-07-29 08:04 --------- d-----w C:\Program Files\SysSense
2008-07-28 14:55 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-07-28 14:49 --------- d-----w C:\Program Files\BearPaw 2400CU Plus
2008-05-13 14:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2004-08-04 00:56 14336 1242f3a2ba2edab2cedd8209feab86a9 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-17_ 0.03.07.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-21 00:32:39 880,640 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.MapPoint.GraphicsAPI\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GraphicsAPI.dll
+ 2008-09-21 00:32:38 33,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\GeoCommunityCommon\2.0.0.0__31bf3856ad364e35\GeoCommunityCommon.dll
+ 2008-09-21 00:32:33 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.CompactMapFile\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.CompactMapFile.dll
+ 2008-09-21 00:32:33 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.VirtualEarthTileDataSource\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.dll
+ 2008-09-21 00:32:33 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.dll
+ 2008-09-21 00:32:36 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.COM\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.COM.dll
+ 2008-09-21 00:32:36 356,352 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\2.5.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-09-21 00:32:36 819,200 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.dll
+ 2008-09-21 00:32:34 208,896 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Geometry\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Geometry.dll
+ 2008-09-21 00:32:34 540,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Graphics3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Graphics3D.dll
+ 2008-09-21 00:32:33 143,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.dll
+ 2008-09-21 00:32:37 270,336 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Modeling\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Modeling.dll
+ 2008-09-21 00:32:35 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Network\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Network.dll
+ 2008-09-21 00:32:34 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-09-21 00:32:34 69,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-09-21 00:32:34 69,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-09-21 00:32:35 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_it_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-09-21 00:32:35 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-09-21 00:32:35 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.Utility\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Utility.dll
+ 2008-09-21 00:32:36 245,760 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.dll
+ 2008-09-21 00:32:34 770,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.dll
+ 2008-09-21 00:32:35 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Utility\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Utility.dll
+ 2008-09-21 00:32:35 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.UtilityPartialTrust\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.UtilityPartialTrust.dll
+ 2008-09-21 00:32:38 106,496 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\2.5.0.0_fr_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-09-21 00:32:37 200,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client\2.5.0.0__31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.dll
+ 2008-09-21 00:59:00 479,232 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\05388636bc37e14fa514d5c782023118\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
+ 2008-09-21 00:58:34 1,609,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\0c6182e40cf1324586bcf05ceb72fceb\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2008-09-21 00:58:14 1,462,272 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\16d4b8cc26726348838eb69f4abcae5c\Microsoft.MapPoint.Data.ni.dll
+ 2008-09-21 00:57:23 372,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\4b85654767ec2e4ebc81da7b1c8af351\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2008-09-21 00:58:58 806,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\4c6722d2554ea94e87e027e1d76fde0d\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2008-09-21 00:59:02 319,488 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\66ccaedfd377934c9a92ca70ec8a24c2\Microsoft.MapPoint.Network.ni.dll
+ 2008-09-21 00:57:55 516,096 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\69ece1ae6f404943a4d7d0e36c1fd402\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2008-09-21 00:58:26 2,523,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\701545e8eea43346bb6d0b780e187c10\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2008-09-21 00:58:53 1,380,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\73d9a34f304dae4387660c38ea6e41e8\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2008-09-21 00:57:51 3,575,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\81497f5dcfcc5a478f353bd7e395666e\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2008-09-21 00:58:44 1,826,816 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\85e3fbaaac51d1489593db31536a999c\Microsoft.MapPoint.Modeling.ni.dll
+ 2008-09-21 00:58:29 331,776 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\92f1a48869f7e14b87286fd3874b8fb2\Microsoft.MapPoint.Utility.ni.dll
+ 2008-09-21 00:58:05 249,856 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ee8e4ecf11efc94589c4937055a5d14c\Microsoft.MapPoint.UtilityPartialTrust.ni.dll
+ 2008-09-21 00:58:02 831,488 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\fe9b314300ffdf4c98d05ab2770419c6\Microsoft.MapPoint.Geometry.ni.dll
+ 2002-07-25 15:13:16 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 15:13:10 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2003-09-19 12:22:12 299,008 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2008-09-18 18:32:36 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\ARPPRODUCTICON.exe
+ 2008-09-19 18:00:12 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\ARPPRODUCTICON.exe
- 2008-02-20 15:28:43 34,304 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-19 18:00:12 34,304 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe
+ 2008-09-19 18:00:13 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut2.exe
+ 2008-09-19 18:00:13 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut2.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut3.exe
+ 2008-09-19 18:00:13 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut3.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut4.exe
+ 2008-09-19 18:00:13 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut4.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut5.exe
+ 2008-09-19 18:00:13 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut5.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut6.exe
+ 2008-09-19 18:00:12 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut6.exe
- 2008-02-20 15:28:43 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut8.exe
+ 2008-09-19 18:00:12 61,440 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut8.exe
- 2008-02-20 15:28:43 49,152 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut901.exe
+ 2008-09-19 18:00:13 49,152 ----a-r C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut901.exe
- 2008-08-22 07:07:15 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe
+ 2008-09-19 00:58:32 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe
+ 2008-09-18 18:32:36 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe" [2008-02-16 54272]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-15 917504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk
backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zlaja^Start Menu^Programs^Startup^Ovulation Calendar.lnk]
path=C:\Documents and Settings\Zlaja\Start Menu\Programs\Startup\Ovulation Calendar.lnk
backup=C:\WINDOWS\pss\Ovulation Calendar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-02-22 23:21 32768 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-02-22 22:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 12:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-09 22:05 133104 C:\Documents and Settings\Zlaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-16 21:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2005-09-28 15:15 90112 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\BACKUP\\Ivana Igrice\\Tenis Pro\\DMTP2.08\\Dream Match Tennis Pro.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"C:\\Program Files\\netGangsters\\simGangster (2007)\\simgangster.exe"=
"C:\\Program Files\\Global Star Software\\Jetfighter V\\Game.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"C:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zlaja\Application Data\Mozilla\Firefox\Profiles\9b0vfa9w.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Documents and Settings\Zlaja\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-23 22:27:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-23 22:32:27
ComboFix-quarantined-files.txt 2008-09-23 20:31:23
ComboFix2.txt 2008-09-17 23:29:31
ComboFix3.txt 2008-09-16 22:04:47

Pre-Run: 6,289,879,040 bytes free
Post-Run: 6,379,716,608 bytes free

247

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:Opet je Nod32 poceo da mi izbacuje neke poruke kada pokrenem firefox.

"Neke poruke" mi baš i ne govori puno. Preciznije.



Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\temps


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

NOD32 mi je izbacio upozorenje za Win32/Patched.M virus

"Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe."

Dopuna: 25 Sep 2008 10:23

Sad mi je izbacio upozorenje za Win32/Netsky.C worm

Dopuna: 27 Sep 2008 9:37

Uradio ovo poslednje stgo mi je napisano.
Cini mi se da jos uvek ima nekih virusa.

Evo ga log fajl:

ComboFix 08-09-26.01 - Zlaja 2008-09-27 9:17:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.226 [GMT 2:00]
Running from: C:\Documents and Settings\Zlaja\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zlaja\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temps

.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-24 02:01 . 2008-09-24 02:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-24 02:01 . 2008-09-24 01:58 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-09-24 01:55 . 2008-09-24 02:01 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-09-24 01:13 . 2008-09-26 14:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-24 01:13 . 2008-09-24 01:13 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\PC Tools
2008-09-24 01:13 . 2008-09-27 04:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-24 01:13 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-24 01:13 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-24 01:13 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-24 01:13 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-24 01:04 . 2008-09-24 01:04 <DIR> d-------- C:\Program Files\IKEA HomePlanner
2008-09-24 01:03 . 2008-09-24 01:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 23:38 . 2008-09-23 23:58 <DIR> d-------- C:\Program Files\Exterminate It!
2008-09-21 02:30 . 2008-09-21 02:32 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-09-20 11:13 . 2008-09-20 11:43 <DIR> d-------- C:\Documents and Settings\Zlaja\DoctorWeb
2008-09-19 02:56 . 2008-09-19 02:56 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-18 20:32 . 2008-09-20 03:24 250 --a------ C:\WINDOWS\gmer.ini
2008-09-15 19:50 . 2008-09-15 19:51 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\BarbieIP
2008-09-15 02:41 . 2008-09-15 02:40 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-15 02:41 . 2008-09-15 02:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-09-12 20:28 . 2008-09-12 20:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-09-07 20:19 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-09-07 20:19 . 2008-09-07 20:20 <DIR> d-------- C:\Documents and Settings\Zlaja\.SimpleCenter
2008-09-07 20:18 . 2008-09-07 20:19 <DIR> d-------- C:\Program Files\SimpleCenter
2008-09-07 20:11 . 2008-09-07 20:11 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-29 17:48 . 2008-08-29 17:48 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\Disney Interactive Studios
2008-08-29 17:37 . 2008-08-29 17:37 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-08-29 17:36 . 2008-08-29 17:36 <DIR> d-------- C:\Documents and Settings\Zlaja\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 17:14 --------- d-----w C:\Program Files\ESET
2008-09-19 00:56 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-19 00:55 --------- d-----w C:\Program Files\Nokia
2008-09-15 17:17 --------- d-----w C:\Program Files\Activision
2008-09-14 03:09 91,136 ----a-w C:\WINDOWS\system32\msgsvc.dll
2008-09-13 06:32 --------- d-----w C:\Program Files\Build in Time
2008-09-08 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-07 18:15 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\PC Suite
2008-09-06 09:50 --------- d-----w C:\Program Files\HyperVRE
2008-08-29 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 11:36 --------- d-----w C:\Documents and Settings\Zlaja\Application Data\ScannerData
2008-08-22 07:04 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-16 06:53 --------- d-----w C:\Program Files\Opera
2008-08-10 09:14 --------- d-----w C:\Program Files\Battleship
2008-08-06 18:44 --------- d-----w C:\Program Files\Fantasysoft-Studio
2008-08-06 10:52 3,001 --sha-w C:\Documents and Settings\Zlaja\ppUser.dat
2008-08-02 12:11 --------- d-----w C:\Program Files\Google
2008-08-02 11:27 --------- d-----w C:\Program Files\Nobilis
2008-07-29 21:20 --------- d-----w C:\Program Files\Ubisoft
2008-07-29 08:04 --------- d-----w C:\Program Files\SysSense
2008-07-28 14:55 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-07-28 14:49 --------- d-----w C:\Program Files\BearPaw 2400CU Plus
2008-05-13 14:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2004-08-04 00:56 14336 1242f3a2ba2edab2cedd8209feab86a9 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe" [2008-02-16 54272]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-15 917504]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk
backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zlaja^Start Menu^Programs^Startup^Ovulation Calendar.lnk]
path=C:\Documents and Settings\Zlaja\Start Menu\Programs\Startup\Ovulation Calendar.lnk
backup=C:\WINDOWS\pss\Ovulation Calendar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-02-22 23:21 32768 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-02-22 22:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 12:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-09 22:05 133104 C:\Documents and Settings\Zlaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-16 21:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2005-09-28 15:15 90112 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\BACKUP\\Ivana Igrice\\Tenis Pro\\DMTP2.08\\Dream Match Tennis Pro.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Aspyr\\MTX\\Game\\MTX.exe"=
"C:\\Program Files\\netGangsters\\simGangster (2007)\\simgangster.exe"=
"C:\\Program Files\\Global Star Software\\Jetfighter V\\Game.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"C:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-09-24 160792]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-27 09:23:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-27 9:30:16
ComboFix-quarantined-files.txt 2008-09-27 07:30:05
ComboFix2.txt 2008-09-23 20:32:28
ComboFix3.txt 2008-09-17 23:29:31
ComboFix4.txt 2008-09-16 22:04:47

Pre-Run: 5,867,249,664 bytes free
Post-Run: 5,927,890,944 bytes free

183

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda čisto.

Zbog čega sumnjaš da ovde ima još malware-a?