MyCity » Ambulanta -> Arhiva Ambulante » Šta s ovim?

Šta s ovim?

Napisano na dan: 3.3.2008
1

Šta s ovim?
Sledeća strana Pagination

Idi na vrh

Poslao: 03 Mar 2008 13:58
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18454
  • Gde živiš: I ja se pitam...

Pre dva dana moj sin je s drugarom nešto radio na kompu i ovaj je flešom očigledno nešto preneo. Kada uključim komp pojavi se ovakvo upozorenje:



O čemu je reč?

Poslao: 03 Mar 2008 16:58
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Ne vidi se šta je u pitanju (slika je premala).

Ako misliš da ima veze sa malware-om:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 03 Mar 2008 17:43
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18454
  • Gde živiš: I ja se pitam...

Tako sam i mislio. Čistio sam sad komp, pa ako se ponovo pojavi, napraviću veći sshot. Hvala u svakom slučaju.

-----

Logfile of HijackThis v1.99.1
Scan saved at 17:40:51, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Documents and Settings\Administrator\Desktop\TEST FOLDER\TESTFILE.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - Startup: Adobe Gamma.lnk
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Evo i loga koji sam uradio po upustvu. On mi je usput rekao da ne brišem ništa dok ne pitam.

Poslao: 03 Mar 2008 18:44
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Jesi li neki svoj USB drive spajao u međuvremenu na kompjuter?
Ako jesi, isprati uputstvo za Flash_Disinfector.


Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.




-------------------------------------------------------------------------------------



Zatim pokreni HT, skeniraj i čekiraj sledeću liniju:

F2 - REG:system.ini: Shell=Explorer.exe activexdebugger32.exe

Klikni Fix Checked.



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 03 Mar 2008 20:20
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18454
  • Gde živiš: I ja se pitam...

Uradio sam sve kako je rečeno. Evo loga. Hvala unapred.

ComboFix 08-03-03.15 - Administrator 2008-03-03 20:17:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.537 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-02-29 18:20 . 2002-11-20 21:16 180,224 --a------ C:\WINDOWS\system32\Ijl11.dll
2008-02-29 18:20 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-02-29 18:20 . 2001-11-22 15:00 24,626 --a------ C:\WINDOWS\system32\scrrntr.dll
2008-02-29 18:20 . 2007-03-27 15:25 20,480 --a------ C:\WINDOWS\system32\PAC.EXE.VIR
2008-02-28 07:45 . 2008-02-28 07:45 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-02-24 15:10 . 2008-02-24 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-24 15:08 . 2008-02-24 15:08 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-24 15:08 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-02-24 15:08 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-02-24 15:08 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-02-24 15:08 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-02-24 15:08 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-02-24 15:08 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-02-24 15:05 . 2005-07-29 21:55 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-24 15:05 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-24 15:05 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-24 15:05 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-24 15:05 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-21 10:05 . 2008-02-21 10:05 <DIR> d-------- C:\Program Files\PowerISO
2008-02-14 07:14 . 2008-02-14 07:14 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-13 23:16 . 2008-02-13 23:16 <DIR> d-------- C:\Program Files\Crawler
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-13 23:16 . 2008-03-03 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-08 07:40 . 2008-02-08 07:40 <DIR> d-------- C:\Program Files\Argente Software
2008-02-04 21:22 . 2008-03-02 12:55 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 21:17 . 2008-02-04 21:23 <DIR> d-------- C:\Program Files\ICQ6
2008-02-04 21:17 . 2008-02-04 21:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-02-03 11:28 . 2008-02-03 11:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Bitstream
2008-02-03 11:24 . 2008-02-28 22:01 2,984 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-02-03 11:24 . 2008-02-28 22:01 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\5D8A4B97B3.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 19:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-03-03 19:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-03 19:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-03-03 18:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-03-02 23:20 3,662 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-01 10:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-23 09:13 --------- d-----w C:\Program Files\Corel
2008-02-09 19:11 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-02-04 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 10:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-02 10:37 --------- d-----w C:\Program Files\PC Registry Cleaner
2008-01-31 18:28 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-01-31 18:27 --------- d-----w C:\Program Files\Mystery Case Files - Ravenhearst
2008-01-31 18:26 --------- d-----w C:\Program Files\BFG
2008-01-27 09:45 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-26 16:31 90,112 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 16:31 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2008-01-26 16:31 --------- d-----w C:\Program Files\TEXTware
2008-01-26 16:31 --------- d-----w C:\Program Files\IDM
2008-01-26 16:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-01-26 16:28 --------- d-----w C:\Program Files\Cambridge
2008-01-26 15:27 --------- d-----w C:\Program Files\3D Online Pool
2008-01-25 06:16 --------- d-----w C:\Program Files\Google
2008-01-23 15:41 --------- d-----w C:\Program Files\CDex_150
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-17 19:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-17 15:52 --------- d-----w C:\Program Files\YouTube Downloader
2008-01-15 13:41 --------- d-----w C:\Program Files\MagicISO
2008-01-14 14:53 --------- d-----w C:\Program Files\Common Files\Real
2008-01-13 11:06 --------- d-----w C:\Program Files\FLVPlayer
2008-01-12 23:09 --------- d-----w C:\Program Files\Microsoft
2008-01-12 18:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-01-12 18:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-12 15:19 --------- d-----w C:\Program Files\DNA
2008-01-12 15:19 --------- d-----w C:\Program Files\BitTorrent
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-12 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-12 14:27 --------- d-----w C:\Program Files\Bonjour
2008-01-12 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-01-12 14:22 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-12 14:02 --------- d-----w C:\Program Files\Warblade
2008-01-12 11:11 --------- d-----w C:\Program Files\Mustek 1200 UB Plus
2008-01-12 10:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-01-12 10:18 --------- d-----w C:\Program Files\WinSnap
2008-01-12 10:06 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 09:48 --------- d-----w C:\Program Files\Winamp
2008-01-12 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-01-11 22:14 --------- d-----w C:\Program Files\Avira
2008-01-11 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 21:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-11 21:11 --------- d-----w C:\Program Files\Skype
2008-01-11 21:11 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-11 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-11 20:42 --------- d-----w C:\Program Files\Yahoo!
2008-01-11 20:42 --------- d-----w C:\Program Files\CCleaner
2008-01-11 20:20 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-01-11 19:19 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-11 18:33 --------- d-----w C:\Program Files\TP-LINK
2008-01-11 18:27 --------- d-----w C:\Program Files\hp LaserJet 1000
2008-01-11 17:53 --------- d-----w C:\Program Files\XviD
2008-01-11 17:53 --------- d-----w C:\Program Files\Webteh
2008-01-11 17:53 --------- d-----w C:\Program Files\DivX
2008-01-11 17:53 --------- d-----w C:\Program Files\Crystal Player
2008-01-11 17:53 --------- d-----w C:\Program Files\AC3Filter
2008-01-11 15:36 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-11 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-11 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-11 14:20 --------- d-----w C:\Program Files\Common Files\L&H
2008-01-11 14:19 --------- d-----w C:\Program Files\Microsoft Works
2008-01-11 14:17 --------- d-----w C:\Program Files\CyberLink
2008-01-11 14:17 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-11 14:17 --------- d-----w C:\Program Files\Ahead
2008-01-11 14:16 --------- d-----w C:\Program Files\QuickTime Alternative
2008-01-11 14:16 --------- d-----w C:\Program Files\Media Player Classic
2008-01-11 14:16 --------- d-----w C:\Program Files\7-Zip
2008-01-11 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-11 14:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-11 14:10 --------- d-----w C:\Program Files\Unlocker
2007-12-20 22:11 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
.

------- Sigcheck -------

0601f83f6784c220ee302f03f702316e C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,448 2002-12-31 12:00:00 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:21 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-19 19:33 287040]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-11-27 23:45 588080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-24 18:56 171448]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 14:45 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 08:42 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-11 23:21 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-13 23:18 2834432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Watch.lnk - C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe [2008-01-12 12:11:30 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 17:11]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-14 07:14]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d432e5-e61f-11dc-a929-0013d43cf258}]
\Shell\Auto\command - H:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - H:\activexdebugger32.exe f
\Shell\open\Command - H:\activexdebugger32.exe f

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 20:19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 20:19:37
ComboFix2.txt 2008-03-03 19:16:12

Poslao: 03 Mar 2008 21:19
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj mi sledeće file-ove (ako možeš, upakuj ih u jedan zip, ako ne, onda pojedinačno):

C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll
C:\WINDOWS\system32\PAC.EXE.VIR


Upload link: http://www.mycity.rs/ambulanta-upload.php

Poslao: 03 Mar 2008 22:03
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18454
  • Gde živiš: I ja se pitam...

OK, poslao sam.
Kada sam hteo da uploadujem ovaj
C:\WINDOWS\system32\PAC.EXE.VIR
avira antivirus mi nije dao ga ga kopiram. Ja sam taj fajl obeležio za karantin i on je nestao odande. Da li sam dobro uradio? Ako nisam, kako da ga vratim iz karantina?

Poslao: 03 Mar 2008 22:50
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ne znam napamet nazive opcija za Aviru, tako da...
File je svejedno bio za brisanje. Hajde da počistimo i ovo ostalo...



Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d432e5-e61f-11dc-a929-0013d43cf258}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 04 Mar 2008 07:32
Idi na vrh
offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18454
  • Gde živiš: I ja se pitam...

ComboFix 08-03-03.15 - Administrator 2008-03-04 7:28:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\scrrntr.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-02-28 07:45 . 2008-02-28 07:45 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-02-24 15:10 . 2008-02-24 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-24 15:08 . 2008-02-24 15:08 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-24 15:08 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-02-24 15:08 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-02-24 15:08 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-02-24 15:08 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-02-24 15:08 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-02-24 15:08 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-02-24 15:08 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-02-24 15:05 . 2005-07-29 21:55 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-24 15:05 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-24 15:05 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-24 15:05 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-24 15:05 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-02-23 10:20 . 2008-02-23 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-21 10:05 . 2008-02-21 10:05 <DIR> d-------- C:\Program Files\PowerISO
2008-02-14 07:14 . 2008-02-14 07:14 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-13 23:16 . 2008-02-13 23:16 <DIR> d-------- C:\Program Files\Crawler
2008-02-13 23:16 . 2008-03-03 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-13 23:16 . 2008-03-03 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-08 07:40 . 2008-02-08 07:40 <DIR> d-------- C:\Program Files\Argente Software
2008-02-04 21:22 . 2008-03-02 12:55 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-04 21:17 . 2008-02-04 21:23 <DIR> d-------- C:\Program Files\ICQ6
2008-02-04 21:17 . 2008-02-04 21:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 06:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-03-04 06:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-03-04 06:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-04 06:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-03-02 23:20 3,662 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-01 10:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 21:01 88 --sh--r C:\Documents and Settings\All Users\Application Data\5D8A4B97B3.sys
2008-02-28 21:01 2,984 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-02-23 09:13 --------- d-----w C:\Program Files\Corel
2008-02-09 19:11 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-02-04 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 10:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bitstream
2008-02-03 10:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-02 10:37 --------- d-----w C:\Program Files\PC Registry Cleaner
2008-01-31 18:28 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-01-31 18:27 --------- d-----w C:\Program Files\Mystery Case Files - Ravenhearst
2008-01-31 18:26 --------- d-----w C:\Program Files\BFG
2008-01-27 09:45 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-26 16:31 90,112 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 16:31 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2008-01-26 16:31 --------- d-----w C:\Program Files\TEXTware
2008-01-26 16:31 --------- d-----w C:\Program Files\IDM
2008-01-26 16:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-01-26 16:28 --------- d-----w C:\Program Files\Cambridge
2008-01-26 15:27 --------- d-----w C:\Program Files\3D Online Pool
2008-01-25 06:16 --------- d-----w C:\Program Files\Google
2008-01-23 15:41 --------- d-----w C:\Program Files\CDex_150
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-17 19:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-17 15:52 --------- d-----w C:\Program Files\YouTube Downloader
2008-01-15 13:41 --------- d-----w C:\Program Files\MagicISO
2008-01-14 14:53 --------- d-----w C:\Program Files\Common Files\Real
2008-01-13 11:06 --------- d-----w C:\Program Files\FLVPlayer
2008-01-12 23:09 --------- d-----w C:\Program Files\Microsoft
2008-01-12 18:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-01-12 18:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-12 15:19 --------- d-----w C:\Program Files\DNA
2008-01-12 15:19 --------- d-----w C:\Program Files\BitTorrent
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-01-12 14:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-12 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-12 14:27 --------- d-----w C:\Program Files\Bonjour
2008-01-12 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-01-12 14:22 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-12 14:02 --------- d-----w C:\Program Files\Warblade
2008-01-12 11:11 --------- d-----w C:\Program Files\Mustek 1200 UB Plus
2008-01-12 10:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-01-12 10:18 --------- d-----w C:\Program Files\WinSnap
2008-01-12 10:06 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 09:48 --------- d-----w C:\Program Files\Winamp
2008-01-12 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-12 07:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-01-11 22:14 --------- d-----w C:\Program Files\Avira
2008-01-11 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 21:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-11 21:11 --------- d-----w C:\Program Files\Skype
2008-01-11 21:11 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-11 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-11 20:42 --------- d-----w C:\Program Files\Yahoo!
2008-01-11 20:42 --------- d-----w C:\Program Files\CCleaner
2008-01-11 20:20 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-01-11 19:19 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-11 18:33 --------- d-----w C:\Program Files\TP-LINK
2008-01-11 18:27 --------- d-----w C:\Program Files\hp LaserJet 1000
2008-01-11 17:53 --------- d-----w C:\Program Files\XviD
2008-01-11 17:53 --------- d-----w C:\Program Files\Webteh
2008-01-11 17:53 --------- d-----w C:\Program Files\DivX
2008-01-11 17:53 --------- d-----w C:\Program Files\Crystal Player
2008-01-11 17:53 --------- d-----w C:\Program Files\AC3Filter
2008-01-11 15:36 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-11 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-11 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-11 14:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-11 14:20 --------- d-----w C:\Program Files\Common Files\L&H
2008-01-11 14:19 --------- d-----w C:\Program Files\Microsoft Works
2008-01-11 14:17 --------- d-----w C:\Program Files\CyberLink
2008-01-11 14:17 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-11 14:17 --------- d-----w C:\Program Files\Ahead
2008-01-11 14:16 --------- d-----w C:\Program Files\QuickTime Alternative
2008-01-11 14:16 --------- d-----w C:\Program Files\Media Player Classic
2008-01-11 14:16 --------- d-----w C:\Program Files\7-Zip
2008-01-11 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-11 14:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-11 14:10 --------- d-----w C:\Program Files\Unlocker
2007-12-20 22:11 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
.

------- Sigcheck -------

0601f83f6784c220ee302f03f702316e C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,448 2002-12-31 12:00:00 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:21 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-19 19:33 287040]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-11-27 23:45 588080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-24 18:56 171448]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 14:45 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 08:42 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-11 23:21 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-13 23:18 2834432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Watch.lnk - C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe [2008-01-12 12:11:30 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 17:11]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-14 07:14]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 07:31:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 7:31:54
ComboFix-quarantined-files.txt 2008-03-04 06:31:52
ComboFix2.txt 2008-03-03 19:19:38
ComboFix3.txt 2008-03-03 19:16:12

Poslao: 04 Mar 2008 16:55
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

MyCity » Ambulanta -> Arhiva Ambulante » Šta s ovim?

Ko je trenutno na forumu
 

Ukupno su 885 korisnika na forumu :: 42 registrovanih, 7 sakrivenih i 836 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, _Rade, A.R.Chafee.Jr., Apok, bokisha253, Boris90, d bos, dane007, dika69, Džordžino, FOX, Georgius, gomago, goxin, hyla, janbo, Karla, Leonov, Metanoja, milutin134, MiroslavD, Mixelotti, mocnijogurt, moldway, pacika, powSrb, procesor, radoznao, sasa87, Sirius, Smiljke, stalja, suton, Toper, Trpe Grozni, vandrej, vathra, vladulns, wizzardone, ZetaMan, Zoca, 125