Upomoc trojanac

Upomoc trojanac

offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

imam andtivirus Avast 4.6 home edition prepoznaje fajl trojanski konj kojeg nemogu da izbrisem putem avasta imam. Pa vas molim da mi pomognete. Unapred Hvala!!! ako vam teba log od hijack thisa imam ga a takodje imam i combo fix i vundo.....

offline
  • Pridružio: 12 Jan 2004
  • Poruke: 9661
  • Gde živiš: Čačak

Za pocetak ispostuje pravila ovog foruma:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

Logfile of HijackThis v1.99.1
Scan saved at 03:06, on 2008-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\viwsvc.exe
C:\DOCUME~1\Ivan\LOCALS~1\Temp\34.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Winamp\winamp.exe
E:\INSTALL\POMOC ZA VIRUSE\PROGRAMI ZA BRISANJE VIRUSA\TR2.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Video Input] viwsvc.exe
O4 - HKLM\..\Run: [NvGraphicsInterface] C:\DOCUME~1\Ivan\LOCALS~1\Temp\34.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Dopuna: 04 Feb 2008 15:39

ComboFix 08-02.03.1 - Ivan 2008-02-06 3:33:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.240 [GMT 1:00]
Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://thenetworkcom.com
hxxp://77.91.228.188
.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-04 13:21 . 2008-02-02 23:36 76,800 -r-hs---- C:\WINDOWS\system32\viwsvc.exe
2008-02-04 11:17 . 2008-02-04 11:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 11:17 . 2008-02-04 11:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 08:18 . 2008-02-03 09:02 <DIR> d-------- C:\Downloads
2008-02-03 08:06 . 2008-02-03 08:06 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-02-03 07:43 . 2008-02-03 15:53 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Orbit
2008-02-03 01:59 . 2008-02-03 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-03 01:54 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-03 01:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-01 12:40 . 2008-02-01 14:07 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 Black
2008-02-01 12:33 . 2008-02-02 04:49 <DIR> d-------- C:\Program Files\Achilles-Script 3.7
2008-01-28 10:22 . 2008-01-28 10:22 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Talkback
2008-01-28 10:22 . 2008-01-28 10:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 02:12 . 2008-01-27 02:44 73,284 --ah----- C:\lastscan.jpg
2008-01-26 11:28 . 2008-01-26 11:32 <DIR> d-------- C:\Program Files\Mv2Player
2008-01-25 10:09 . 2008-01-25 10:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-23 01:58 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-23 01:58 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-01-23 01:58 . 2008-01-23 01:58 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-23 01:58 . 2008-01-23 01:58 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-01-23 01:57 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-23 01:57 . 2008-01-23 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-16 09:40 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-16 09:39 . 2008-01-16 09:40 <DIR> d-------- C:\Program Files\Java
2008-01-16 09:33 . 2008-01-16 09:33 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-15 13:45 . 2008-01-15 14:45 147 --a------ C:\WINDOWS\wininit.ini
2008-01-15 13:08 . 2008-01-16 07:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 10:47 . 2008-01-15 10:47 <DIR> d-------- C:\Program Files\Winamp
2008-01-15 10:47 . 2008-02-05 12:26 132 --a------ C:\WINDOWS\winamp.ini
2008-01-12 10:32 . 2008-01-12 10:32 <DIR> d-------- C:\Program Files\mIRC
2008-01-12 10:22 . 2008-01-12 10:22 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-01-10 04:27 . 2008-01-10 04:27 102,856 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-08 01:57 . 2008-01-08 01:57 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-01-08 01:56 . 2008-01-16 07:14 <DIR> d-------- C:\Program Files\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 02:08 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.3 Black
2008-01-23 00:59 --------- d-----w C:\Program Files\AutoCAD 2004
2008-01-08 00:50 --------- d-----w C:\Program Files\D-Tools
2008-01-01 00:46 326,656 ----a-w C:\WINDOWS\system32\pmnlk.exe
2007-12-30 02:09 --------- d-----w C:\Program Files\EA GAMES
2007-12-28 01:15 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2007-12-27 11:42 --------- d-----w C:\Program Files\QuickTime
2007-12-27 11:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-27 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-25 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 03:21 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-24 13:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 13:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-24 13:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-24 13:07 22,328 ----a-w C:\Documents and Settings\Ivan\Application Data\PnkBstrK.sys
2007-12-24 12:52 --------- d-----w C:\Program Files\Activision
2007-12-24 11:46 --------- d-----w C:\Documents and Settings\Ivan\Application Data\DAEMON Tools
2007-12-24 11:40 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 10:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-24 09:00 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-12-19 10:57 --------- d-----w C:\Program Files\InterVideo
2007-12-19 10:57 --------- d-----w C:\Program Files\InterActual
2007-12-19 10:57 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-12-19 10:57 --------- d-----w C:\Documents and Settings\Ivan\Application Data\InterVideo
2007-12-19 10:56 --------- d-----w C:\Program Files\Creative
2007-12-14 23:11 --------- d-----w C:\Program Files\Macrogaming
2007-12-13 08:56 --------- d-----w C:\Program Files\Real
2007-12-11 03:32 --------- d-----w C:\Program Files\Autodesk
2007-12-11 03:32 --------- d-----w C:\Documents and Settings\Ivan\Application Data\Autodesk
2007-12-06 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-06 11:26 --------- d-----w C:\Program Files\Webteh
2007-12-06 08:58 --------- d-----w C:\Program Files\IVT Corporation
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 21:28 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.
<pre>
----a-w            40,048 2007-12-25 03:19:43  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            81,920 2008-01-08 00:49:19  C:\Program Files\D-Tools\daemon .exe
----a-w         1,694,208 2007-12-31 22:24:23  C:\Program Files\Messenger\msmsgs .exe
----a-w            15,360 2007-12-28 01:15:28  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-04 00:15 4554752]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2008-01-16 06:34 372736]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-16 02:53 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Video Input"="viwsvc.exe" [2008-02-02 23:36 76800 C:\WINDOWS\system32\viwsvc.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-09-04 00:15 4554752 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-09-04 00:15 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-09-04 00:15 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC7Player]
C:\Program Files\HHVcdV7Sys\VC7Play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2006-04-27 16:18 344064 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 14:50]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 15:20]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 14:49]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254a0a9-9e4a-11dc-aa3e-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-06 03:34:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-06 3:35:19
ComboFix-quarantined-files.txt 2008-02-06 02:35:04
.
2008-01-10 22:17:11 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\viwsvc.exe
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\pmnlk.exe

RenV::
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\D-Tools\daemon .exe
C:\Program Files\Messenger\msmsgs .exe
C:\WINDOWS\system32\ctfmon .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Video Input"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

Cao Boro. Uradio sam kako si rekao!

ComboFix 08-02.03.1 - Ivan 2008-02-06 7:10:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.261 [GMT 1:00]
Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ivan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\pmnlk.exe
C:\WINDOWS\system32\viwsvc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtqnkj.dll
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\pmnlk.exe
C:\WINDOWS\system32\viwsvc.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 03:40 . 2008-02-06 03:40 <DIR> d-------- C:\VundoFix Backups
2008-02-04 11:17 . 2008-02-04 11:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 11:17 . 2008-02-04 11:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 08:18 . 2008-02-03 09:02 <DIR> d-------- C:\Downloads
2008-02-03 07:43 . 2008-02-03 15:53 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Orbit
2008-02-03 01:59 . 2008-02-03 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-03 01:54 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-03 01:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-01 12:40 . 2008-02-01 14:07 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 Black
2008-02-01 12:33 . 2008-02-02 04:49 <DIR> d-------- C:\Program Files\Achilles-Script 3.7
2008-01-28 10:22 . 2008-01-28 10:22 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Talkback
2008-01-28 10:22 . 2008-01-28 10:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 02:12 . 2008-01-27 02:44 73,284 --ah----- C:\lastscan.jpg
2008-01-26 11:28 . 2008-01-26 11:32 <DIR> d-------- C:\Program Files\Mv2Player
2008-01-25 10:09 . 2008-01-25 10:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-23 01:58 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-23 01:58 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-01-23 01:58 . 2008-01-23 01:58 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-23 01:58 . 2008-01-23 01:58 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-01-23 01:57 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-23 01:57 . 2008-01-23 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-16 09:40 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-16 09:39 . 2008-01-16 09:40 <DIR> d-------- C:\Program Files\Java
2008-01-16 09:33 . 2008-01-16 09:33 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-15 13:45 . 2008-01-15 14:45 147 --a------ C:\WINDOWS\wininit.ini
2008-01-15 13:08 . 2008-01-16 07:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 10:47 . 2008-01-15 10:47 <DIR> d-------- C:\Program Files\Winamp
2008-01-15 10:47 . 2008-02-06 03:47 132 --a------ C:\WINDOWS\winamp.ini
2008-01-12 10:32 . 2008-01-12 10:32 <DIR> d-------- C:\Program Files\mIRC
2008-01-12 10:22 . 2008-01-12 10:22 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-01-08 01:57 . 2008-01-08 01:57 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-01-08 01:56 . 2008-01-16 07:14 <DIR> d-------- C:\Program Files\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 06:10 --------- d-----w C:\Program Files\D-Tools
2008-02-06 02:08 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.3 Black
2008-01-23 00:59 --------- d-----w C:\Program Files\AutoCAD 2004
2007-12-30 02:09 --------- d-----w C:\Program Files\EA GAMES
2007-12-27 11:42 --------- d-----w C:\Program Files\QuickTime
2007-12-27 11:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-27 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-25 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 03:21 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-24 13:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 13:07 22,328 ----a-w C:\Documents and Settings\Ivan\Application Data\PnkBstrK.sys
2007-12-24 12:52 --------- d-----w C:\Program Files\Activision
2007-12-24 11:46 --------- d-----w C:\Documents and Settings\Ivan\Application Data\DAEMON Tools
2007-12-24 11:40 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 10:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-24 09:00 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-12-19 10:57 --------- d-----w C:\Program Files\InterVideo
2007-12-19 10:57 --------- d-----w C:\Program Files\InterActual
2007-12-19 10:57 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-12-19 10:57 --------- d-----w C:\Documents and Settings\Ivan\Application Data\InterVideo
2007-12-19 10:56 --------- d-----w C:\Program Files\Creative
2007-12-14 23:11 --------- d-----w C:\Program Files\Macrogaming
2007-12-13 08:56 --------- d-----w C:\Program Files\Real
2007-12-11 03:32 --------- d-----w C:\Program Files\Autodesk
2007-12-11 03:32 --------- d-----w C:\Documents and Settings\Ivan\Application Data\Autodesk
2007-12-06 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-06 11:26 --------- d-----w C:\Program Files\Webteh
2007-12-06 08:58 --------- d-----w C:\Program Files\IVT Corporation
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-28 02:15 15360]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-31 23:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-04 00:15 4554752]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2008-01-16 06:34 372736]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-16 02:53 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9AA57522-2ECD-47DF-BD38-20E7E577A464}"= C:\WINDOWS\system32\awtqnkj.dll [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-09-04 00:15 4554752 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-09-04 00:15 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-09-04 00:15 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC7Player]
C:\Program Files\HHVcdV7Sys\VC7Play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2006-04-27 16:18 344064 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 14:50]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 15:20]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 14:49]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254a0a9-9e4a-11dc-aa3e-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca92bde-bd84-11dc-b5cd-d56693ddc2cb}]
\Shell\AutoRun\command - G:\Autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-06 07:13:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-06 7:14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 06:14:24
ComboFix2.txt 2008-02-06 02:35:20
.
2008-01-10 22:17:11 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Idemo još jednom...


Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9AA57522-2ECD-47DF-BD38-20E7E577A464}"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

ComboFix 08-02.03.1 - Ivan 2008-02-06 9:26:43.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.278 [GMT 1:00]
Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ivan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 03:40 . 2008-02-06 03:40 <DIR> d-------- C:\VundoFix Backups
2008-02-04 11:17 . 2008-02-04 11:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 11:17 . 2008-02-04 11:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 08:18 . 2008-02-03 09:02 <DIR> d-------- C:\Downloads
2008-02-03 07:43 . 2008-02-03 15:53 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Orbit
2008-02-03 01:59 . 2008-02-03 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-03 01:54 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-03 01:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-01 12:40 . 2008-02-01 14:07 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 Black
2008-02-01 12:33 . 2008-02-02 04:49 <DIR> d-------- C:\Program Files\Achilles-Script 3.7
2008-01-28 10:22 . 2008-01-28 10:22 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Talkback
2008-01-28 10:22 . 2008-01-28 10:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 02:12 . 2008-01-27 02:44 73,284 --ah----- C:\lastscan.jpg
2008-01-26 11:28 . 2008-01-26 11:32 <DIR> d-------- C:\Program Files\Mv2Player
2008-01-25 10:09 . 2008-01-25 10:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-23 01:58 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-23 01:58 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-01-23 01:58 . 2008-01-23 01:58 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-23 01:58 . 2008-01-23 01:58 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-01-23 01:57 . 2008-01-23 01:58 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-23 01:57 . 2008-01-23 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-16 09:40 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-16 09:39 . 2008-01-16 09:40 <DIR> d-------- C:\Program Files\Java
2008-01-16 09:33 . 2008-01-16 09:33 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-15 13:45 . 2008-01-15 14:45 147 --a------ C:\WINDOWS\wininit.ini
2008-01-15 13:08 . 2008-01-16 07:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 10:47 . 2008-01-15 10:47 <DIR> d-------- C:\Program Files\Winamp
2008-01-15 10:47 . 2008-02-06 03:47 132 --a------ C:\WINDOWS\winamp.ini
2008-01-12 10:32 . 2008-01-12 10:32 <DIR> d-------- C:\Program Files\mIRC
2008-01-12 10:22 . 2008-01-12 10:22 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-01-08 01:57 . 2008-01-08 01:57 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-01-08 01:56 . 2008-01-16 07:14 <DIR> d-------- C:\Program Files\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 06:10 --------- d-----w C:\Program Files\D-Tools
2008-02-06 02:08 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.3 Black
2008-01-23 00:59 --------- d-----w C:\Program Files\AutoCAD 2004
2007-12-30 02:09 --------- d-----w C:\Program Files\EA GAMES
2007-12-28 01:15 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-27 11:42 --------- d-----w C:\Program Files\QuickTime
2007-12-27 11:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-27 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-25 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 03:21 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-24 13:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 13:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-24 13:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-24 13:07 22,328 ----a-w C:\Documents and Settings\Ivan\Application Data\PnkBstrK.sys
2007-12-24 12:52 --------- d-----w C:\Program Files\Activision
2007-12-24 11:46 --------- d-----w C:\Documents and Settings\Ivan\Application Data\DAEMON Tools
2007-12-24 11:40 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 10:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-24 09:00 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-12-19 10:57 --------- d-----w C:\Program Files\InterVideo
2007-12-19 10:57 --------- d-----w C:\Program Files\InterActual
2007-12-19 10:57 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-12-19 10:57 --------- d-----w C:\Documents and Settings\Ivan\Application Data\InterVideo
2007-12-19 10:56 --------- d-----w C:\Program Files\Creative
2007-12-14 23:11 --------- d-----w C:\Program Files\Macrogaming
2007-12-13 08:56 --------- d-----w C:\Program Files\Real
2007-12-11 03:32 --------- d-----w C:\Program Files\Autodesk
2007-12-11 03:32 --------- d-----w C:\Documents and Settings\Ivan\Application Data\Autodesk
2007-12-06 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-06 11:26 --------- d-----w C:\Program Files\Webteh
2007-12-06 08:58 --------- d-----w C:\Program Files\IVT Corporation
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 21:28 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-28 02:15 15360]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-31 23:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-04 00:15 4554752]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2008-01-16 06:34 372736]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-16 02:53 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-09-04 00:15 4554752 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-09-04 00:15 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-09-04 00:15 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC7Player]
C:\Program Files\HHVcdV7Sys\VC7Play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2006-04-27 16:18 344064 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 14:50]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 15:20]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 14:49]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254a0a9-9e4a-11dc-aa3e-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-06 09:27:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-06 9:27:55
ComboFix-quarantined-files.txt 2008-02-06 08:27:47
ComboFix2.txt 2008-02-06 06:14:40
ComboFix3.txt 2008-02-06 02:35:20
.
2008-01-10 22:17:11 --- E O F ---

Dopuna: 04 Feb 2008 22:24

Jel to kraj???

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ko je trenutno na forumu
 

Ukupno su 816 korisnika na forumu :: 48 registrovanih, 6 sakrivenih i 762 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., babaroga, Botovac, branko7, Brot, cincarin, Cirkon, CrniGavran, DENIRO, Doca, Dorcolac, dragon986, Drug pukovnik, goxin, hatman, ikan, ivan1973, LeGrandCharles, lord sir giga, MB120mm, MegaVLAdaR, menges, mercedesamg, Mercury, miodrag, Mirage 2000N, Miskohd, Mixelotti, moldway, mrav pesadinac, mustangkg, ostoja, rodoljub, S-lash, sakota79, simazr, Sirius, Snorks, Srki94, stegonosa, suton, theNedjeljko, Toni, Trpe Grozni, uros, vasa.93, vlvl