MyCity » Ambulanta -> Arhiva Ambulante » Uporni spyware

Uporni spyware

Napisano na dan: 4.2.2008

Uporni spyware

Sledeća strana

Pagination

Odgovori

v1lenjak Poslao: 04 Feb 2008 00:54 Idi na vrh
offline v1lenjak Novi MyCity građanin Pridružio: 06 Jul 2006 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Naime... Smara me je neki Windows-ov servis, pojavio mu u Trayu kao X, i izbaci poruku "System is infected with spyware...." Evo i screenshotova... i19.photobucket.com/albums/b184/v1lenjak/untitled.jpg i19.photobucket.com/albums/b184/v1lenjak/untitled2.jpg A evo shta kaze Hijack log.. Logfile of HijackThis v1.99.1 Scan saved at 12:31:20 AM, on 2/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Spyware Terminator\SpywareTerminator.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Total Commander\TOTALCMD.EXE C:\Documents and Settings\Davor Zigic\Desktop\tr3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvtug.dll,startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe Hvala unapred, Davor Zigic

Profil

bobby Poslao: 04 Feb 2008 05:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

v1lenjak Poslao: 04 Feb 2008 10:47 Idi na vrh
offline v1lenjak Novi MyCity građanin Pridružio: 06 Jul 2006 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-02.03.1 - Davor Zigic 2008-02-04 10:32:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.225 [GMT 1:00] Running from: C:\Documents and Settings\Davor Zigic\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\sysogg.dll ----- BITS: Possible infected sites ----- hxxp://msgr.dlservice.microsoft.com hxxp://www.download.windowsupdate.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FMTR ((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))) . 2008-02-04 05:26 . 2008-02-04 05:26 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-02-04 01:37 . 2008-02-04 02:17 410 --a------ C:\WINDOWS\wininit.ini 2008-02-04 00:56 . 2008-02-04 00:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-04 00:56 . 2008-02-04 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-04 00:12 . 2008-02-04 03:56 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-02-04 00:12 . 2008-02-04 05:26 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Spyware Terminator 2008-02-04 00:12 . 2008-02-04 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-02-03 18:42 . 2008-02-03 18:42 15,872 --a------ C:\WINDOWS\system32\drvtug.dll 2008-02-02 19:59 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-02 19:59 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-02-02 19:59 . 2000-03-17 08:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-02-02 19:59 . 2000-03-17 08:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-02-02 19:59 . 2002-04-24 12:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-02-02 19:59 . 2002-04-09 17:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca 2008-02-02 19:59 . 2002-10-17 10:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\WINDOWS\Profiles 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\InterTrust 2008-02-02 19:58 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-02-02 19:46 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys 2008-02-02 19:46 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys 2008-02-02 19:36 . 2008-02-02 20:35 <DIR> d-------- C:\Program Files\Ubisoft 2008-02-01 14:09 . 2008-02-01 14:09 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-01 14:09 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-01 14:09 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-01 14:09 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-01 14:09 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-01 14:09 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-01 14:09 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-01 14:09 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-01 13:53 . 2008-02-01 13:56 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\wide 2008-02-01 13:53 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-02-01 02:24 . 2008-02-01 02:24 <DIR> d-------- C:\Program Files\LeeGTs Games 2008-01-31 21:13 . 2008-01-31 21:13 23,040 --a------ C:\WINDOWS\system32\winexz32.dll 2008-01-28 00:28 . 2008-01-28 00:32 <DIR> d-------- C:\Program Files\MP3 Converter Simple 2008-01-28 00:28 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll 2008-01-28 00:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-28 00:28 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-01-28 00:28 . 2002-07-09 22:42 140,288 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2008-01-28 00:26 . 2008-01-28 00:32 <DIR> d-------- C:\Program Files\HooTech 2008-01-26 16:59 . 2008-01-26 16:59 <DIR> d---s---- C:\Documents and Settings\Davor Zigic\UserData 2008-01-26 09:08 . 2008-01-26 09:08 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Yahoo! 2008-01-26 09:08 . 2008-01-26 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-25 19:21 . 2008-01-25 19:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-25 02:54 . 2008-01-25 02:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-01-25 02:54 . 2008-01-25 02:54 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Program Files\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-01-23 22:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-01-22 19:32 . 2008-01-22 19:32 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Samsung 2008-01-22 04:18 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-01-22 04:18 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys 2008-01-22 04:14 . 2008-01-22 04:14 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-01-22 04:14 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-01-22 04:14 . 2007-05-02 11:12 109,704 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-01-22 04:14 . 2007-05-02 11:12 83,592 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-01-22 04:14 . 2007-05-02 11:12 15,112 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-01-22 04:14 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-01-22 04:14 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-22 04:13 . 2008-01-22 04:13 <DIR> d-------- C:\Program Files\Samsung 2008-01-22 04:12 . 2008-01-22 04:12 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\GRETECH 2008-01-22 04:11 . 2008-01-22 04:11 <DIR> d-------- C:\Program Files\GRETECH 2008-01-22 04:11 . 2008-01-22 04:11 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\ICQ 2008-01-22 04:10 . 2008-01-22 04:17 <DIR> d-------- C:\Program Files\ICQ6 2008-01-22 04:07 . 2008-01-22 04:07 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-01-22 04:04 . 2008-01-22 04:04 <DIR> d-------- C:\Program Files\Google 2008-01-22 04:01 . 2008-01-22 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-04 09:28 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\Skype 2008-02-04 09:27 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\skypePM 2008-02-04 04:27 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\X-Chat 2 2008-02-02 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-30 22:01 --------- d-----w C:\Program Files\xchat 2008-01-25 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-22 03:00 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\Winamp 2008-01-22 02:58 --------- d-----w C:\Program Files\Winamp 2008-01-22 02:53 --------- d-----w C:\Program Files\Last.fm 2008-01-22 02:52 --------- d-----w C:\Program Files\Common Files\Logitech 2008-01-22 02:51 --------- d-----w C:\Program Files\Logitech 2008-01-22 02:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-22 02:46 --------- d-----w C:\Program Files\Skype 2008-01-22 02:46 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-22 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-22 02:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-22 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-22 02:21 --------- d-----w C:\Program Files\Opera 2008-01-22 02:17 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-22 02:11 --------- d-----w C:\Program Files\Windows Live 2008-01-22 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller 2008-01-22 02:01 --------- d-----w C:\Program Files\Realtek AC97 2008-01-22 02:01 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-22 01:56 --------- d-----w C:\Program Files\Total Commander 2008-01-22 01:47 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-07 09:23 177400] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "MSDisp32"="C:\WINDOWS\system32\drvtug.dll" [2008-02-03 18:42 15872] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-04 00:12 2834432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:56 15360] C:\Documents and Settings\Davor Zigic\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-22 03:53:08 106496] Ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-02-02 19:59:24 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32] wincqt32.dll R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-04 05:26] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-04 10:40:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180] -> C:\WINDOWS\system32\drvtug.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2008-02-04 10:41:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-04 09:41:35

Profil

bobby Poslao: 04 Feb 2008 19:17 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nadji mi sledece fajlove: C:\WINDOWS\system32\drvtug.dll wincqt32 Za ovaj drugi ne znam putanju, ali probaj ga potraziti u C:\Windows, C:\Windows\System32 ili C:\Windows\System32\Wbem Kada ih nadjes, uploaduj mi ih preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

v1lenjak Poslao: 04 Feb 2008 23:23 Idi na vrh
offline v1lenjak Novi MyCity građanin Pridružio: 06 Jul 2006 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao sam ovaj prvi,medjutim ovaj drugi ne mogu nigde da pronadjem,niti u tim tvojim predpostavkama,niti ovako gde sam ja trazio...

Profil

dr_Bora Poslao: 05 Feb 2008 20:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Kolega je zauzet pa ću ti ja dati dalja uputstva... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\drvtug.dll C:\WINDOWS\system32\winexz32.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSDisp32"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

v1lenjak Poslao: 05 Feb 2008 21:43 Idi na vrh
offline v1lenjak Novi MyCity građanin Pridružio: 06 Jul 2006 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-02.03.1 - Davor Zigic 2008-02-05 21:25:26.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.138 [GMT 1:00] Running from: C:\Documents and Settings\Davor Zigic\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Davor Zigic\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))) . 2008-02-05 05:43 . 2008-02-05 05:43 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-04 13:34 . 2008-02-04 23:10 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-02-04 05:26 . 2008-02-04 05:26 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-02-04 01:37 . 2008-02-04 02:17 410 --a------ C:\WINDOWS\wininit.ini 2008-02-04 00:56 . 2008-02-04 00:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-04 00:56 . 2008-02-04 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-04 00:12 . 2008-02-04 03:56 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-02-04 00:12 . 2008-02-04 05:26 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Spyware Terminator 2008-02-04 00:12 . 2008-02-04 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-02-03 18:42 . 2008-02-03 18:42 15,872 --a------ C:\WINDOWS\system32\drvtug.dll 2008-02-02 19:59 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-02 19:59 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-02-02 19:59 . 2000-03-17 08:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-02-02 19:59 . 2000-03-17 08:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-02-02 19:59 . 2002-04-24 12:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-02-02 19:59 . 2002-04-09 17:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca 2008-02-02 19:59 . 2002-10-17 10:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\WINDOWS\Profiles 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\InterTrust 2008-02-02 19:58 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-02-02 19:46 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys 2008-02-02 19:46 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys 2008-02-02 19:36 . 2008-02-02 20:35 <DIR> d-------- C:\Program Files\Ubisoft 2008-02-01 14:09 . 2008-02-01 14:09 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-01 14:09 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-01 14:09 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-01 14:09 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-01 14:09 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-01 14:09 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-01 14:09 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-01 14:09 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-01 13:53 . 2008-02-01 13:56 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\wide 2008-02-01 13:53 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-02-01 02:24 . 2008-02-01 02:24 <DIR> d-------- C:\Program Files\LeeGTs Games 2008-01-31 21:13 . 2008-01-31 21:13 23,040 --a------ C:\WINDOWS\system32\winexz32.dll 2008-01-28 00:28 . 2008-01-28 00:32 <DIR> d-------- C:\Program Files\MP3 Converter Simple 2008-01-28 00:28 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll 2008-01-28 00:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-28 00:28 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-01-28 00:28 . 2002-07-09 22:42 140,288 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2008-01-28 00:26 . 2008-01-28 00:32 <DIR> d-------- C:\Program Files\HooTech 2008-01-26 16:59 . 2008-01-26 16:59 <DIR> d---s---- C:\Documents and Settings\Davor Zigic\UserData 2008-01-26 09:08 . 2008-01-26 09:08 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Yahoo! 2008-01-26 09:08 . 2008-01-26 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-25 19:21 . 2008-01-25 19:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-25 02:54 . 2008-01-25 02:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-01-25 02:54 . 2008-01-25 02:54 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Program Files\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-01-23 22:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-01-22 19:32 . 2008-01-22 19:32 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Samsung 2008-01-22 04:18 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-01-22 04:18 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys 2008-01-22 04:14 . 2008-01-22 04:14 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-01-22 04:14 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-01-22 04:14 . 2007-05-02 11:12 109,704 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-01-22 04:14 . 2007-05-02 11:12 83,592 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-01-22 04:14 . 2007-05-02 11:12 15,112 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-01-22 04:14 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-01-22 04:14 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-22 04:13 . 2008-01-22 04:13 <DIR> d-------- C:\Program Files\Samsung 2008-01-22 04:12 . 2008-01-22 04:12 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\GRETECH 2008-01-22 04:11 . 2008-01-22 04:11 <DIR> d-------- C:\Program Files\GRETECH 2008-01-22 04:11 . 2008-01-22 04:11 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\ICQ 2008-01-22 04:10 . 2008-01-22 04:17 <DIR> d-------- C:\Program Files\ICQ6 2008-01-22 04:07 . 2008-01-22 04:07 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-01-22 04:04 . 2008-01-22 04:04 <DIR> d-------- C:\Program Files\Google 2008-01-22 04:01 . 2008-01-22 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 20:27 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\X-Chat 2 2008-02-05 20:19 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\Skype 2008-02-05 15:19 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\skypePM 2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-02 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-30 22:01 --------- d-----w C:\Program Files\xchat 2008-01-25 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-22 03:00 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\Winamp 2008-01-22 02:58 --------- d-----w C:\Program Files\Winamp 2008-01-22 02:53 --------- d-----w C:\Program Files\Last.fm 2008-01-22 02:52 --------- d-----w C:\Program Files\Common Files\Logitech 2008-01-22 02:51 --------- d-----w C:\Program Files\Logitech 2008-01-22 02:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-22 02:46 --------- d-----w C:\Program Files\Skype 2008-01-22 02:46 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-22 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-22 02:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-22 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-22 02:21 --------- d-----w C:\Program Files\Opera 2008-01-22 02:17 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-22 02:11 --------- d-----w C:\Program Files\Windows Live 2008-01-22 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller 2008-01-22 02:01 --------- d-----w C:\Program Files\Realtek AC97 2008-01-22 01:56 --------- d-----w C:\Program Files\Total Commander 2008-01-22 01:47 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-07 09:23 177400] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-04 00:12 2834432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:56 15360] C:\Documents and Settings\Davor Zigic\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-22 03:53:08 106496] Ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-02-02 19:59:24 28672] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-04 05:26] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-05 21:30:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-05 21:30:41 ComboFix-quarantined-files.txt 2008-02-05 20:30:37 ComboFix2.txt 2008-02-04 09:41:40 I zelim da Vam se zahvalim na pruzenoj pomoci,vec sam poludeo od silnog iskakanja tog "oblaka" i window-a... Hvala josh jednom, Davor Zigic

Profil

dr_Bora Poslao: 05 Feb 2008 22:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da nisi baš u potpunosti ispratio prethodno uputstvo (trebalo je da iskopiraš sve što se nalazi unutar kod polja). No... Obriši sledeće file-ove: C:\WINDOWS\system32\drvtug.dll C:\WINDOWS\system32\winexz32.dll Javi da li je bilo problema oko brisanja... Takođe, napiši da li sada primetiš kakve probleme.

Profil

v1lenjak Poslao: 06 Feb 2008 10:05 Idi na vrh
offline v1lenjak Novi MyCity građanin Pridružio: 06 Jul 2006 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da,moja greshka,nisam kopirao ono FILE:: Medjutim,evo,odradio sam to ponovo (nadam se da sme) i evo ... Koliko vidim,on je sam obrisao te fajlove sto si rekao.. ComboFix 08-02.03.1 - Davor Zigic 2008-02-06 9:53:33.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.87 [GMT 1:00] Running from: C:\Documents and Settings\Davor Zigic\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Davor Zigic\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\drvtug.dll C:\WINDOWS\system32\winexz32.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drvtug.dll C:\WINDOWS\system32\winexz32.dll . ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))) . 2008-02-05 05:43 . 2008-02-05 05:43 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-04 13:34 . 2008-02-04 23:10 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-02-04 05:26 . 2008-02-04 05:26 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-02-04 01:37 . 2008-02-04 02:17 410 --a------ C:\WINDOWS\wininit.ini 2008-02-04 00:56 . 2008-02-04 00:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-04 00:56 . 2008-02-04 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-04 00:12 . 2008-02-04 03:56 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-02-04 00:12 . 2008-02-04 05:26 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Spyware Terminator 2008-02-04 00:12 . 2008-02-04 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-02-02 19:59 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-02 19:59 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-02-02 19:59 . 2000-03-17 08:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-02-02 19:59 . 2000-03-17 08:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-02-02 19:59 . 2002-04-24 12:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-02-02 19:59 . 2002-04-09 17:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca 2008-02-02 19:59 . 2002-10-17 10:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\WINDOWS\Profiles 2008-02-02 19:58 . 2008-02-05 23:35 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\InterTrust 2008-02-02 19:58 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-02-02 19:46 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys 2008-02-02 19:46 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys 2008-02-02 19:36 . 2008-02-02 20:35 <DIR> d-------- C:\Program Files\Ubisoft 2008-02-01 14:09 . 2008-02-01 14:09 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-01 14:09 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-01 14:09 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-01 14:09 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-01 14:09 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-01 14:09 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-01 14:09 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-01 14:09 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-01 13:53 . 2008-02-01 13:56 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\wide 2008-02-01 13:53 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-02-01 02:24 . 2008-02-01 02:24 <DIR> d-------- C:\Program Files\LeeGTs Games 2008-01-28 00:28 . 2008-01-28 00:32 <DIR> d-------- C:\Program Files\MP3 Converter Simple 2008-01-28 00:28 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll 2008-01-28 00:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-28 00:28 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-01-28 00:28 . 2002-07-09 22:42 140,288 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2008-01-28 00:26 . 2008-01-28 00:32 <DIR> d-------- C:\Program Files\HooTech 2008-01-26 16:59 . 2008-01-26 16:59 <DIR> d---s---- C:\Documents and Settings\Davor Zigic\UserData 2008-01-26 09:08 . 2008-01-26 09:08 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Yahoo! 2008-01-26 09:08 . 2008-01-26 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-25 19:21 . 2008-01-25 19:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-25 02:54 . 2008-01-25 02:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-01-25 02:54 . 2008-01-25 02:54 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Program Files\ACD Systems 2008-01-25 02:53 . 2008-01-25 02:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-01-23 22:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-01-22 19:32 . 2008-01-22 19:32 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\Samsung 2008-01-22 04:18 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-01-22 04:18 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys 2008-01-22 04:14 . 2008-01-22 04:14 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-01-22 04:14 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-01-22 04:14 . 2007-05-02 11:12 109,704 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-01-22 04:14 . 2007-05-02 11:12 83,592 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-01-22 04:14 . 2007-05-02 11:12 15,112 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-01-22 04:14 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-01-22 04:14 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-01-22 04:14 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-22 04:13 . 2008-01-22 04:13 <DIR> d-------- C:\Program Files\Samsung 2008-01-22 04:12 . 2008-01-22 04:12 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\GRETECH 2008-01-22 04:11 . 2008-01-22 04:11 <DIR> d-------- C:\Program Files\GRETECH 2008-01-22 04:11 . 2008-01-22 04:11 <DIR> d-------- C:\Documents and Settings\Davor Zigic\Application Data\ICQ 2008-01-22 04:10 . 2008-01-22 04:17 <DIR> d-------- C:\Program Files\ICQ6 2008-01-22 04:07 . 2008-01-22 04:07 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-01-22 04:04 . 2008-01-22 04:04 <DIR> d-------- C:\Program Files\Google 2008-01-22 04:01 . 2008-01-22 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 08:49 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\Skype 2008-02-06 07:05 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\skypePM 2008-02-05 20:27 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\X-Chat 2 2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-02 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-30 22:01 --------- d-----w C:\Program Files\xchat 2008-01-25 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-22 03:00 --------- d-----w C:\Documents and Settings\Davor Zigic\Application Data\Winamp 2008-01-22 02:58 --------- d-----w C:\Program Files\Winamp 2008-01-22 02:53 --------- d-----w C:\Program Files\Last.fm 2008-01-22 02:52 --------- d-----w C:\Program Files\Common Files\Logitech 2008-01-22 02:51 --------- d-----w C:\Program Files\Logitech 2008-01-22 02:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-22 02:46 --------- d-----w C:\Program Files\Skype 2008-01-22 02:46 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-22 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-22 02:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-22 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-22 02:21 --------- d-----w C:\Program Files\Opera 2008-01-22 02:17 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-22 02:11 --------- d-----w C:\Program Files\Windows Live 2008-01-22 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller 2008-01-22 02:01 --------- d-----w C:\Program Files\Realtek AC97 2008-01-22 01:56 --------- d-----w C:\Program Files\Total Commander 2008-01-22 01:47 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-07 09:23 177400] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-04 00:12 2834432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:56 15360] C:\Documents and Settings\Davor Zigic\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-22 03:53:08 106496] Ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-02-02 19:59:24 28672] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-04 05:26] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-06 09:58:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-06 9:59:18 ComboFix-quarantined-files.txt 2008-02-06 08:59:10 ComboFix2.txt 2008-02-05 20:30:43 ComboFix3.txt 2008-02-04 09:41:40

Profil

dr_Bora Poslao: 06 Feb 2008 17:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Uporni spyware

Ko je trenutno na forumu

Ukupno su 1287 korisnika na forumu :: 58 registrovanih, 7 sakrivenih i 1222 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, _Petar, aramis s, Atomski čoban, Ben Roj, Bobrock1, botta, comi_pfc, dane007, darkangel, Denaya, DPera, Dukelander, Excalibur13, flash12, gmlale, Istman, jukeboxer, kalens021, kjkszpj, Koridor, Krusarac, kubura91, kunktator, kybonacci, Litostroton, ljuba, LUDI, Luka Blažević, Magistar78, Marko Marković, mačković, mercedesamg, mik7, MILICAT, Mixelotti, Nemanja.M, nemkea71, oldtimer, pein, raptorsi, repac, Romibrat, rovac, sasa87, Sirius, SR-3m, theNedjeljko, tubular, Viceroy, VJ, vladulns, vobo, voja64, wizzardone, wolf431, Wrangler, yufighter

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by