Zaraza, bolest koja izmice kontroli...

1

Zaraza, bolest koja izmice kontroli...

offline
  • Evian 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 7

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:48 PM, on 4/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\PC\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [less hope] C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A3DD863-379D-45A4-A65F-7DEB12FB2CFF}: NameServer = 194.247.192.1 194.247.192.33
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6793 bytes

Mislim (laicki) da mi je komp vec duze vreme zarazen i AVG mi nista nije detektovao pa sam ga zamenila sa NOD32 koji mi je detektovao razne "viruse". Ali ne mogu sve da ih obrisem niti mi prijavljuje sve. Primer:

Arrow File C:\System Volume Information\_restore{9B5E8DDC-C6AE-40FD-B0D5-FED3A1CFB212}\RP282\A0033322.exe is infected with multiple infiltrations.

Arrow File D:\System Volume Information\_restore{9B5E8DDC-C6AE-40FD-B0D5-FED3A1CFB212}\RP282\A0033321.exe is infected with multiple infiltrations.

Number of threats found: 4
Number of active threats: 2

(Napominjem da su ove brojke ocigledno promenljiva stavka, svako skeniranje drugi broj! Sad )

Takodje, imala sam nekog trojanca koji se zvao "Bat Chic" (izvinjavam se sto ne znam tacan naziv, mesto, ekstenziju itd...) i ja sam ga KAO obrisala, mada mislim da ga imam i dalje... Crying or Very sad

Internet je znatno sporiji, kao i bilo koje radnje na kompu. Pop up-ovi, sa Internet Explorer-a - iako koristim Mozilla-u, na sve strane pogotovo "Travian". I da, imam ADSL (trudim se da se drzim pravilnika Wink ).

Svakako bih kasnije (kada se resim tih virusa, sta li vec) oborila sistem, reinstalirala i tako to (naravno ne ja, vec neko kompetentan)... Zagusen je mnogo... Neutral

Svaka pomoc je dobrodosla i hvala u napred! Smajli

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8426
  • Gde živiš: Novi Beograd

Zdravo,

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

----------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Evian 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 7

Valjda sam ok odradila:

ComboFix 09-04-04.01 - PC 2009-04-06 21:44:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.435 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: NVIDIA Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\#aaifnt.ttf
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\weblin
2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\Stardock
2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\My Company Name
2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\cast comp second
2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\AskTBar
2009-04-06 00:25 . 2009-04-06 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Shim Cdrom Cast Surf
2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\DivoGames
2009-04-05 21:57 . 2009-04-05 21:54 512,096 --a------ c:\windows\system32\drivers\amon.sys
2009-04-05 21:57 . 2009-04-05 21:54 298,104 --a------ c:\windows\system32\imon.dll
2009-04-05 21:57 . 2009-04-05 21:54 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2009-04-05 20:07 . 2009-04-05 20:07 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-22 14:26 . 2006-07-28 10:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2009-03-22 14:26 . 2006-07-28 10:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2009-03-22 14:25 . 2005-05-26 16:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-03-13 20:30 . 2009-03-13 20:30 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-13 20:30 . 2009-03-13 20:30 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 16:03 --------- d-----w c:\documents and settings\PC\Application Data\cast comp second
2009-04-05 20:12 --------- d-----w c:\program files\ESET
2009-04-05 18:07 --------- d-----w c:\documents and settings\PC\Application Data\MegauploadToolbar
2009-04-05 15:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-30 20:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 18:53 --------- d-----w c:\program files\FreeGamePick.com
2009-02-24 21:30 --------- d-----w c:\program files\FunPause Atlantis
2009-02-16 23:00 --------- d-----w c:\documents and settings\PC\Application Data\Lavasoft
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-06 19:37 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-12-20 13:41 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 13:41 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 13:41 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 13:41 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 13:41 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"less hope"="c:\docume~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe" [2009-02-08 616448]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-05 949376]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-07 113664]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-21 839680]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-02-16 11:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-04-05 15424]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-01-21 114616]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-01-21 63555]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208]
.
Contents of the 'Scheduled Tasks' folder

2008-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]

2009-04-06 c:\windows\Tasks\B566A7AF91855373.job
- c:\docume~1\pc\applic~1\castco~1\wma funk file.exe [2009-02-08 19:51]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {5A3DD863-379D-45A4-A65F-7DEB12FB2CFF} = 194.247.192.1 194.247.192.33
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\8bosahn5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-06 21:45:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\imon.dll
c:\windows\system32\nvappfilter.dll
.
Completion time: 2009-04-06 21:46:23
ComboFix-quarantined-files.txt 2009-04-06 19:45:59

Pre-Run: 4,468,822,016 bytes free
Post-Run: 4,538,863,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

152 --- E O F --- 2009-03-11 19:14:38

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8426
  • Gde živiš: Novi Beograd

Uploaduj mi:
c:\docume~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe

i

c:\docume~1\pc\applic~1\castco~1\wma funk file.exe

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Evian 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 7

Upload-ovala sam, a u tom folderu koji se zove "cast comp second", pored trazenih "Vc Mail-a" i "wma funk file-a" imam ih jos 4. Sa nekim "cudnim" nazivima...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8426
  • Gde živiš: Novi Beograd

Preuzmi Lop S&D na Desktop.
Dvoklikom pokreni LopSD.exe
Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK
Odaberi opciju 1 - Search kucajući 1 i Enter
Sačekaj nekoliko minuta da program završi skeniranje
Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u

Iskopiraj dobijeni log u temu na forumu.

offline
  • Evian 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 7

Izvoli(te) i hvala:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : PC ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : NVIDIA Firewall 1.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:119 Go (Free:7 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 04/06/2009|22:39 )

--------------------\\ Listing folders in APPLIC~1

[01/17/2008|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems
[02/08/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/21/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/17/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[01/17/2008|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/06/2009|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DivoGames
[04/06/2009|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier
[01/28/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/09/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IM
[11/09/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IncrediMail
[03/06/2009|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/06/2009|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Shim Cdrom Cast Surf
[04/05/2009|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[03/27/2008|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[11/05/2008|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/15/2008|02:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[04/05/2009|10:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/05/2009|10:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[01/17/2008|05:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> ACD Systems
[12/03/2008|01:41] C:\DOCUME~1\PC\APPLIC~1\<DIR> Adobe
[01/21/2008|12:15] C:\DOCUME~1\PC\APPLIC~1\<DIR> Apple Computer
[01/17/2008|01:18] C:\DOCUME~1\PC\APPLIC~1\<DIR> ATI
[04/06/2009|06:03] C:\DOCUME~1\PC\APPLIC~1\<DIR> cast comp second
[01/21/2008|12:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> CyberLink
[01/20/2008|11:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> DivX
[12/22/2008|06:13] C:\DOCUME~1\PC\APPLIC~1\<DIR> GetRightToGo
[02/20/2008|01:59] C:\DOCUME~1\PC\APPLIC~1\<DIR> Help
[01/28/2008|01:36] C:\DOCUME~1\PC\APPLIC~1\<DIR> HP
[01/15/2008|03:22] C:\DOCUME~1\PC\APPLIC~1\<DIR> Identities
[12/29/2008|03:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Image Zone Express
[02/17/2009|01:00] C:\DOCUME~1\PC\APPLIC~1\<DIR> Lavasoft
[01/22/2008|04:43] C:\DOCUME~1\PC\APPLIC~1\<DIR> Macromedia
[01/20/2008|11:58] C:\DOCUME~1\PC\APPLIC~1\<DIR> Media Player Classic
[04/05/2009|08:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> MegauploadToolbar
[02/15/2009|06:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Microsoft
[01/22/2008|01:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Mozilla
[01/17/2008|05:06] C:\DOCUME~1\PC\APPLIC~1\<DIR> RadLight Company
[02/17/2008|07:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Sun
[01/20/2008|11:05] C:\DOCUME~1\PC\APPLIC~1\<DIR> Winamp
[11/05/2008|10:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> zweitgeist

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/06/2009 10:00 PM][--ah-----] C:\WINDOWS\tasks\B566A7AF91855373.job
[01/21/2008 12:11 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/06/2009 09:46 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 03:07 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B566A7AF91855373.job )=( c:\docume~1\pc\applic~1\castco~1\wmafunkfile.exe )

--------------------\\ Listing Folders in C:\Program Files

[01/17/2008|05:08] C:\Program Files\<DIR> ACD Systems
[07/07/2008|11:51] C:\Program Files\<DIR> Adobe
[01/17/2008|04:57] C:\Program Files\<DIR> Ahead
[01/21/2008|12:11] C:\Program Files\<DIR> Apple Software Update
[04/06/2009|12:25] C:\Program Files\<DIR> AskTBar
[01/17/2008|01:08] C:\Program Files\<DIR> ATI Technologies
[03/27/2008|02:27] C:\Program Files\<DIR> Autodesk
[01/17/2008|12:45] C:\Program Files\<DIR> AvRack
[04/06/2009|12:25] C:\Program Files\<DIR> cast comp second
[04/06/2009|09:44] C:\Program Files\<DIR> Common Files
[01/15/2008|02:53] C:\Program Files\<DIR> ComPlus Applications
[01/17/2008|04:55] C:\Program Files\<DIR> CyberLink
[01/20/2008|11:20] C:\Program Files\<DIR> DivX
[01/07/2009|06:19] C:\Program Files\<DIR> EA GAMES
[04/05/2009|08:07] C:\Program Files\<DIR> Enigma Software Group
[04/05/2009|10:12] C:\Program Files\<DIR> ESET
[01/21/2008|12:12] C:\Program Files\<DIR> Flash Movie Player
[01/21/2008|12:12] C:\Program Files\<DIR> FLVPlayer
[02/26/2009|08:53] C:\Program Files\<DIR> FreeGamePick.com
[02/24/2009|11:30] C:\Program Files\<DIR> FunPause Atlantis
[04/06/2009|12:25] C:\Program Files\<DIR> Grisoft
[01/21/2008|10:54] C:\Program Files\<DIR> Hewlett Packard
[01/21/2008|10:52] C:\Program Files\<DIR> Hewlett-Packard
[01/28/2008|01:32] C:\Program Files\<DIR> HP
[03/30/2009|10:50] C:\Program Files\<DIR> InstallShield Installation Information
[12/10/2008|04:41] C:\Program Files\<DIR> Internet Explorer
[01/29/2008|10:12] C:\Program Files\<DIR> Java
[01/17/2008|05:06] C:\Program Files\<DIR> K-Lite Codec Pack
[03/05/2008|06:02] C:\Program Files\<DIR> MegauploadToolbar
[09/07/2008|12:17] C:\Program Files\<DIR> Messenger
[01/17/2008|05:16] C:\Program Files\<DIR> Microsoft ActiveSync
[11/07/2008|11:47] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[01/15/2008|02:57] C:\Program Files\<DIR> microsoft frontpage
[12/22/2008|06:24] C:\Program Files\<DIR> Microsoft Office
[11/05/2008|12:50] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[01/17/2008|05:15] C:\Program Files\<DIR> Microsoft Visual Studio
[01/17/2008|05:15] C:\Program Files\<DIR> Microsoft Works
[01/17/2008|05:15] C:\Program Files\<DIR> Microsoft.NET
[01/15/2008|02:54] C:\Program Files\<DIR> Movie Maker
[04/06/2009|09:51] C:\Program Files\<DIR> Mozilla Firefox
[12/22/2008|06:24] C:\Program Files\<DIR> MSECache
[01/20/2008|10:07] C:\Program Files\<DIR> MSN
[01/15/2008|02:53] C:\Program Files\<DIR> MSN Gaming Zone
[01/23/2008|02:31] C:\Program Files\<DIR> MSXML 4.0
[04/06/2009|12:25] C:\Program Files\<DIR> My Company Name
[01/15/2008|02:55] C:\Program Files\<DIR> NetMeeting
[03/27/2008|02:27] C:\Program Files\<DIR> Netscape
[01/17/2008|12:43] C:\Program Files\<DIR> NVIDIA Corporation
[01/17/2008|05:05] C:\Program Files\<DIR> On2 Technologies
[01/15/2008|02:53] C:\Program Files\<DIR> Online Services
[01/23/2008|02:35] C:\Program Files\<DIR> Outlook Express
[11/05/2008|05:40] C:\Program Files\<DIR> QuickTime
[01/17/2008|05:06] C:\Program Files\<DIR> RadLight Company
[01/17/2008|05:00] C:\Program Files\<DIR> Real
[01/17/2008|12:45] C:\Program Files\<DIR> Realtek AC97
[01/17/2008|12:45] C:\Program Files\<DIR> Realtek Sound Manager
[04/05/2009|05:21] C:\Program Files\<DIR> Registry Mechanic
[11/14/2008|07:08] C:\Program Files\<DIR> Rockstar Games
[01/21/2008|11:41] C:\Program Files\<DIR> SAGEM
[05/25/2008|04:46] C:\Program Files\<DIR> Screamer Radio
[04/06/2009|12:25] C:\Program Files\<DIR> Stardock
[01/15/2008|03:22] C:\Program Files\<DIR> Uninstall Information
[04/06/2009|12:25] C:\Program Files\<DIR> weblin
[01/17/2008|04:54] C:\Program Files\<DIR> Winamp
[11/05/2008|10:34] C:\Program Files\<DIR> Windows Live
[01/23/2008|02:36] C:\Program Files\<DIR> Windows Media Player
[01/15/2008|02:53] C:\Program Files\<DIR> Windows NT
[01/15/2008|02:56] C:\Program Files\<DIR> WindowsUpdate
[02/16/2009|08:00] C:\Program Files\<DIR> WinRAR
[01/17/2008|04:53] C:\Program Files\<DIR> WinZip
[01/15/2008|02:57] C:\Program Files\<DIR> xerox
[01/23/2008|02:14] C:\Program Files\<DIR> Zuma Deluxe

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/17/2008|05:08] C:\Program Files\Common Files\<DIR> ACD Systems
[07/07/2008|11:51] C:\Program Files\Common Files\<DIR> Adobe
[01/17/2008|04:57] C:\Program Files\Common Files\<DIR> Ahead
[01/17/2008|05:16] C:\Program Files\Common Files\<DIR> DESIGNER
[01/28/2008|01:32] C:\Program Files\Common Files\<DIR> HP
[01/17/2008|01:07] C:\Program Files\Common Files\<DIR> InstallShield
[01/29/2008|10:07] C:\Program Files\Common Files\<DIR> Java
[01/17/2008|05:16] C:\Program Files\Common Files\<DIR> L&H
[03/13/2009|08:30] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/15/2008|02:55] C:\Program Files\Common Files\<DIR> MSSoap
[01/15/2008|03:34] C:\Program Files\Common Files\<DIR> ODBC
[01/15/2008|02:55] C:\Program Files\Common Files\<DIR> Services
[01/15/2008|03:34] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/06/2009|07:40] C:\Program Files\Common Files\<DIR> SWF Studio
[01/23/2008|02:35] C:\Program Files\Common Files\<DIR> System
[11/05/2008|12:40] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[01/21/2008|10:53] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 40 Processes )

... OK !

--------------------\\ Searching with S_Lop

C:\DOCUME~1\PC\APPLIC~1\CASTCO~1
C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\aqhevchg.exe
C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\bczkvuwf.exe
C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\dzdhsbwy.exe
C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\oxcairgc.exe
C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe
C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\wma funk file.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Bat Chic.exe
C:\DOCUME~1\PC\APPLIC~1\castco~1
C:\DOCUME~1\PC\APPLIC~1\castco~1\aqhevchg.exe
C:\DOCUME~1\PC\APPLIC~1\castco~1\bczkvuwf.exe
C:\DOCUME~1\PC\APPLIC~1\castco~1\dzdhsbwy.exe
C:\DOCUME~1\PC\APPLIC~1\castco~1\oxcairgc.exe
C:\DOCUME~1\PC\APPLIC~1\castco~1\Vc Mail.exe
C:\DOCUME~1\PC\APPLIC~1\castco~1\wma funk file.exe
C:\Program Files\castco~1
C:\WINDOWS\Tasks\B566A7AF91855373.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BoobDoesWin]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\PC\\APPLIC~1\\CASTCO~1\\Vc Mail.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"less hope"="C:\\DOCUME~1\\PC\\APPLIC~1\\CASTCO~1\\Vc Mail.exe"
"less hope"="C:\\DOCUME~1\\PC\\APPLIC~1\\CASTCO~1\\Vc Mail.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-06 22:40:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Searching for other infections

--------------------\\ (zabranjeno)s & Keygens ..

C:\DOCUME~1\PC\Desktop\S\(zabranjeno)
C:\DOCUME~1\PC\Desktop\S\(zabranjeno)\Sims2.exe


[F:6][D:0]-> C:\DOCUME~1\PC\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\PC\Cookies
[F:2][D:0]-> C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 04/06/2009|22:42 - Option : [1]

--------------------\\ Scan completed at 22:42:16

Dopuna: 07 Apr 2009 14:50

Evo sta mi je NOD32 izbacio:

File:
C:\System Volume Information\_restore{9B5E8DDC-C6AE-40FD-B0D5-FED...\A0033048.exe

Threat:
a variant of Win32/TrojanDownloader.Swizzor.NBF trojan

Event occured on a file modified by the application:

C:\WINOWS\System32\svchost.exe

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8426
  • Gde živiš: Novi Beograd

Ponovo ćemo koristiti program Lop S&D.
Dvoklikom pokreni LopSD.exe
Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK
Odaberi opciju 2 - Fix + Hosts kucajući 2 i Enter
Sačekaj da program završi skeniranje/čišćenje
Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u

Iskopiraj dobijeni log u temu na forumu.

offline
  • Evian 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2009
  • Poruke: 7

Evo...i sve vreme mi je javljao dok sam to skenirala da imam zarazu!
I to C:\Lop SD\Backup-Lop\DOCUME~1\PC\APPLIC~1\CASTCO~1\wma funk file.exe kao i onaj VC Mail + jos 4 pomenuta sa "cudnim" nazivima!

LOG:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : PC ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : NVIDIA Firewall 1.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:119 Go (Free:7 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Tue 04/07/2009|19:41 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Bat Chic.exe
Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\aqhevchg.exe
Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\bczkvuwf.exe
Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\dzdhsbwy.exe
Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\oxcairgc.exe
Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\Vc Mail.exe
Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\wma funk file.exe
Deleted! - C:\WINDOWS\Tasks\B566A7AF91855373.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf
Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1
Deleted! - C:\Program Files\castco~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[01/17/2008|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems
[02/08/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/21/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/17/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[01/17/2008|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/06/2009|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DivoGames
[04/06/2009|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier
[01/28/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/09/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IM
[11/09/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IncrediMail
[03/06/2009|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/05/2009|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[03/27/2008|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[11/05/2008|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/15/2008|02:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[04/05/2009|10:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/05/2009|10:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[01/17/2008|05:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> ACD Systems
[12/03/2008|01:41] C:\DOCUME~1\PC\APPLIC~1\<DIR> Adobe
[01/21/2008|12:15] C:\DOCUME~1\PC\APPLIC~1\<DIR> Apple Computer
[01/17/2008|01:18] C:\DOCUME~1\PC\APPLIC~1\<DIR> ATI
[01/21/2008|12:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> CyberLink
[01/20/2008|11:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> DivX
[12/22/2008|06:13] C:\DOCUME~1\PC\APPLIC~1\<DIR> GetRightToGo
[02/20/2008|01:59] C:\DOCUME~1\PC\APPLIC~1\<DIR> Help
[01/28/2008|01:36] C:\DOCUME~1\PC\APPLIC~1\<DIR> HP
[01/15/2008|03:22] C:\DOCUME~1\PC\APPLIC~1\<DIR> Identities
[12/29/2008|03:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Image Zone Express
[02/17/2009|01:00] C:\DOCUME~1\PC\APPLIC~1\<DIR> Lavasoft
[01/22/2008|04:43] C:\DOCUME~1\PC\APPLIC~1\<DIR> Macromedia
[01/20/2008|11:58] C:\DOCUME~1\PC\APPLIC~1\<DIR> Media Player Classic
[04/05/2009|08:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> MegauploadToolbar
[02/15/2009|06:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Microsoft
[01/22/2008|01:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Mozilla
[01/17/2008|05:06] C:\DOCUME~1\PC\APPLIC~1\<DIR> RadLight Company
[02/17/2008|07:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Sun
[01/20/2008|11:05] C:\DOCUME~1\PC\APPLIC~1\<DIR> Winamp
[11/05/2008|10:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> zweitgeist

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/21/2008 12:11 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/07/2009 07:38 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 03:07 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/17/2008|05:08] C:\Program Files\<DIR> ACD Systems
[07/07/2008|11:51] C:\Program Files\<DIR> Adobe
[01/17/2008|04:57] C:\Program Files\<DIR> Ahead
[01/21/2008|12:11] C:\Program Files\<DIR> Apple Software Update
[04/06/2009|12:25] C:\Program Files\<DIR> AskTBar
[01/17/2008|01:08] C:\Program Files\<DIR> ATI Technologies
[03/27/2008|02:27] C:\Program Files\<DIR> Autodesk
[01/17/2008|12:45] C:\Program Files\<DIR> AvRack
[04/06/2009|09:44] C:\Program Files\<DIR> Common Files
[01/15/2008|02:53] C:\Program Files\<DIR> ComPlus Applications
[01/17/2008|04:55] C:\Program Files\<DIR> CyberLink
[01/20/2008|11:20] C:\Program Files\<DIR> DivX
[01/07/2009|06:19] C:\Program Files\<DIR> EA GAMES
[04/05/2009|08:07] C:\Program Files\<DIR> Enigma Software Group
[04/05/2009|10:12] C:\Program Files\<DIR> ESET
[01/21/2008|12:12] C:\Program Files\<DIR> Flash Movie Player
[01/21/2008|12:12] C:\Program Files\<DIR> FLVPlayer
[02/26/2009|08:53] C:\Program Files\<DIR> FreeGamePick.com
[02/24/2009|11:30] C:\Program Files\<DIR> FunPause Atlantis
[04/06/2009|12:25] C:\Program Files\<DIR> Grisoft
[01/21/2008|10:54] C:\Program Files\<DIR> Hewlett Packard
[01/21/2008|10:52] C:\Program Files\<DIR> Hewlett-Packard
[01/28/2008|01:32] C:\Program Files\<DIR> HP
[03/30/2009|10:50] C:\Program Files\<DIR> InstallShield Installation Information
[12/10/2008|04:41] C:\Program Files\<DIR> Internet Explorer
[01/29/2008|10:12] C:\Program Files\<DIR> Java
[01/17/2008|05:06] C:\Program Files\<DIR> K-Lite Codec Pack
[03/05/2008|06:02] C:\Program Files\<DIR> MegauploadToolbar
[09/07/2008|12:17] C:\Program Files\<DIR> Messenger
[01/17/2008|05:16] C:\Program Files\<DIR> Microsoft ActiveSync
[11/07/2008|11:47] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[01/15/2008|02:57] C:\Program Files\<DIR> microsoft frontpage
[12/22/2008|06:24] C:\Program Files\<DIR> Microsoft Office
[11/05/2008|12:50] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[01/17/2008|05:15] C:\Program Files\<DIR> Microsoft Visual Studio
[01/17/2008|05:15] C:\Program Files\<DIR> Microsoft Works
[01/17/2008|05:15] C:\Program Files\<DIR> Microsoft.NET
[01/15/2008|02:54] C:\Program Files\<DIR> Movie Maker
[04/07/2009|07:39] C:\Program Files\<DIR> Mozilla Firefox
[12/22/2008|06:24] C:\Program Files\<DIR> MSECache
[01/20/2008|10:07] C:\Program Files\<DIR> MSN
[01/15/2008|02:53] C:\Program Files\<DIR> MSN Gaming Zone
[01/23/2008|02:31] C:\Program Files\<DIR> MSXML 4.0
[04/06/2009|12:25] C:\Program Files\<DIR> My Company Name
[01/15/2008|02:55] C:\Program Files\<DIR> NetMeeting
[03/27/2008|02:27] C:\Program Files\<DIR> Netscape
[01/17/2008|12:43] C:\Program Files\<DIR> NVIDIA Corporation
[01/17/2008|05:05] C:\Program Files\<DIR> On2 Technologies
[01/15/2008|02:53] C:\Program Files\<DIR> Online Services
[01/23/2008|02:35] C:\Program Files\<DIR> Outlook Express
[11/05/2008|05:40] C:\Program Files\<DIR> QuickTime
[01/17/2008|05:06] C:\Program Files\<DIR> RadLight Company
[01/17/2008|05:00] C:\Program Files\<DIR> Real
[01/17/2008|12:45] C:\Program Files\<DIR> Realtek AC97
[01/17/2008|12:45] C:\Program Files\<DIR> Realtek Sound Manager
[04/05/2009|05:21] C:\Program Files\<DIR> Registry Mechanic
[11/14/2008|07:08] C:\Program Files\<DIR> Rockstar Games
[01/21/2008|11:41] C:\Program Files\<DIR> SAGEM
[05/25/2008|04:46] C:\Program Files\<DIR> Screamer Radio
[04/06/2009|12:25] C:\Program Files\<DIR> Stardock
[01/15/2008|03:22] C:\Program Files\<DIR> Uninstall Information
[04/06/2009|12:25] C:\Program Files\<DIR> weblin
[01/17/2008|04:54] C:\Program Files\<DIR> Winamp
[11/05/2008|10:34] C:\Program Files\<DIR> Windows Live
[01/23/2008|02:36] C:\Program Files\<DIR> Windows Media Player
[01/15/2008|02:53] C:\Program Files\<DIR> Windows NT
[01/15/2008|02:56] C:\Program Files\<DIR> WindowsUpdate
[02/16/2009|08:00] C:\Program Files\<DIR> WinRAR
[01/17/2008|04:53] C:\Program Files\<DIR> WinZip
[01/15/2008|02:57] C:\Program Files\<DIR> xerox
[01/23/2008|02:14] C:\Program Files\<DIR> Zuma Deluxe

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/17/2008|05:08] C:\Program Files\Common Files\<DIR> ACD Systems
[07/07/2008|11:51] C:\Program Files\Common Files\<DIR> Adobe
[01/17/2008|04:57] C:\Program Files\Common Files\<DIR> Ahead
[01/17/2008|05:16] C:\Program Files\Common Files\<DIR> DESIGNER
[01/28/2008|01:32] C:\Program Files\Common Files\<DIR> HP
[01/17/2008|01:07] C:\Program Files\Common Files\<DIR> InstallShield
[01/29/2008|10:07] C:\Program Files\Common Files\<DIR> Java
[01/17/2008|05:16] C:\Program Files\Common Files\<DIR> L&H
[03/13/2009|08:30] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/15/2008|02:55] C:\Program Files\Common Files\<DIR> MSSoap
[01/15/2008|03:34] C:\Program Files\Common Files\<DIR> ODBC
[01/15/2008|02:55] C:\Program Files\Common Files\<DIR> Services
[01/15/2008|03:34] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/06/2009|07:40] C:\Program Files\Common Files\<DIR> SWF Studio
[01/23/2008|02:35] C:\Program Files\Common Files\<DIR> System
[11/05/2008|12:40] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[01/21/2008|10:53] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 41 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-07 19:42:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Searching for other infections

--------------------\\ (zabranjeno)s & Keygens ..

C:\DOCUME~1\PC\Desktop\S\(zabranjeno)
C:\DOCUME~1\PC\Desktop\S\(zabranjeno)\Sims2.exe


[F:5][D:4]-> C:\DOCUME~1\PC\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\PC\Cookies
[F:364][D:4]-> C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 04/06/2009|22:42 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Tue 04/07/2009|19:44 - Option : [2]

--------------------\\ Scan completed at 19:44:29

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8426
  • Gde živiš: Novi Beograd

Uradi sledece:

Klikni Start > Run i kucaj:

notepad C:\WINDOWS\tasks\SA.DAT

kopiraj mi sadrzaj fajla.

Ko je trenutno na forumu
 

Ukupno su 349 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 344 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, danilopu, goxin, Pohovani_00, slonic_tonic