Poslao: 24 Sep 2008 19:53
|
offline
- Brok
- Moderator foruma
- Mihajlo Bogdanović
- Linux driver - fighter - warrior
- Pridružio: 04 Maj 2005
- Poruke: 3259
|
Danas sam naleteo na Internetu negde na trojanac. Kada sam restartovao sistem se podigao ali na desktopu ni jedna ikonica. Preko upravljača programa sam pokrenuo program Malwarebytes' Anti-Malware i on mi je našao 21 inficiranu datoteku, okačiću log ispod. Kada sam opet pokrenuo sistem sada je gotovo sve bilo ok, ali se odmah javio AV, preskenirao sam OS u Spybot - Search & Destroy, na kraju isto mi je dao 21 problem, kada sam kliknuo da ih popravim oglasio se AV i ugasio Spybot, tako da izveštaj iz njega nemam, osim screenshota (ako nešto znači). Takođe sam iz Opere dobijao ovo upozorenje:
I onda uradio skeniranje preko VirusRemover2008, i po skeniranju dobio ovaj izveštaj:
Desktop mi se izmenio a strelica miša se ponaša kao da je otvoren brauzer, na desktopu sam dobio ovu poruku:
A IE se otvara stalno sam od sebe sa ovim linkom:
xxxxxxxxxxxxxx
Screenshot iz Spybot:
Screenshot iz AV:
Malwarebytes' Anti-Malware log:
https://www.mycity.rs/must-login.png
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:54, on 24.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\folder\TR3.exe..exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: (no name) - {e0c7b854-d5ce-4db6-9804-be1438603d89} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: QXK Olive - {F79654F3-6D43-4262-A3A5-EDDDBEB42C29} - C:\WINDOWS\dfmlxbpkleq.dll
O3 - Toolbar: peltodgx - {81B1909C-E4E6-4928-8800-4633584B7AD0} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O21 - SSODL: onfwbsak - {00CA551F-B58F-4D6B-9F8B-2804DA4558DB} - C:\WINDOWS\onfwbsak.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 5908 bytes
|
|
|
|
|
Poslao: 24 Sep 2008 20:44
|
offline
- Brok
- Moderator foruma
- Mihajlo Bogdanović
- Linux driver - fighter - warrior
- Pridružio: 04 Maj 2005
- Poruke: 3259
|
Sada se desktop vratio u normalu.
ComboFix 08-09-24.01 - Administrator 2008-09-24 20:14:23.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.47 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dfmlxbpkleq.dll
C:\WINDOWS\jestertb.dll
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\hook.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-24 14:40 . 2008-09-24 14:40 29,696 --a------ C:\WINDOWS\system32\tdssserf1.dll
2008-09-24 14:35 . 2008-09-24 12:08 102,400 --a------ C:\WINDOWS\fbxrqtwn.exe
2008-09-23 08:06 . 2008-09-23 08:06 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-23 08:05 . 2008-09-23 08:05 <DIR> d-------- C:\Program Files\Real
2008-09-23 08:05 . 2008-09-23 08:06 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-23 07:45 . 2008-09-23 18:33 <DIR> d-------- C:\Program Files\Super Internet TV
2008-09-22 07:04 . 2008-09-22 07:04 73,983 --a------ C:\WINDOWS\WinVerCheck.exe
2008-09-20 23:41 . 2008-09-20 23:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-20 23:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 23:40 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 23:39 . 2008-09-20 23:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 23:39 . 2008-09-20 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 19:29 . 2008-09-23 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-17 19:29 . 2008-09-17 19:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-11 10:39 . 2008-09-19 23:18 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player
2008-09-07 13:23 . 2008-09-19 23:18 <DIR> d-------- C:\Program Files\FastStone Capture
2008-09-06 16:24 . 2008-09-19 16:27 <DIR> d-------- C:\Program Files\Download Direct
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\Program Files\Avant Browser
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avant Profiles
2008-08-26 22:11 . 2008-09-22 20:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-26 22:11 . 2008-08-26 22:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-26 22:08 . 2008-08-26 22:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-25 21:25 . 2008-08-25 21:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VoipBuster
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 18:27 1,038,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-24 18:25 52,338,976 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 18:23 706,172 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 18:23 100,460 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-24 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-24 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-24 12:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-09-23 17:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 16:17 --------- d-----w C:\Program Files\QuickTime
2008-09-23 06:05 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-22 21:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-09-19 21:18 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2008-09-19 21:18 --------- d-----w C:\Program Files\VDJ5
2008-09-19 21:18 --------- d-----w C:\Program Files\SlimTV
2008-09-19 14:17 --------- d-----w C:\Program Files\JLC's Software
2008-09-19 14:02 --------- d-----w C:\Program Files\Google
2008-09-11 14:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-10 20:15 --------- d-----w C:\Program Files\Unlocker
2008-09-08 14:10 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2008-09-06 16:32 --------- d-----w C:\Program Files\RegCure
2008-09-06 16:31 --------- d-----w C:\Program Files\Planet Quest
2008-09-06 14:26 --------- d-----w C:\Program Files\Mouse
2008-09-06 14:26 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-09-06 14:26 --------- d-----w C:\Program Files\Easy Thumbnails
2008-09-06 14:26 --------- d-----w C:\Program Files\ClocX
2008-09-06 14:26 --------- d-----w C:\Program Files\Banner Maker Pro 6
2008-09-06 14:25 --------- d-----w C:\Program Files\YouTube Downloader
2008-09-06 14:25 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-06 14:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-06 14:25 --------- d-----w C:\Program Files\Weather Watcher
2008-09-05 03:17 --------- d-----w C:\Program Files\uTorrent
2008-08-27 19:44 --------- d-----w C:\Program Files\Trillian
2008-08-26 20:08 --------- d-----w C:\Program Files\Skype
2008-08-26 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-23 13:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-08-23 00:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 20:42 --------- d-----w C:\Program Files\Opera
2008-08-21 09:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
2008-08-18 05:59 --------- d-----w C:\Program Files\Thoosje Vista Sidebar
2008-08-18 05:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Desktopicon
2008-08-18 05:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Toolbars
2008-08-08 11:51 --------- d-----w C:\Program Files\URUSoft
2008-08-08 11:48 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Softland
2008-08-06 18:57 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-27 00:17 --------- d-----w C:\Program Files\Movienizer
2008-07-27 00:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Movienizer
2008-07-26 23:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Outerspace Software
2008-07-24 11:35 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-07 02:27 1,550,336 ----a-w C:\WINDOWS\system32\sqlrcmd.dll
2008-06-24 20:14 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-24 13:53 21,656 ----a-w C:\WINDOWS\system32\dopdfmn6.dll
2008-06-24 13:53 18,072 ----a-w C:\WINDOWS\system32\dopdfmi6.dll
2007-12-17 02:11 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-10-10 23:28 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2007-06-27 16:40 824320 d6ed5e042c5207553e7f5e842918137f C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2006-04-11 17:34 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\ie7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 16:34 925184 df7b22a7ca0de1961e60a032b2a9f914 C:\WINDOWS\system32\wininet.dll
2007-06-27 16:34 925184 df7b22a7ca0de1961e60a032b2a9f914 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:34 823808 8068cbb58fe60cc95aeb2cff70178208 C:\WINDOWS\VistaMizer\old\wininet.dll
2004-08-04 00:56 541696 55aca85eb80e2155e20211aaaddd711a C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:56 541696 55aca85eb80e2155e20211aaaddd711a C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\VistaMizer\old\winlogon.exe
2006-04-16 13:28 2315264 c966d7c47a36dff8927cb6497d4bf0e3 C:\WINDOWS\system32\ntkrnlpa.exe
2006-04-16 13:28 2057984 4f3d4ceffebbd6d054c345f36a993cc2 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe
2006-04-09 15:33 2438272 6e1295357f9cead10a7288ffbb5c336f C:\WINDOWS\system32\ntoskrnl.exe
2006-04-09 15:33 2180992 2b5da4f3f7a4978feb74422fce7ee18c C:\WINDOWS\VistaMizer\old\ntoskrnl.exe
2005-10-15 10:07 1550336 a118b21850b879699138553c2143a2db C:\WINDOWS\explorer.exe
2005-10-15 10:07 1550336 a118b21850b879699138553c2143a2db C:\WINDOWS\system32\dllcache\explorer.exe
2005-10-15 10:07 1032192 45757077a47c68a603a79b03a1a836ab C:\WINDOWS\VistaMizer\old\explorer.exe
2004-08-04 00:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\VistaMizer\old\ctfmon.exe
2005-10-12 10:00 124184 4ea2dda6e2b489330c8c58bded39d992 C:\WINDOWS\system32\wuauclt.exe
2005-10-12 10:00 124184 4ea2dda6e2b489330c8c58bded39d992 C:\WINDOWS\system32\dllcache\wuauclt.exe
2005-10-12 10:00 124184 ebf1ab7e4fc05cabf2f4680d2a45f827 C:\WINDOWS\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2007-05-04 35840]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2004-01-21 103936]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-23 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2008-05-07 1008128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2751:UDP"= 2751:UDP:Windows Media Format SDK (OnlineTV.exe)
"2750:UDP"= 2750:UDP:Windows Media Format SDK (OnlineTV.exe)
"2753:UDP"= 2753:UDP:Windows Media Format SDK (OnlineTV.exe)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-04-27 34585]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-04-06 14336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 23152]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-24 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{F79654F3-6D43-4262-A3A5-EDDDBEB42C29} - C:\WINDOWS\dfmlxbpkleq.dll
Toolbar-{81B1909C-E4E6-4928-8800-4633584B7AD0} - C:\WINDOWS\peltodgx.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gfaxb2ht.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 20:25:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-24 20:35:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 18:35:42
Pre-Run: 11.002.216.448 bytes free
Post-Run: 11,619,237,888 bytes free
229
|
|
|
|
Poslao: 24 Sep 2008 21:12
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Opet iskljuci AV i uradi sledece:
Otvoriti Notepad i iskopirati sledeci tekst:
File::
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\fbxrqtwn.exe
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
Poslao: 24 Sep 2008 21:45
|
offline
- Brok
- Moderator foruma
- Mihajlo Bogdanović
- Linux driver - fighter - warrior
- Pridružio: 04 Maj 2005
- Poruke: 3259
|
Sve sam uradio, i po završetku skeniranja/čišćenja nije mi odradio restart kao prošli put, odmah je dao log, kako sam kopirao log nestalo mi je sve sa desktopa, te sam brauzer opet pokrenuo preko upravljača zadacima.
ComboFix 08-09-24.01 - Administrator 2008-09-24 21:16:22.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.65 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\tdssserf1.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\tdssserf1.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-23 08:06 . 2008-09-23 08:06 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-23 08:05 . 2008-09-23 08:05 <DIR> d-------- C:\Program Files\Real
2008-09-23 08:05 . 2008-09-23 08:06 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-23 07:45 . 2008-09-23 18:33 <DIR> d-------- C:\Program Files\Super Internet TV
2008-09-22 07:04 . 2008-09-22 07:04 73,983 --a------ C:\WINDOWS\WinVerCheck.exe
2008-09-20 23:41 . 2008-09-20 23:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-20 23:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 23:40 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 23:39 . 2008-09-20 23:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 23:39 . 2008-09-20 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 19:29 . 2008-09-23 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-17 19:29 . 2008-09-17 19:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-11 10:39 . 2008-09-19 23:18 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player
2008-09-07 13:23 . 2008-09-19 23:18 <DIR> d-------- C:\Program Files\FastStone Capture
2008-09-06 16:24 . 2008-09-19 16:27 <DIR> d-------- C:\Program Files\Download Direct
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\Program Files\Avant Browser
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avant Profiles
2008-08-26 22:11 . 2008-09-22 20:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-26 22:11 . 2008-08-26 22:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-26 22:08 . 2008-08-26 22:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-25 21:25 . 2008-08-25 21:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VoipBuster
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 19:20 52,389,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 19:20 1,043,232 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-24 19:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-09-24 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-24 18:23 706,172 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 18:23 100,460 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-24 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-23 17:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 16:17 --------- d-----w C:\Program Files\QuickTime
2008-09-23 06:05 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-22 21:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-09-19 21:18 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2008-09-19 21:18 --------- d-----w C:\Program Files\VDJ5
2008-09-19 21:18 --------- d-----w C:\Program Files\SlimTV
2008-09-19 14:17 --------- d-----w C:\Program Files\JLC's Software
2008-09-19 14:02 --------- d-----w C:\Program Files\Google
2008-09-11 14:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-10 20:15 --------- d-----w C:\Program Files\Unlocker
2008-09-08 14:10 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2008-09-06 16:32 --------- d-----w C:\Program Files\RegCure
2008-09-06 16:31 --------- d-----w C:\Program Files\Planet Quest
2008-09-06 14:26 --------- d-----w C:\Program Files\Mouse
2008-09-06 14:26 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-09-06 14:26 --------- d-----w C:\Program Files\Easy Thumbnails
2008-09-06 14:26 --------- d-----w C:\Program Files\ClocX
2008-09-06 14:26 --------- d-----w C:\Program Files\Banner Maker Pro 6
2008-09-06 14:25 --------- d-----w C:\Program Files\YouTube Downloader
2008-09-06 14:25 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-06 14:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-06 14:25 --------- d-----w C:\Program Files\Weather Watcher
2008-09-05 03:17 --------- d-----w C:\Program Files\uTorrent
2008-08-27 19:44 --------- d-----w C:\Program Files\Trillian
2008-08-26 20:08 --------- d-----w C:\Program Files\Skype
2008-08-26 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-23 13:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-08-23 00:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 20:42 --------- d-----w C:\Program Files\Opera
2008-08-21 09:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
2008-08-18 05:59 --------- d-----w C:\Program Files\Thoosje Vista Sidebar
2008-08-18 05:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Desktopicon
2008-08-18 05:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Toolbars
2008-08-08 11:51 --------- d-----w C:\Program Files\URUSoft
2008-08-08 11:48 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Softland
2008-08-06 18:57 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-27 00:17 --------- d-----w C:\Program Files\Movienizer
2008-07-27 00:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Movienizer
2008-07-26 23:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Outerspace Software
2008-07-24 11:35 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-07 02:27 1,550,336 ----a-w C:\WINDOWS\system32\sqlrcmd.dll
2008-06-24 20:14 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-24 13:53 21,656 ----a-w C:\WINDOWS\system32\dopdfmn6.dll
2008-06-24 13:53 18,072 ----a-w C:\WINDOWS\system32\dopdfmi6.dll
2007-12-17 02:11 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-10-10 23:28 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2007-06-27 16:40 824320 d6ed5e042c5207553e7f5e842918137f C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2006-04-11 17:34 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\ie7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 16:34 925184 df7b22a7ca0de1961e60a032b2a9f914 C:\WINDOWS\system32\wininet.dll
2007-06-27 16:34 925184 df7b22a7ca0de1961e60a032b2a9f914 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:34 823808 8068cbb58fe60cc95aeb2cff70178208 C:\WINDOWS\VistaMizer\old\wininet.dll
2004-08-04 00:56 541696 55aca85eb80e2155e20211aaaddd711a C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:56 541696 55aca85eb80e2155e20211aaaddd711a C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\VistaMizer\old\winlogon.exe
2006-04-16 13:28 2315264 c966d7c47a36dff8927cb6497d4bf0e3 C:\WINDOWS\system32\ntkrnlpa.exe
2006-04-16 13:28 2057984 4f3d4ceffebbd6d054c345f36a993cc2 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe
2006-04-09 15:33 2438272 6e1295357f9cead10a7288ffbb5c336f C:\WINDOWS\system32\ntoskrnl.exe
2006-04-09 15:33 2180992 2b5da4f3f7a4978feb74422fce7ee18c C:\WINDOWS\VistaMizer\old\ntoskrnl.exe
2005-10-15 10:07 1550336 a118b21850b879699138553c2143a2db C:\WINDOWS\explorer.exe
2005-10-15 10:07 1550336 a118b21850b879699138553c2143a2db C:\WINDOWS\system32\dllcache\explorer.exe
2005-10-15 10:07 1032192 45757077a47c68a603a79b03a1a836ab C:\WINDOWS\VistaMizer\old\explorer.exe
2004-08-04 00:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\VistaMizer\old\ctfmon.exe
2005-10-12 10:00 124184 4ea2dda6e2b489330c8c58bded39d992 C:\WINDOWS\system32\wuauclt.exe
2005-10-12 10:00 124184 4ea2dda6e2b489330c8c58bded39d992 C:\WINDOWS\system32\dllcache\wuauclt.exe
2005-10-12 10:00 124184 ebf1ab7e4fc05cabf2f4680d2a45f827 C:\WINDOWS\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2007-05-04 35840]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2004-01-21 103936]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-23 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2008-05-07 1008128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2751:UDP"= 2751:UDP:Windows Media Format SDK (OnlineTV.exe)
"2750:UDP"= 2750:UDP:Windows Media Format SDK (OnlineTV.exe)
"2753:UDP"= 2753:UDP:Windows Media Format SDK (OnlineTV.exe)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-04-27 34585]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-04-06 14336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 23152]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-24 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 21:21:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-09-24 21:25:46
ComboFix-quarantined-files.txt 2008-09-24 19:25:41
ComboFix2.txt 2008-09-24 18:35:59
Pre-Run: 11.621.498.880 bytes free
Post-Run: 11,609,362,432 bytes free
198
|
|
|
|
Poslao: 24 Sep 2008 21:47
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Jesi restartovao kompjuter?
|
|
|
|
Poslao: 24 Sep 2008 21:56
|
offline
- Brok
- Moderator foruma
- Mihajlo Bogdanović
- Linux driver - fighter - warrior
- Pridružio: 04 Maj 2005
- Poruke: 3259
|
Evo sada tek jesam pošto si me pitao.
|
|
|
|
|
Poslao: 24 Sep 2008 22:05
|
offline
- Brok
- Moderator foruma
- Mihajlo Bogdanović
- Linux driver - fighter - warrior
- Pridružio: 04 Maj 2005
- Poruke: 3259
|
Dosta bolje nego ranije, tj. mnogo bolje. Jedino možda malo duže diže sietem, i ispod ikonicama mi je ostalo obojen opis ikonica kao na slici, valjada to nije ništa što ukazuje na nešto hrđavo, ostalo je sve kako je bilo ranije.
|
|
|
|
Poslao: 24 Sep 2008 22:22
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Hajde mi molim te postavi novi HJT log. Nesto da vidim.
|
|
|
|