MyCity » Ambulanta -> Arhiva Ambulante » Mcafe detektuje Trojanca .

Mcafe detektuje Trojanca .

Napisano na dan: 15.8.2009

Mcafe detektuje Trojanca .

Sledeća strana

Pagination

Odgovori

katanaa Poslao: 15 Avg 2009 10:30 Idi na vrh
offline katanaa Građanin Pridružio: 04 Avg 2009 Poruke: 166	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 15 Avg 2009 10:26 Preskenirao sam racunar i Mcafe mi odjednom detektije trojan generic tako nesto nisam uspio dobro da vidim i ne moze da ga izbrise . DDS (Ver_09-07-30.01) - NTFSx86 Run by SERVIS at 9:47:41.10 on Sat 08/15/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.592 [GMT 2:00] AV: McAfee VirusScan Enterprise On-access scanning enabled (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\Common Framework\udaterui.exe C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\McAfee\Common Framework\McTray.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\WINDOWS\System32\svchost.exe svchost.exe C:\WINDOWS\system32\braviax.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\SERVIS\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [C-Media Mixer] Mixer.exe /startup mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Regedit32] c:\windows\system32\regedit.exe mRun: [braviax] dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [braviax] IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-6 340592] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-8-6 67904] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-6 90360] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-6 42424] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-8-6 64432] =============== Created Last 30 ================ 2009-08-14 16:15 122,600 ----h--- C:\treeinfo.wc 2009-08-14 16:10 25,808 a------- c:\windows\system\CTL3DV2.DLL 2009-08-14 16:10 545 a------- c:\windows\UC.PIF 2009-08-14 16:10 545 a------- c:\windows\RAR.PIF 2009-08-14 16:10 545 a------- c:\windows\PKZIP.PIF 2009-08-14 16:10 545 a------- c:\windows\PKUNZIP.PIF 2009-08-14 16:10 545 a------- c:\windows\NOCLOSE.PIF 2009-08-14 16:10 545 a------- c:\windows\LHA.PIF 2009-08-14 16:10 545 a------- c:\windows\ARJ.PIF 2009-08-14 16:10 876 a------- c:\windows\wincmd.ini 2009-08-14 16:10 <DIR> --d----- C:\totalcmd 2009-08-14 12:32 11,264 a------- c:\windows\system32\braviax.exe 2009-08-14 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-08-14 12:01 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-08-14 12:01 <DIR> --d----- c:\docume~1\servis\applic~1\SUPERAntiSpyware.com 2009-08-14 12:00 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-08-14 12:00 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-08-14 11:54 <DIR> a-dshr-- C:\cmdcons 2009-08-14 11:53 216,064 a------- c:\windows\PEV.exe 2009-08-14 11:53 161,792 a------- c:\windows\SWREG.exe 2009-08-14 11:53 98,816 a------- c:\windows\sed.exe 2009-08-11 09:39 69 a------- c:\windows\NeroDigital.ini 2009-08-10 13:05 <DIR> --d----- c:\program files\Shutdown Timer 2009-08-08 13:39 3,686,454 a------- c:\windows\ACD Wallpaper.bmp 2009-08-08 11:08 <DIR> --d----- c:\program files\RAR Password (zabranjeno)er 2009-08-08 11:03 <DIR> --d----- c:\program files\Intelore 2009-08-08 11:02 <DIR> --d----- C:\QUARANTINE 2009-08-08 10:12 <DIR> --d----- c:\docume~1\servis\applic~1\ACD Systems 2009-08-08 10:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems 2009-08-08 10:11 <DIR> --d----- c:\program files\common files\ACD Systems 2009-08-08 10:11 <DIR> --d----- c:\program files\ACD Systems 2009-08-08 10:11 10,368 a------- c:\windows\system32\drivers\pfc.sys 2009-08-08 10:11 <DIR> --d----- c:\windows\Downloaded Installations 2009-08-08 09:40 <DIR> --d----- c:\program files\K-Lite Codec Pack 2009-08-08 09:25 <DIR> --d----- c:\program files\SpeedFan 2009-08-08 09:25 45 a------- c:\windows\system32\initdebug.nfo 2009-08-08 09:12 <DIR> --d----- c:\windows\pss 2009-08-07 10:43 344,064 a------- c:\windows\system32\msvcr70.dll 2009-08-07 10:43 <DIR> --d----- c:\program files\DVDVideoSoft 2009-08-07 10:43 <DIR> --d----- c:\program files\common files\DVDVideoSoft 2009-08-07 10:37 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys 2009-08-07 10:15 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-07 10:15 73,728 a------- c:\windows\system32\javacpl.cpl 2009-08-07 09:09 22 a------- c:\windows\system32\ati64hlp.stb 2009-08-06 17:01 22 a------- c:\windows\system32\ati64hl2.stb 2009-08-06 16:59 <DIR> --d----- c:\program files\ATI Technologies 2009-08-06 15:23 376 a------- c:\windows\ODBC.INI 2009-08-06 15:23 17,920 a------- c:\windows\system32\mdimon.dll 2009-08-06 15:22 <DIR> --d----- c:\program files\common files\L&H 2009-08-06 15:22 <DIR> --d----- c:\program files\Microsoft ActiveSync 2009-08-06 15:20 <DIR> --d----- c:\windows\SHELLNEW 2009-08-06 15:09 516,768 ac------ c:\windows\system32\dllcache\ativvaxx.dll 2009-08-06 15:09 516,768 a------- c:\windows\system32\ativvaxx.dll 2009-08-06 15:09 1,888,992 ac------ c:\windows\system32\dllcache\ati3duag.dll 2009-08-06 15:09 1,888,992 a------- c:\windows\system32\ati3duag.dll 2009-08-06 15:08 701,440 ac------ c:\windows\system32\dllcache\ati2mtag.sys 2009-08-06 15:08 701,440 a------- c:\windows\system32\drivers\ati2mtag.sys 2009-08-06 15:08 870,784 ac------ c:\windows\system32\dllcache\ati3d1ag.dll 2009-08-06 15:08 870,784 a------- c:\windows\system32\ati3d1ag.dll 2009-08-06 15:08 229,376 ac------ c:\windows\system32\dllcache\ati2cqag.dll 2009-08-06 15:08 201,728 ac------ c:\windows\system32\dllcache\ati2dvag.dll 2009-08-06 15:08 229,376 a------- c:\windows\system32\ati2cqag.dll 2009-08-06 15:08 201,728 a------- c:\windows\system32\ati2dvag.dll 2009-08-06 15:07 0 a------- c:\windows\system32\SET2.tmp 2009-08-06 14:58 25 a------- c:\windows\mixerdef.ini 2009-08-06 14:47 2,317,696 a------- c:\windows\system32\drivers\ALCXWDM.SYS 2009-08-06 14:47 156,672 -------- c:\windows\system32\RtlCPAPI.dll 2009-08-06 14:47 57,344 a------- c:\windows\ALCXMNTR.EXE 2009-08-06 14:47 9,309,696 -------- c:\windows\system32\RTLCPL.exe 2009-08-06 14:47 141,016 -------- c:\windows\system32\alsndmgr.wav 2009-08-06 14:47 77,824 -------- c:\windows\soundman.exe 2009-08-06 14:47 40,960 -------- c:\windows\system32\ChCfg.exe 2009-08-06 14:47 18,694,144 a------- c:\windows\system32\ALSNDMGR.CPL 2009-08-06 14:47 294,912 -------- c:\windows\alcupd.exe 2009-08-06 14:47 200,704 -------- c:\windows\alcrmv.exe 2009-08-06 14:46 192,512 -------- c:\windows\RtlExUpd.dll 2009-08-06 14:43 3,072 a------- c:\windows\system32\drivers\audstub.sys 2009-08-06 14:43 57,600 a------- c:\windows\system32\drivers\redbook.sys 2009-08-06 14:43 6,400 a------- c:\windows\system32\drivers\enum1394.sys 2009-08-06 14:42 46,464 ac------ c:\windows\system32\dllcache\gagp30kx.sys 2009-08-06 14:42 46,464 a------- c:\windows\system32\drivers\GAGP30KX.SYS 2009-08-06 14:42 32,768 a------- c:\windows\system32\drivers\sisnic.sys 2009-08-06 14:42 74,240 a------- c:\windows\system32\usbui.dll 2009-08-06 14:41 <DIR> --d----- c:\program files\common files\ODBC 2009-08-06 14:41 <DIR> --d----- c:\program files\common files\SpeechEngines 2009-08-06 14:41 <DIR> --d--r-- c:\documents and settings\all users\Documents 2009-08-06 14:39 144,484 ac------ c:\windows\system32\dllcache\netfx.cat 2009-08-06 14:38 786 a------- c:\windows\system32\$winnt$.inf 2009-08-06 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies 2009-08-06 13:27 <DIR> --d----- c:\program files\common files\Cisco Systems 2009-08-06 13:27 <DIR> --d----- c:\program files\McAfee 2009-08-06 13:27 <DIR> --d----- c:\program files\common files\McAfee 2009-08-06 13:15 <DIR> --d----- c:\program files\Nero 2009-08-06 13:03 <DIR> --ds---- c:\documents and settings\servis\UserData 2009-08-06 12:50 <DIR> --dsh--- c:\documents and settings\all users\DRM 2009-08-06 12:50 <DIR> --d-h--- c:\program files\WindowsUpdate 2009-08-06 12:49 <DIR> --d----- c:\program files\common files\MSSoap 2009-08-06 12:48 <DIR> --d----- c:\program files\Online Services 2009-08-06 12:48 <DIR> --d----- c:\program files\Messenger 2009-08-06 12:48 <DIR> --d----- c:\program files\MSN Gaming Zone 2009-08-06 12:47 <DIR> --d----- c:\program files\Windows NT ==================== Find3M ==================== 2009-08-14 11:58 619,584 a------- c:\windows\system32\drivers\ntfs.sys 2009-08-07 15:48 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-06 12:48 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-06-02 18:11 85,504 a------- c:\windows\system32\ff_vfw.dll 2009-05-29 23:37 205,824 a------- c:\windows\system32\xvidvfw.dll 2009-05-29 23:31 881,664 a------- c:\windows\system32\xvidcore.dll ============= FINISH: 9:48:01.59 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 15 Avg 2009 15:11 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Vidim da si pokretao ComboFix na svoju ruku (što nije dobro) Obriši taj ComboFix i preuzmi novi. Napomena: Nemoj deinstalirati ComboFix nego ga samo obriši sa desktopa i isprati sledeće uputstvo. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

katanaa Poslao: 15 Avg 2009 16:32 Idi na vrh
offline katanaa Građanin Pridružio: 04 Avg 2009 Poruke: 166	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-08-10.06 - SERVIS 08/15/2009 16:22.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.804 [GMT 2:00] Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise On-access scanning disabled (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\system32\braviax.exe D:\Autorun.inf F:\autorun.inf Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected Restored copy from - c:\system volume information\_restore{9010A427-63B8-42AB-8101-4247FC495BB3}\RP17\A0004284.sys . ((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-15 10:25 . 2009-08-15 10:25 104802 --sh--r- C:\m1eqos3.exe 2009-08-15 09:02 . 2009-08-15 09:02 -------- d-----w- c:\program files\SopCast 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\UC.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\RAR.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\PKZIP.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\PKUNZIP.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\NOCLOSE.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\LHA.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\ARJ.PIF 2009-08-14 14:10 . 2008-04-24 04:58 25808 ----a-w- c:\windows\system\CTL3DV2.DLL 2009-08-14 14:10 . 2009-08-14 14:10 -------- d-----w- C:\totalcmd 2009-08-14 10:01 . 2009-08-14 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-14 10:01 . 2009-08-15 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-14 10:01 . 2009-08-14 10:01 -------- d-----w- c:\documents and settings\SERVIS\Application Data\SUPERAntiSpyware.com 2009-08-14 10:00 . 2009-08-14 10:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-10 11:05 . 2009-08-15 09:13 -------- d-----w- c:\program files\Shutdown Timer 2009-08-08 09:08 . 2009-08-08 09:28 -------- d-----w- c:\program files\RAR Password (zabranjeno)er 2009-08-08 09:03 . 2009-08-08 09:24 -------- d-----w- c:\program files\Intelore 2009-08-08 09:02 . 2009-08-15 08:38 -------- d-----w- C:\QUARANTINE 2009-08-08 08:12 . 2009-08-08 08:12 -------- d-----w- c:\documents and settings\SERVIS\Application Data\ACD Systems 2009-08-08 08:12 . 2009-08-08 08:36 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:12 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:11 -------- d-----w- c:\program files\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:11 10368 ----a-w- c:\windows\system32\drivers\pfc.sys 2009-08-08 08:11 . 2009-08-08 08:11 -------- d-----w- c:\windows\Downloaded Installations 2009-08-08 07:40 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll 2009-08-08 07:40 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-08-08 07:40 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-08-08 07:40 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-08-08 07:40 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-08-08 07:40 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2009-08-08 07:40 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll 2009-08-08 07:40 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-08-08 07:40 . 2009-08-08 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-08 07:40 . 2009-08-11 07:39 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Media Player Classic 2009-08-08 07:25 . 2009-08-12 14:58 -------- d-----w- c:\program files\SpeedFan 2009-08-07 08:43 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-08-07 08:43 . 2009-08-07 08:43 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-07 08:43 . 2009-08-07 08:43 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-07 08:37 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-08-07 08:15 . 2009-08-07 08:15 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-07 08:15 . 2009-08-07 08:15 -------- d-----w- c:\program files\Java 2009-08-07 08:15 . 2009-08-07 08:15 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-07 08:08 . 2009-08-07 08:08 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Identities 2009-08-06 15:00 . 2009-08-06 15:00 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Help 2009-08-06 14:59 . 2009-08-06 14:59 -------- d-----w- c:\program files\ATI Technologies 2009-08-06 13:23 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Common Files\L&H 2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Microsoft.NET 2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-08-06 13:21 . 2009-08-06 13:21 -------- d-----w- c:\program files\Microsoft Works 2009-08-06 13:20 . 2009-08-06 13:22 -------- d-----w- c:\windows\SHELLNEW 2009-08-06 13:18 . 2009-08-06 13:18 -------- d--h--r- C:\MSOCache 2009-08-06 13:09 . 2008-04-14 03:41 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll 2009-08-06 13:09 . 2008-04-14 03:41 516768 ----a-w- c:\windows\system32\ativvaxx.dll 2009-08-06 13:09 . 2008-04-14 03:41 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll 2009-08-06 13:09 . 2008-04-14 03:41 1888992 ----a-w- c:\windows\system32\ati3duag.dll 2009-08-06 13:08 . 2008-04-13 20:04 701440 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys 2009-08-06 13:08 . 2008-04-13 20:04 701440 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2009-08-06 13:08 . 2008-04-14 03:41 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll 2009-08-06 13:08 . 2008-04-14 03:41 870784 ----a-w- c:\windows\system32\ati3d1ag.dll 2009-08-06 13:08 . 2008-04-14 03:41 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll 2009-08-06 13:08 . 2008-04-14 03:41 229376 ----a-w- c:\windows\system32\ati2cqag.dll 2009-08-06 13:08 . 2008-04-14 03:41 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll 2009-08-06 13:08 . 2008-04-14 03:41 201728 ----a-w- c:\windows\system32\ati2dvag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 10:01 . 2009-08-06 11:01 64760 ----a-w- c:\documents and settings\SERVIS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-08 14:56 . 2009-08-06 11:16 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Ahead 2009-08-07 13:48 . 2009-08-06 10:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-06 14:59 . 2009-08-06 11:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-06 13:07 . 2009-08-06 13:07 0 ----a-w- c:\windows\system32\SET2.tmp 2009-08-06 13:02 . 2009-08-06 11:25 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-06 12:22 . 2009-08-06 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hagel Technologies 2009-08-06 11:28 . 2009-08-06 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-06 11:27 . 2009-08-06 11:27 -------- d-----w- c:\program files\Common Files\Cisco Systems 2009-08-06 11:27 . 2009-08-06 11:27 -------- d-----w- c:\program files\McAfee 2009-08-06 11:27 . 2009-08-06 11:27 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-06 11:16 . 2009-08-06 11:15 -------- d-----w- c:\program files\Common Files\Ahead 2009-08-06 11:15 . 2009-08-06 11:15 -------- d-----w- c:\program files\Nero 2009-08-06 11:11 . 2009-08-06 11:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-06 11:10 . 2009-08-06 11:10 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Winamp 2009-08-06 11:10 . 2009-08-06 11:10 -------- d-----w- c:\program files\Winamp 2009-08-06 11:06 . 2009-08-06 11:06 -------- d-----w- c:\program files\Opera 2009-08-06 11:03 . 2009-08-06 11:03 1961720 ----a-w- c:\documents and settings\SERVIS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-08-06 10:52 . 2009-08-06 10:52 -------- d-----w- c:\program files\microsoft frontpage 2009-08-06 10:48 . 2009-08-06 10:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2009-03-15 13:44 1614848 600D58665D16BFBB776EFEFB0E80532D c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-15 1830128] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-07 149280] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] "C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2006-10-29 1581056] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-08-15 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-08-15 09:39 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 74480] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/6/2009 1:28 PM 67904] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/6/2009 1:28 PM 64432] --- Other Services/Drivers In Memory --- NewlyCreated - SASDIFSV . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-08-15 16:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(628-) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\wdfmgr.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\program files\McAfee\Common Framework\McTray.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-08-15 16:29 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-15 14:29 Pre-Run: 24,046,125,056 bytes free Post-Run: 24,003,407,872 bytes free 232

Profil

Bogdan-Tc Poslao: 15 Avg 2009 17:41 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\m1eqos3.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

katanaa Poslao: 17 Avg 2009 09:17 Idi na vrh
offline katanaa Građanin Pridružio: 04 Avg 2009 Poruke: 166	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-08-10.06 - SERVIS 08/17/2009 9:12.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.653 [GMT 2:00] Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\SERVIS\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise On-access scanning disabled (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point FILE :: "C:\m1eqos3.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\m1eqos3.exe . ((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 ))))))))))))))))))))))))))))))) . 2009-08-15 09:02 . 2009-08-15 09:02 -------- d-----w- c:\program files\SopCast 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\UC.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\RAR.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\PKZIP.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\PKUNZIP.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\NOCLOSE.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\LHA.PIF 2009-08-14 14:10 . 2008-04-24 04:58 545 ----a-w- c:\windows\ARJ.PIF 2009-08-14 14:10 . 2008-04-24 04:58 25808 ----a-w- c:\windows\system\CTL3DV2.DLL 2009-08-14 14:10 . 2009-08-14 14:10 -------- d-----w- C:\totalcmd 2009-08-14 10:01 . 2009-08-14 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-14 10:01 . 2009-08-15 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-14 10:01 . 2009-08-14 10:01 -------- d-----w- c:\documents and settings\SERVIS\Application Data\SUPERAntiSpyware.com 2009-08-14 10:00 . 2009-08-14 10:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-10 11:05 . 2009-08-15 09:13 -------- d-----w- c:\program files\Shutdown Timer 2009-08-08 09:08 . 2009-08-08 09:28 -------- d-----w- c:\program files\RAR Password (zabranjeno)er 2009-08-08 09:03 . 2009-08-08 09:24 -------- d-----w- c:\program files\Intelore 2009-08-08 09:02 . 2009-08-15 08:38 -------- d-----w- C:\QUARANTINE 2009-08-08 08:12 . 2009-08-08 08:12 -------- d-----w- c:\documents and settings\SERVIS\Application Data\ACD Systems 2009-08-08 08:12 . 2009-08-08 08:36 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:12 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:11 -------- d-----w- c:\program files\ACD Systems 2009-08-08 08:11 . 2009-08-08 08:11 10368 ----a-w- c:\windows\system32\drivers\pfc.sys 2009-08-08 08:11 . 2009-08-08 08:11 -------- d-----w- c:\windows\Downloaded Installations 2009-08-08 07:40 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll 2009-08-08 07:40 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-08-08 07:40 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-08-08 07:40 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-08-08 07:40 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-08-08 07:40 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2009-08-08 07:40 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll 2009-08-08 07:40 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-08-08 07:40 . 2009-08-08 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-08 07:40 . 2009-08-11 07:39 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Media Player Classic 2009-08-08 07:25 . 2009-08-12 14:58 -------- d-----w- c:\program files\SpeedFan 2009-08-07 08:43 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-08-07 08:43 . 2009-08-07 08:43 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-07 08:43 . 2009-08-07 08:43 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-07 08:37 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-08-07 08:15 . 2009-08-07 08:15 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-07 08:15 . 2009-08-07 08:15 -------- d-----w- c:\program files\Java 2009-08-07 08:15 . 2009-08-07 08:15 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-07 08:08 . 2009-08-07 08:08 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Identities 2009-08-06 15:00 . 2009-08-06 15:00 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Help 2009-08-06 14:59 . 2009-08-06 14:59 -------- d-----w- c:\program files\ATI Technologies 2009-08-06 13:23 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Common Files\L&H 2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Microsoft.NET 2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-08-06 13:21 . 2009-08-06 13:21 -------- d-----w- c:\program files\Microsoft Works 2009-08-06 13:20 . 2009-08-06 13:22 -------- d-----w- c:\windows\SHELLNEW 2009-08-06 13:18 . 2009-08-06 13:18 -------- d--h--r- C:\MSOCache 2009-08-06 13:09 . 2008-04-14 03:41 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll 2009-08-06 13:09 . 2008-04-14 03:41 516768 ----a-w- c:\windows\system32\ativvaxx.dll 2009-08-06 13:09 . 2008-04-14 03:41 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll 2009-08-06 13:09 . 2008-04-14 03:41 1888992 ----a-w- c:\windows\system32\ati3duag.dll 2009-08-06 13:08 . 2008-04-13 20:04 701440 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys 2009-08-06 13:08 . 2008-04-13 20:04 701440 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2009-08-06 13:08 . 2008-04-14 03:41 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll 2009-08-06 13:08 . 2008-04-14 03:41 870784 ----a-w- c:\windows\system32\ati3d1ag.dll 2009-08-06 13:08 . 2008-04-14 03:41 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll 2009-08-06 13:08 . 2008-04-14 03:41 229376 ----a-w- c:\windows\system32\ati2cqag.dll 2009-08-06 13:08 . 2008-04-14 03:41 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll 2009-08-06 13:08 . 2008-04-14 03:41 201728 ----a-w- c:\windows\system32\ati2dvag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 10:01 . 2009-08-06 11:01 64760 ----a-w- c:\documents and settings\SERVIS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-08 14:56 . 2009-08-06 11:16 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Ahead 2009-08-07 13:48 . 2009-08-06 10:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-06 14:59 . 2009-08-06 11:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-06 13:07 . 2009-08-06 13:07 0 ----a-w- c:\windows\system32\SET2.tmp 2009-08-06 13:02 . 2009-08-06 11:25 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-06 12:22 . 2009-08-06 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hagel Technologies 2009-08-06 11:28 . 2009-08-06 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-06 11:27 . 2009-08-06 11:27 -------- d-----w- c:\program files\Common Files\Cisco Systems 2009-08-06 11:27 . 2009-08-06 11:27 -------- d-----w- c:\program files\McAfee 2009-08-06 11:27 . 2009-08-06 11:27 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-06 11:16 . 2009-08-06 11:15 -------- d-----w- c:\program files\Common Files\Ahead 2009-08-06 11:15 . 2009-08-06 11:15 -------- d-----w- c:\program files\Nero 2009-08-06 11:11 . 2009-08-06 11:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-06 11:10 . 2009-08-06 11:10 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Winamp 2009-08-06 11:10 . 2009-08-06 11:10 -------- d-----w- c:\program files\Winamp 2009-08-06 11:06 . 2009-08-06 11:06 -------- d-----w- c:\program files\Opera 2009-08-06 11:03 . 2009-08-06 11:03 1961720 ----a-w- c:\documents and settings\SERVIS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-08-06 10:52 . 2009-08-06 10:52 -------- d-----w- c:\program files\microsoft frontpage 2009-08-06 10:48 . 2009-08-06 10:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2009-03-15 13:44 1614848 600D58665D16BFBB776EFEFB0E80532D c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_14.27.30 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-17 07:08 . 2009-08-17 07:08 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-07 149280] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] "C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2006-10-29 1581056] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-08-15 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-08-15 09:39 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 74480] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/6/2009 1:28 PM 67904] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/6/2009 1:28 PM 64432] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-08-17 09:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2009-08-17 9:15 ComboFix-quarantined-files.txt 2009-08-17 07:15 ComboFix2.txt 2009-08-15 14:29 Pre-Run: 24,002,490,368 bytes free Post-Run: 23,960,281,088 bytes free 213

Profil

Bogdan-Tc Poslao: 17 Avg 2009 22:46 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sad deluje ok, nema više tragova malware_a. Ostalo je još samo da uklonimo ComboFix. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Mcafe detektuje Trojanca .

Ko je trenutno na forumu

Ukupno su 964 korisnika na forumu :: 27 registrovanih, 10 sakrivenih i 927 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, bokisha253, Bubimir, cavatina, cinoeye, djuradj, DPera, Georgius, Hans Gajger, hyla, Karla, Kubovac, ladro, laurusri, manda87, mikrimaus, milenko crazy north, Milos ZA, MiroslavD, mkukoleca, Naum T, Neutral-M, stegonosa, tomigun, tubular, vaso1, voja64

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by