MyCity » Ambulanta -> Arhiva Ambulante » Nepoznati Problem

Nepoznati Problem

Napisano na dan: 21.7.2008
1

Nepoznati Problem
Sledeća strana Pagination

Idi na vrh

Poslao: 21 Jul 2008 10:12
Idi na vrh
offline
  • mrmr  Male
  • Super građanin
  • leon
  • elektronicar/penzos
  • Pridružio: 07 Mar 2008
  • Poruke: 1273
  • Gde živiš: Medakovic 3 Beograd

Sve je dobro radilo dok nisam instalirao novu verziju KAV 2009,stara je bila 6.0.Prijavio mi je Keyloger-a u programu COWON Media Center JetAudio.Uradio sam log file pomocu Combofix-a.
https://www.mycity.rs/must-login.png

Poslao: 21 Jul 2008 10:34
Idi na vrh
offline
  • Pridružio: 18 Dec 2003
  • Poruke: 7953
  • Gde živiš: Graceland

Ispostuj ovo pravilo:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 21 Jul 2008 11:48
Idi na vrh
offline
  • mrmr  Male
  • Super građanin
  • leon
  • elektronicar/penzos
  • Pridružio: 07 Mar 2008
  • Poruke: 1273
  • Gde živiš: Medakovic 3 Beograd

Izvinjavam se O.K.

Dopuna: 21 Jul 2008 11:39

https://www.mycity.rs/must-login.png

Dopuna: 21 Jul 2008 11:44

Logfile of HijackThis v1.99.1
Scan saved at 11:15:40 AM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\wt\wcmdmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Documents and Settings\LEA\Desktop\PR56.exe\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

Dopuna: 21 Jul 2008 11:48

Zaboravio nacisto kako se to radi a evo i ComboFixComboFix 08-07-20.2 - LEA 2008-07-21 9:22:44.1 - NTFSx86
Running from: C:\Documents and Settings\LEA\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\btfunc.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-18 14:14 . 2008-07-20 23:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 10:52 . 2008-07-18 12:44 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2008-07-18 10:52 . 2008-07-18 10:52 <DIR> d-------- C:\Documents and Settings\LEA\Application Data\URSoft
2008-07-15 13:45 . 2008-07-21 09:27 1,949,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-15 13:45 . 2008-07-21 09:28 385,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-15 13:45 . 2008-07-21 09:27 16,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-15 13:45 . 2008-07-21 09:28 2,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-15 13:42 . 2008-07-15 13:42 268 --ah----- C:\sqmdata04.sqm
2008-07-15 13:42 . 2008-07-15 13:42 244 --ah----- C:\sqmnoopt04.sqm
2008-07-15 13:13 . 2008-07-15 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-15 12:10 . 2008-07-15 12:10 <DIR> d-------- C:\Sega
2008-07-15 12:09 . 2008-07-15 13:36 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus
2008-07-15 12:09 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Jolly Lines
2008-07-15 12:08 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Pool 'm Up
2008-07-15 12:08 . 2008-07-15 12:08 <DIR> d-------- C:\Program Files\Orbz
2008-07-15 12:08 . 2008-07-15 12:08 <DIR> d-------- C:\Program Files\Blender Foundation
2008-07-15 12:08 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Ancient Tripeaks
2008-07-15 12:08 . 2008-07-18 12:15 <DIR> d-------- C:\Neo Sonic Universe
2008-07-15 12:08 . 2008-07-18 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-07-15 12:07 . 2008-07-15 12:07 <DIR> d-------- C:\Program Files\MyRealGames.com
2008-07-15 12:07 . 2008-07-15 12:07 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared
2008-07-15 12:07 . 2008-07-18 14:16 <DIR> d-------- C:\Program Files\circolar
2008-07-15 12:07 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Arcade Race
2008-07-09 12:33 . 2008-07-17 11:11 <DIR> d-------- C:\Update
2008-07-09 12:24 . 2008-07-09 12:25 <DIR> d-------- C:\Program Files\Update za Kasperski 7.0
2008-07-08 14:59 . 2008-07-17 11:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 14:23 . 2008-07-03 14:23 <DIR> d-------- C:\Documents and Settings\LEA\.thumbnails
2008-07-02 09:45 . 2008-07-15 12:11 <DIR> d-------- C:\Documents and Settings\LEA\.gimp-2.4
2008-07-02 09:08 . 2008-07-15 12:11 <DIR> d-------- C:\Program Files\Wise Registry Cleaner 3 Pro
2008-07-01 22:32 . 2008-07-01 22:32 <DIR> d-------- C:\Program Files\Yamicsoft
2008-06-30 08:50 . 2008-06-30 08:51 200 --a------ C:\WINDOWS\AUDC80UI.dat
2008-06-27 21:08 . 2001-03-23 16:29 880,912 --a------ C:\WINDOWS\WM8EUTIL.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-18 20:18 --------- d-----w C:\Program Files\AIMP2
2008-07-18 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-18 10:15 --------- d-----w C:\Program Files\J River
2008-07-18 10:15 --------- d-----w C:\Program Files\Disc2Phone
2008-07-18 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-18 10:11 --------- d-----w C:\Program Files\Winamp
2008-07-18 10:11 --------- d-----w C:\Program Files\Paint.NET
2008-07-18 10:11 --------- d-----w C:\Program Files\DipTrace
2008-07-18 10:11 --------- d-----w C:\Program Files\AIMP Classic
2008-07-17 22:22 --------- d-----w C:\Program Files\Absolute Mastermind
2008-07-17 22:05 --------- d-----w C:\Program Files\Atlantis
2008-07-15 12:31 --------- d-----w C:\Program Files\Opera
2008-07-15 11:06 --------- d-----w C:\Program Files\FreeGamePick.com
2008-07-15 10:33 --------- d-----w C:\Program Files\Digital Ear
2008-07-15 10:09 --------- d-----w C:\Documents and Settings\LEA\Application Data\J River
2008-07-10 10:15 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-10 10:15 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-09 12:53 --------- d-----w C:\Program Files\BFG
2008-06-20 15:42 --------- d-----w C:\Program Files\JetAudio
2008-06-20 15:41 --------- d-----w C:\Documents and Settings\LEA\Application Data\COWON
2008-06-20 13:31 --------- d-----w C:\Documents and Settings\LEA\Application Data\NCH Software
2008-06-15 20:52 --------- d-----w C:\Program Files\Wik And The Fable Of Souls
2008-06-13 10:42 --------- d-----w C:\Program Files\Drawing Hand Creations
2008-06-13 10:41 38 ----a-w C:\config.dat
2008-06-12 19:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2008-06-08 11:19 --------- d-----w C:\Program Files\Amazing Adventures - The Lost Tomb
2008-06-07 19:33 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-06-07 19:33 --------- d-----w C:\Program Files\Deskshare
2008-06-07 19:25 --------- d-----w C:\Documents and Settings\LEA\Application Data\Auslogics
2008-06-07 19:24 --------- d-----w C:\Program Files\Auslogics
2008-06-07 18:11 --------- d-----w C:\Program Files\MP3Gain
2008-06-07 16:22 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-06-02 19:47 --------- d-----w C:\Program Files\DXBall2
2008-05-28 20:31 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-03 10:20 116,155 ----a-w C:\Program Files\Broadhead.CurXPTheme
2008-04-03 10:19 573,812 ----a-w C:\Program Files\GreenLightBlueVersion.CurXPTheme
2008-04-03 10:19 3,921,853 ----a-w C:\Program Files\GreenLightColorPack.zip
2008-04-03 10:19 139,254 ----a-w C:\Program Files\Jazz.CurXPTheme
2008-04-03 10:17 251,387 ----a-w C:\Program Files\MBMetalReligion.CurXPTheme
2008-04-03 10:16 94,402 ----a-w C:\Program Files\PlasmaCursor2.CurXPTheme
2008-04-03 10:15 257,190 ----a-w C:\Program Files\turbine.CurXPTheme
2008-04-03 10:14 21,465 ----a-w C:\Program Files\SDDesktopcx.CurXPTheme
2008-04-03 10:13 244,755 ----a-w C:\Program Files\CURSORXPTRAILS.zip
2008-04-03 10:13 184,906 ----a-w C:\Program Files\roundFuturegreen.CurXPTheme
2008-04-03 10:12 353,578 ----a-w C:\Program Files\TentacularBlue.CurXPTheme
2008-04-03 10:11 122,240 ----a-w C:\Program Files\VistaDesignCursor.CurXPTheme
2008-04-03 10:10 43,516 ----a-w C:\Program Files\Annihilator.CurXPTheme
2008-04-03 10:09 106,213 ----a-w C:\Program Files\GlassMaxX.CurXPTheme
2008-04-03 10:00 850,408 ----a-w C:\Program Files\MBClassics.zip
2008-04-03 09:52 1,209,982 ----a-w C:\Program Files\PinkCadillac.zip
2008-04-03 09:51 144,835 ----a-w C:\Program Files\MBEyeOfTheDamned.zip
2008-04-03 09:50 357,634 ----a-w C:\Program Files\Harmony.CurXPTheme
2008-04-03 09:50 219,653 ----a-w C:\Program Files\Flame.CurXPTheme
2008-04-03 09:49 34,478 ----a-w C:\Program Files\CarbonFibre.CurXPTheme
2008-04-03 09:48 86,379 ----a-w C:\Program Files\lovesdyingembers.CurXPTheme
2008-04-03 09:48 2,020,195 ----a-w C:\Program Files\KurioCxpSuite.zip
2008-04-03 09:46 96,413 ----a-w C:\Program Files\SimpleWhiteV2.CurXPTheme
2008-04-03 09:46 90,826 ----a-w C:\Program Files\WhiteFire2.CurXPTheme
2008-04-03 09:45 165,524 ----a-w C:\Program Files\Aquart.CurXPTheme
2008-04-03 09:45 1,565,329 ----a-w C:\Program Files\GreenApparatus.CurXPTheme
2008-04-03 09:43 557,424 ----a-w C:\Program Files\Powder.zip
2008-04-03 09:43 151,313 ----a-w C:\Program Files\GuildWars.CurXPTheme
2008-04-03 09:42 14,961 ----a-w C:\Program Files\GG77emots.zip
2008-04-03 09:41 783,979 ----a-w C:\Program Files\Qetzal.zip
2008-04-03 09:41 1,010,015 ----a-w C:\Program Files\Floristic.CurXPTheme
2008-04-03 09:33 676,800 ----a-w C:\Program Files\Tryskel9UltimateVi.CurXPTheme
2008-04-03 09:32 257,773 ----a-w C:\Program Files\UltimLive.CursorFX
2008-02-27 14:22 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2008-02-27 14:09 18,103,296 ----a-w C:\Program Files\wlm_9_1407_1107_BETA.msi
2001-09-03 11:21 309,453 --sha-w C:\WINDOWS\rsx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 16:34 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-20 00:59 418632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [2005-08-25 11:59 344064]
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [2005-08-25 11:47 65536]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"wcmdmgr"="C:\WINDOWS\wt\wcmdmgrl.exe" [1999-12-09 20:04 20480]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2004-11-12 11:50 892928 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Opera\\Opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 10:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{274b843c-e531-11dc-98b7-00064f300101}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a61d4ff-f82e-11dc-a1ba-00064f300101}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc9c2feb-e56d-11dc-98ba-00064f300101}]
\Shell\Auto\command - F:\Config.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Config.exe
.
.
------- Supplementary Scan -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 09:30:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\wt\wcmdmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2008-07-21 9:42:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-21 07:41:56

Pre-Run: 25,884,483,584 bytes free
Post-Run: 26,187,460,608 bytes free

202 --- E O F --- 2008-02-29 16:54:22

Poslao: 21 Jul 2008 16:35
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Da li je obrisano to što je AV detektovao?

Postoji li neki konkretan problem?

Poslao: 21 Jul 2008 21:02
Idi na vrh
offline
  • mrmr  Male
  • Super građanin
  • leon
  • elektronicar/penzos
  • Pridružio: 07 Mar 2008
  • Poruke: 1273
  • Gde živiš: Medakovic 3 Beograd

Otvaranje bilo kojeg programa traje i vise od 10sec.najgore je sa Operom koja sada ipak nekako radi.ali kada sam na net-u se povremeno koci.Inace KAV je otkrio samo pri pokretanju programa
Cowon Jet Audio nekakav Keyloger pise da je zaustavljen.

Poslao: 21 Jul 2008 21:22
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html



Uploaduj sledeći file: C:\WINDOWS\rsx.exe

Upload link: http://www.mycity.rs/ambulanta-upload.php

Dopuna: 21 Jul 2008 21:22

Takođe...

Zipuj/raruj kompletan folder C:\qoobox\quarantine a zatim uploaduj preko gornjeg linka.

Poslao: 22 Jul 2008 23:19
Idi na vrh
offline
  • mrmr  Male
  • Super građanin
  • leon
  • elektronicar/penzos
  • Pridružio: 07 Mar 2008
  • Poruke: 1273
  • Gde živiš: Medakovic 3 Beograd

Fajl C:\WINDOWS\rsk.exe Nepostoji a C:\qobox\quarantine saljem.
U medjuvremenu sam instalirao Avast koji je nasao sledece:07/22/2008 09:42
Skenira sve lokalne diskove

Datoteka: C:\Documents and Settings\LEA\Start Menu\Programs\WinRAR\(zabranjeno).exe je inficirana sa Win32:Crypt-BKK [Trj], Popravi: Greška 42060 {Datoteka nije popravljena.}, Popravi: Greška 42060 {Datoteka nije popravljena.}, Premesti u kovceg: Greška 0xC0000034 {Object Name not found.}, Obrisan
Datoteka: C:\Program Files\WinRAR\(zabranjeno).exe je inficirana sa Win32:Crypt-BKK [Trj], Popravi: Greška 42060 {Datoteka nije popravljena.}
Datoteka: C:\Program Files\WinRAR 3.40\(zabranjeno).exe je inficirana sa Win32:Crypt-BKK [Trj], Popravi: Greška 42060 {Datoteka nije popravljena.}
Datoteka: C:\System Volume Information\_restore{50A1A53A-76C6-47EA-8555-B18C399DFB70}\RP32\A0007042.exe je inficirana sa Win32:Whenu [Tool], Popravi: Greška 42060 {Datoteka nije popravljena.}
Datoteka: C:\System Volume Information\_restore{50A1A53A-76C6-47EA-8555-B18C399DFB70}\RP63\A0080513.dll je inficirana sa Win32:Trojan-gen {Other}, Popravi: Greška 42060 {Datoteka nije popravljena.}
Datoteka: C:\System Volume Information\_restore{50A1A53A-76C6-47EA-8555-B18C399DFB70}\RP63\A0080514.exe je inficirana sa Win32:Trojan-gen {Other}, Popravi: Greška 42060 {Datoteka nije popravljena.}
Datoteka: C:\System Volume Information\_restore{50A1A53A-76C6-47EA-8555-B18C399DFB70}\RP64\A0081001.exe je inficirana sa Win32:Trojan-gen {Other}, Popravi: Greška 42060 {Datoteka nije popravljena.}
Datoteka: C:\System Volume Information\_restore{50A1A53A-76C6-47EA-8555-B18C399DFB70}\RP74\A0088154.exe je inficirana sa Win32:Crypt-BKK [Trj], Popravi: Greška 42060 {Datoteka nije popravljena.}
Broj skeniranih fascikla: 4051
Broj testiranih datoteka: 63124
Broj inficiranih datoteka: 8

Poslao: 23 Jul 2008 16:52
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

mrmr ::Fajl C:\WINDOWS\rsk.exe Nepostoji

U pitanju je C:\WINDOWS\rsx.exe.

Ukoliko si aktivirao prikaz skrivenih i zaštićenih sistemskih file-ova trebalo bi da je vidljiv. Molim te, proveri još jednom.




Postavi mi svež ComboFix logfile.

Poslao: 23 Jul 2008 22:50
Idi na vrh
offline
  • mrmr  Male
  • Super građanin
  • leon
  • elektronicar/penzos
  • Pridružio: 07 Mar 2008
  • Poruke: 1273
  • Gde živiš: Medakovic 3 Beograd

Izvini pogresio u kucanju ...ma nema tog fajla nigde,a evo najsveziji ComboFix log.ComboFix 08-07-20.2 - LEA 2008-07-23 22:12:40.2 - NTFSx86
Running from: C:\Documents and Settings\LEA\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 12:55 . 2008-07-23 13:12 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-23 12:55 . 2008-07-23 12:55 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-07-23 11:52 . 2008-07-23 11:52 <DIR> d-------- C:\Documents and Settings\LEA\Application Data\TrojanHunter
2008-07-23 11:17 . 2008-07-23 11:19 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-07-22 09:36 . 2008-07-22 09:36 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-18 14:14 . 2008-07-21 21:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 10:52 . 2008-07-18 12:44 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2008-07-18 10:52 . 2008-07-18 10:52 <DIR> d-------- C:\Documents and Settings\LEA\Application Data\URSoft
2008-07-15 13:45 . 2008-07-23 13:17 2,060,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-15 13:45 . 2008-07-23 13:17 393,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-15 13:45 . 2008-07-23 13:17 17,180 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-15 13:45 . 2008-07-23 13:17 2,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-15 13:42 . 2008-07-15 13:42 268 --ah----- C:\sqmdata04.sqm
2008-07-15 13:42 . 2008-07-15 13:42 244 --ah----- C:\sqmnoopt04.sqm
2008-07-15 13:13 . 2008-07-15 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-15 12:10 . 2008-07-15 12:10 <DIR> d-------- C:\Sega
2008-07-15 12:09 . 2008-07-23 10:41 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus
2008-07-15 12:08 . 2008-07-15 12:08 <DIR> d-------- C:\Program Files\Orbz
2008-07-15 12:08 . 2008-07-15 12:08 <DIR> d-------- C:\Program Files\Blender Foundation
2008-07-15 12:08 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Ancient Tripeaks
2008-07-15 12:08 . 2008-07-18 12:15 <DIR> d-------- C:\Neo Sonic Universe
2008-07-15 12:08 . 2008-07-18 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-07-15 12:07 . 2008-07-15 12:07 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared
2008-07-15 12:07 . 2008-07-18 14:16 <DIR> d-------- C:\Program Files\circolar
2008-07-15 12:07 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Arcade Race
2008-07-09 12:33 . 2008-07-23 10:28 <DIR> d-------- C:\Update
2008-07-09 12:24 . 2008-07-09 12:25 <DIR> d-------- C:\Program Files\Update za Kasperski 7.0
2008-07-08 14:59 . 2008-07-17 11:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 14:23 . 2008-07-03 14:23 <DIR> d-------- C:\Documents and Settings\LEA\.thumbnails
2008-07-02 09:45 . 2008-07-15 12:11 <DIR> d-------- C:\Documents and Settings\LEA\.gimp-2.4
2008-07-01 22:32 . 2008-07-01 22:32 <DIR> d-------- C:\Program Files\Yamicsoft
2008-06-30 08:50 . 2008-06-30 08:51 200 --a------ C:\WINDOWS\AUDC80UI.dat
2008-06-27 21:08 . 2001-03-23 16:29 880,912 --a------ C:\WINDOWS\WM8EUTIL.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 09:50 --------- d-----w C:\Program Files\WinRAR 3.40
2008-07-21 14:40 --------- d-----w C:\Program Files\Office.com
2008-07-18 20:18 --------- d-----w C:\Program Files\AIMP2
2008-07-18 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-18 10:15 --------- d-----w C:\Program Files\Disc2Phone
2008-07-18 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-18 10:11 --------- d-----w C:\Program Files\Winamp
2008-07-18 10:11 --------- d-----w C:\Program Files\Paint.NET
2008-07-18 10:11 --------- d-----w C:\Program Files\DipTrace
2008-07-18 10:11 --------- d-----w C:\Program Files\AIMP Classic
2008-07-17 22:05 --------- d-----w C:\Program Files\Atlantis
2008-07-15 12:31 --------- d-----w C:\Program Files\Opera
2008-07-15 10:09 --------- d-----w C:\Documents and Settings\LEA\Application Data\J River
2008-07-10 10:15 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-10 10:15 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-09 12:53 --------- d-----w C:\Program Files\BFG
2008-06-20 15:41 --------- d-----w C:\Documents and Settings\LEA\Application Data\COWON
2008-06-20 13:31 --------- d-----w C:\Documents and Settings\LEA\Application Data\NCH Software
2008-06-15 20:52 --------- d-----w C:\Program Files\Wik And The Fable Of Souls
2008-06-13 10:42 --------- d-----w C:\Program Files\Drawing Hand Creations
2008-06-13 10:41 38 ----a-w C:\config.dat
2008-06-12 19:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2008-06-08 11:19 --------- d-----w C:\Program Files\Amazing Adventures - The Lost Tomb
2008-06-07 19:33 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-06-07 19:33 --------- d-----w C:\Program Files\Deskshare
2008-06-07 19:25 --------- d-----w C:\Documents and Settings\LEA\Application Data\Auslogics
2008-06-07 18:11 --------- d-----w C:\Program Files\MP3Gain
2008-06-07 16:22 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-06-02 19:47 --------- d-----w C:\Program Files\DXBall2
2008-05-28 20:31 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-03 10:20 116,155 ----a-w C:\Program Files\Broadhead.CurXPTheme
2008-04-03 10:19 573,812 ----a-w C:\Program Files\GreenLightBlueVersion.CurXPTheme
2008-04-03 10:19 3,921,853 ----a-w C:\Program Files\GreenLightColorPack.zip
2008-04-03 10:19 139,254 ----a-w C:\Program Files\Jazz.CurXPTheme
2008-04-03 10:17 251,387 ----a-w C:\Program Files\MBMetalReligion.CurXPTheme
2008-04-03 10:16 94,402 ----a-w C:\Program Files\PlasmaCursor2.CurXPTheme
2008-04-03 10:15 257,190 ----a-w C:\Program Files\turbine.CurXPTheme
2008-04-03 10:14 21,465 ----a-w C:\Program Files\SDDesktopcx.CurXPTheme
2008-04-03 10:13 244,755 ----a-w C:\Program Files\CURSORXPTRAILS.zip
2008-04-03 10:13 184,906 ----a-w C:\Program Files\roundFuturegreen.CurXPTheme
2008-04-03 10:12 353,578 ----a-w C:\Program Files\TentacularBlue.CurXPTheme
2008-04-03 10:11 122,240 ----a-w C:\Program Files\VistaDesignCursor.CurXPTheme
2008-04-03 10:10 43,516 ----a-w C:\Program Files\Annihilator.CurXPTheme
2008-04-03 10:09 106,213 ----a-w C:\Program Files\GlassMaxX.CurXPTheme
2008-04-03 10:00 850,408 ----a-w C:\Program Files\MBClassics.zip
2008-04-03 09:52 1,209,982 ----a-w C:\Program Files\PinkCadillac.zip
2008-04-03 09:51 144,835 ----a-w C:\Program Files\MBEyeOfTheDamned.zip
2008-04-03 09:50 357,634 ----a-w C:\Program Files\Harmony.CurXPTheme
2008-04-03 09:50 219,653 ----a-w C:\Program Files\Flame.CurXPTheme
2008-04-03 09:49 34,478 ----a-w C:\Program Files\CarbonFibre.CurXPTheme
2008-04-03 09:48 86,379 ----a-w C:\Program Files\lovesdyingembers.CurXPTheme
2008-04-03 09:48 2,020,195 ----a-w C:\Program Files\KurioCxpSuite.zip
2008-04-03 09:46 96,413 ----a-w C:\Program Files\SimpleWhiteV2.CurXPTheme
2008-04-03 09:46 90,826 ----a-w C:\Program Files\WhiteFire2.CurXPTheme
2008-04-03 09:45 165,524 ----a-w C:\Program Files\Aquart.CurXPTheme
2008-04-03 09:45 1,565,329 ----a-w C:\Program Files\GreenApparatus.CurXPTheme
2008-04-03 09:43 557,424 ----a-w C:\Program Files\Powder.zip
2008-04-03 09:43 151,313 ----a-w C:\Program Files\GuildWars.CurXPTheme
2008-04-03 09:42 14,961 ----a-w C:\Program Files\GG77emots.zip
2008-04-03 09:41 783,979 ----a-w C:\Program Files\Qetzal.zip
2008-04-03 09:41 1,010,015 ----a-w C:\Program Files\Floristic.CurXPTheme
2008-04-03 09:33 676,800 ----a-w C:\Program Files\Tryskel9UltimateVi.CurXPTheme
2008-04-03 09:32 257,773 ----a-w C:\Program Files\UltimLive.CursorFX
2008-02-27 14:22 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2008-02-27 14:09 18,103,296 ----a-w C:\Program Files\wlm_9_1407_1107_BETA.msi
2001-09-03 11:21 309,453 --sha-w C:\WINDOWS\rsx.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-21_ 9.38.04.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-07-20 19:34:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-21 18:46:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-20 19:34:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-21 18:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 1996-04-03 19:33:26 5,248 ----a-w C:\WINDOWS\system32\giveio.sys
+ 2006-09-24 13:28:46 5,248 ----a-w C:\WINDOWS\system32\speedfan.sys
+ 2008-07-23 09:17:54 59,392 ------r C:\WINDOWS\system32\streamhlp.dll
+ 2008-07-23 17:32:52 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_75c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 16:34 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-20 00:59 418632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [2005-08-25 11:59 344064]
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [2005-08-25 11:47 65536]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"wcmdmgr"="C:\WINDOWS\wt\wcmdmgrl.exe" [1999-12-09 20:04 20480]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-07-09 18:54 1056928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2004-11-12 11:50 892928 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Opera\\Opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 10:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{274b843c-e531-11dc-98b7-00064f300101}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a61d4ff-f82e-11dc-a1ba-00064f300101}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc9c2feb-e56d-11dc-98ba-00064f300101}]
\Shell\Auto\command - F:\Config.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Config.exe

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 22:15:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 22:21:38
ComboFix-quarantined-files.txt 2008-07-23 20:21:27
ComboFix2.txt 2008-07-21 07:42:27

Pre-Run: 26,038,890,496 bytes free
Post-Run: 26,029,068,288 bytes free

212 --- E O F --- 2008-02-29 16:54:22

Poslao: 24 Jul 2008 17:03
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Deinstaliraj jedan od antivirus programa.


Zatim otvoriti Notepad i iskopirati sledeci tekst:


FileLook::
C:\WINDOWS\rsx.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{274b843c-e531-11dc-98b7-00064f300101}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a61d4ff-f82e-11dc-a1ba-00064f300101}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc9c2feb-e56d-11dc-98ba-00064f300101}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Nepoznati Problem

Ko je trenutno na forumu
 

Ukupno su 993 korisnika na forumu :: 23 registrovanih, 5 sakrivenih i 965 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., bokisha253, BORUTUS, Brana01, bufanje, ccoogg123, djboj, esx66, Georgius, Gosha101980, Kibice, Lieutenant, mercedesamg, MiG-29M2, panzerwaffe, Silvertooth, solic, suton, Tila Painen, tmanda323, Trpe Grozni, tubular