Sta ovde ne valja posto mi nod prijavljuje virus a kada sken

Sta ovde ne valja posto mi nod prijavljuje virus a kada sken

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Ako mogu da zamolim nekog da pogleda ovaj moj log jer mi malo malo pa izadje prozor od NOD-a za neki virus ali kada pokrenem NOD da skenira komp ne nadje nista. Evo sta mi prijavljuje kada izadje prozor
Time Module Object Name Threat Action User Information
18.7.2008 7:07:35 AMON file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rgR1QlhK.exe probably unknown NewHeur_PE virus quarantined - deleted ADMINIST-439AC7\AdministratoriNET Event occurred on a new file created by the application: C:\Program Files\Google\Google Talk\googletalk.exe. The file was moved to quarantine. You may close this window.

-----------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:11:21, on 18.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\AdministratoriNET\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogodak.rs/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071808 serial=DR12WNG-0249275-TMV lang=EN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CANYON CN-WCAM23 PC-Camera
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: ProjectWhois.lnk = C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 212.200.191.166,212.200.190.166
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

лог делује ок...за сваки случај:



* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


--------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Evo odradjeno kako si rekao i evo ga log

------------------------------------------



ComboFix 08-07-17.5 - AdministratoriNET 2008-07-18 17:34:20.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT 2:00]
ausgeführt von:: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (3)\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\AdministratoriNET\Application Data\.#

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-18 bis 2008-07-18 ))))))))))))))))))))))))))))))
.

2008-07-17 17:37 . 2008-07-17 17:37 29,760 --a------ C:\WINDOWS\system32\80jkOGAF.exe
2008-07-17 17:37 . 2008-07-17 17:37 0 --a------ C:\WINDOWS\system32\80jkOGAF.exe.a_a
2008-07-06 19:21 . 2008-07-06 19:21 <DIR> d-------- C:\telenor ugovori
2008-07-05 13:57 . 2008-07-05 13:57 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\Apple Computer
2008-07-05 13:54 . 2008-07-05 13:54 <DIR> d-------- C:\Program Files\QuickTime
2008-07-05 13:54 . 2008-07-05 13:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-05 13:54 . 2008-07-05 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-28 15:32 . 2008-06-28 17:12 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-06-28 15:32 . 2008-06-28 15:32 8 -r-hs---- C:\Documents and Settings\All Users\Application Data\2C5937E254.sys
2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-06-27 22:21 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-06-27 22:21 . 2008-03-09 16:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe
2008-06-27 22:21 . 2008-06-28 01:39 498 --a------ C:\sccfg.sys
2008-06-27 22:20 . 2008-06-27 22:24 <DIR> d-------- C:\Program Files\Folder Lock
2008-06-24 17:55 . 2008-06-24 17:56 <DIR> d-------- C:\KOSTOLAC DVD
2008-06-24 17:52 . 2008-06-24 17:53 <DIR> d-------- C:\VIMINACIUM

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 05:52 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\uTorrent
2008-07-17 17:54 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-16 22:44 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Skype
2008-07-16 22:12 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\skypePM
2008-07-06 06:09 --------- d-----w C:\Program Files\uTorrent
2008-07-05 16:25 --------- d-----w C:\Program Files\Opera
2008-06-28 13:32 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Corel
2008-06-28 13:23 --------- d-----w C:\Program Files\Corel
2008-06-09 16:22 --------- d-----w C:\Program Files\Cosmi
2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Cosmi
2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-06-08 12:13 --------- d-----w C:\Program Files\FileZilla Server
2008-06-08 11:54 --------- d-----w C:\Program Files\Feeding Frenzy 2
2008-05-29 14:04 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Sony
2008-05-29 14:03 --------- d-----w C:\Program Files\Sony
2008-05-29 14:02 --------- d-----w C:\Program Files\Sony Setup
2008-04-28 18:15 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL
2008-04-28 18:15 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL
2008-04-27 05:37 40,960 ----a-w C:\WINDOWS\SimTestDll.dll
2008-04-20 22:17 86,400 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-01-02 20:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 23:52 476702]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 05:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 05:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 05:10 114688]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-16 14:17 917504]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 20:28 1469952]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 14:39 729088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20 91432]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 10:35 72736]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 13:06 62760]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-12-20 19:19 458752]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-08-20 16:51 40960]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 00:01 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]

C:\Documents and Settings\AdministratoriNET\Start Menu\Programs\Startup\
ProjectWhois.lnk - C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 03:13:40 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-05 23:55:48 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk
backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-12-07 17:03 1913656 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 23:25 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27159:TCP"= 27159:TCP:BitComet 27159 TCP
"27159:UDP"= 27159:UDP:BitComet 27159 UDP

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-10 16:44]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 01:12]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 13:54]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-07-17 22:44:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:45 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 16:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 23:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 17:00:01 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 18:00:03 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 19:00:02 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 20:00:02 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 21:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-18 00:00:01 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-18 01:00:02 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-18 02:00:02 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-18 03:00:02 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-18 04:00:02 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-18 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\80jkOGAF.exe
"2008-07-17 15:37:46 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\80jkOGAF.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 17:36:25
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Zeit der Fertigstellung: 2008-07-18 17:39:15
ComboFix-quarantined-files.txt 2008-07-18 15:38:10
ComboFix2.txt 2008-02-04 20:41:54
ComboFix3.txt 2008-02-03 20:51:23
ComboFix4.txt 2008-02-03 13:17:06

Pre-Run: 1,167,728,640 bytes free
Post-Run: 1,306,251,264 bytes free

206

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\80jkOGAF.exe
C:\WINDOWS\system32\80jkOGAF.exe.a_a
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Uradio sam kako je receno i evo novog loga.

------------------------------

ComboFix 08-07-19.1 - AdministratoriNET 2008-07-20 12:12:56.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.475 [GMT 2:00]
Running from: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (4)\ComboFix.exe
Command switches used :: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (4)\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\80jkOGAF.exe
C:\WINDOWS\system32\80jkOGAF.exe.a_a
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\80jkOGAF.exe
C:\WINDOWS\system32\80jkOGAF.exe.a_a
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-19 23:15 . 2008-07-19 23:17 <DIR> d-------- C:\gaga
2008-07-06 19:21 . 2008-07-06 19:21 <DIR> d-------- C:\telenor ugovori
2008-07-05 13:57 . 2008-07-05 13:57 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\Apple Computer
2008-07-05 13:54 . 2008-07-05 13:54 <DIR> d-------- C:\Program Files\QuickTime
2008-07-05 13:54 . 2008-07-05 13:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-05 13:54 . 2008-07-05 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-28 15:32 . 2008-06-28 17:12 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-06-28 15:32 . 2008-06-28 15:32 8 -r-hs---- C:\Documents and Settings\All Users\Application Data\2C5937E254.sys
2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-06-27 22:21 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-06-27 22:21 . 2008-03-09 16:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe
2008-06-27 22:21 . 2008-06-28 01:39 498 --a------ C:\sccfg.sys
2008-06-27 22:20 . 2008-06-27 22:24 <DIR> d-------- C:\Program Files\Folder Lock
2008-06-24 17:55 . 2008-06-24 17:56 <DIR> d-------- C:\KOSTOLAC DVD
2008-06-24 17:52 . 2008-06-24 17:53 <DIR> d-------- C:\VIMINACIUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 10:14 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\uTorrent
2008-07-17 17:54 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-16 22:44 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Skype
2008-07-16 22:12 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\skypePM
2008-07-06 06:09 --------- d-----w C:\Program Files\uTorrent
2008-07-05 16:25 --------- d-----w C:\Program Files\Opera
2008-06-28 13:32 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Corel
2008-06-28 13:23 --------- d-----w C:\Program Files\Corel
2008-06-09 16:22 --------- d-----w C:\Program Files\Cosmi
2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Cosmi
2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-06-08 12:13 --------- d-----w C:\Program Files\FileZilla Server
2008-06-08 11:54 --------- d-----w C:\Program Files\Feeding Frenzy 2
2008-05-29 14:04 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Sony
2008-05-29 14:03 --------- d-----w C:\Program Files\Sony
2008-05-29 14:02 --------- d-----w C:\Program Files\Sony Setup
2008-04-28 18:15 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL
2008-04-28 18:15 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL
2008-04-27 05:37 40,960 ----a-w C:\WINDOWS\SimTestDll.dll
2008-04-20 22:17 86,400 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-01-02 20:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 23:52 476702]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 05:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 05:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 05:10 114688]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-16 14:17 917504]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 20:28 1469952]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 14:39 729088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20 91432]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 10:35 72736]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 13:06 62760]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-12-20 19:19 458752]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-08-20 16:51 40960]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 00:01 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]

C:\Documents and Settings\AdministratoriNET\Start Menu\Programs\Startup\
ProjectWhois.lnk - C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 03:13:40 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-05 23:55:48 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk
backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-12-07 17:03 1913656 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 23:25 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27159:TCP"= 27159:TCP:BitComet 27159 TCP
"27159:UDP"= 27159:UDP:BitComet 27159 UDP

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-10 16:44]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 01:12]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 13:54]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 12:17:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\FileZilla Server\FileZilla server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2008-07-20 12:24:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-20 10:24:54
ComboFix2.txt 2008-07-18 15:39:16
ComboFix3.txt 2008-02-04 20:41:54
ComboFix4.txt 2008-02-03 20:51:23
ComboFix5.txt 2008-07-20 10:11:47

Pre-Run: 522,887,168 bytes free
Post-Run: 1,075,163,136 bytes free

223

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Vise nista ne prijavljuje NOD.
Hvala na pomoci
Pozdrav

Ko je trenutno na forumu
 

Ukupno su 889 korisnika na forumu :: 9 registrovanih, 1 sakriven i 879 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Bubimir, darkojbn, Lazarus, LUDI, mrav pesadinac, opt1, S-lash, strelac07