Worm - nocna mora

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Najgore se desilo
Neki fujack-K worm mi je zarzio sve html fajlove
Sto je najgore bavims e web devom i sad nemam pojma sta da uradim sa istim. Ne smem da brisem fajlove jel su mi to sve radovi a avast nije u stanju da reparira dokumente. Sta raditi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aj' lepo iz pocetka, po uputstvu odavde: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:50 PM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Srdjan\Desktop\blejd\tre.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6453 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...



Prvo da vidimo ima li ovde nešto aktivno...


Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



-------------------------------------------------------------------------------------



Nakon toga, možeš odraditi online scan:

http://housecall.trendmicro.com/

ili

http://www.bitdefender.com/scan8/ie.html


Mislim da oba mogu da očiste file-ove ( u osnovi, samo jedna linija koda je u pitanju - za manji broj file-ova to sve možeš i ''ručno'' da očistiš, no ako ih imaš baš mnogo...)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probacu to sto si mi rekao

Ja sam hteo rucno da obrisem ali u pitanju je stotine i stotine html fajlova

tnx

Dopuna: 28 Okt 2008 20:07

ComboFix 08-10-28.01 - Srdjan 2008-10-28 19:37:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.536 [GMT 1:00]
Running from: C:\Documents and Settings\Srdjan\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
D:\RECYCLER\Desktop_.ini
F:\Autorun.inf
F:\RECYCLER\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-28 17:45 . 2002-12-31 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-28 15:40 . 2008-10-28 15:44 <DIR> d-------- C:\Program Files\Winamp
2008-10-28 15:40 . 2008-10-28 15:44 <DIR> d-------- C:\Documents and Settings\Srdjan\Application Data\Winamp
2008-10-28 14:02 . 2008-10-28 14:02 <DIR> d-------- C:\Documents and Settings\Srdjan\Application Data\vlc
2008-10-28 13:29 . 2008-10-28 13:29 <DIR> d-------- C:\WINDOWS\Sun
2008-10-28 13:28 . 2008-10-28 13:28 <DIR> d-------- C:\Program Files\Java
2008-10-28 13:28 . 2008-10-28 13:28 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-28 13:28 . 2008-10-28 13:28 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-28 01:17 . 2008-10-28 01:18 <DIR> d-------- C:\Documents and Settings\Srdjan\Application Data\Antispyware
2008-10-28 01:09 . 2008-10-28 01:11 <DIR> d-------- C:\Program Files\XoftSpySE
2008-10-28 01:03 . 2008-10-28 01:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-28 01:03 . 2008-10-28 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 00:36 . 2008-10-28 00:36 <DIR> d-------- C:\Program Files\GlobalSCAPE
2008-10-28 00:36 . 2008-10-28 00:36 <DIR> d-------- C:\Documents and Settings\Srdjan\Application Data\GlobalSCAPE
2008-10-28 00:36 . 2008-10-28 00:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-10-27 23:54 . 2008-10-27 23:54 <DIR> d---s---- C:\Documents and Settings\Srdjan\UserData
2008-10-27 23:02 . 2008-10-27 23:02 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-27 23:02 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-27 23:02 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-27 21:50 . 2008-10-27 23:31 <DIR> d-------- C:\Documents and Settings\Srdjan\Contacts
2008-10-27 21:49 . 2008-10-27 21:49 <DIR> d-------- C:\Program Files\MSN Messenger
2008-10-27 21:47 . 2008-10-27 21:48 <DIR> d-------- C:\xampp
2008-10-27 21:46 . 2008-10-27 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-27 21:00 . 2008-10-27 21:00 <DIR> d-------- C:\Program Files\Aspyr
2008-10-27 21:00 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-10-27 21:00 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-27 20:54 . 2008-10-27 20:54 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-10-27 20:54 . 2008-10-27 20:54 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-10-27 20:54 . 2008-10-27 20:54 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-10-27 20:33 . 2008-10-27 20:33 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-10-27 20:30 . 2008-10-27 20:30 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-27 20:20 . 2008-10-27 20:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 12:59 --------- d-----w C:\Documents and Settings\Srdjan\Application Data\Apple Computer
2008-10-27 23:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-27 20:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-27 20:43 --------- d-----w C:\Program Files\Opera
2008-10-27 17:48 --------- d-----w C:\Program Files\iTunes
2008-10-27 17:48 --------- d-----w C:\Program Files\iPod
2008-10-27 17:48 --------- d-----w C:\Program Files\Bonjour
2008-10-27 17:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-27 17:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-27 17:47 --------- d-----w C:\Program Files\QuickTime
2008-10-27 17:47 --------- d-----w C:\Program Files\mIRC
2008-10-27 17:47 --------- d-----w C:\Program Files\Apple Software Update
2008-10-27 17:47 --------- d-----w C:\Documents and Settings\Srdjan\Application Data\mIRC
2008-10-27 17:46 --------- d-----w C:\Program Files\VideoLAN
2008-10-27 17:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-27 17:45 --------- d-----w C:\Program Files\Safari
2008-10-27 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-10-27 17:39 --------- d-----w C:\Program Files\Google
2008-10-27 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-27 17:35 --------- d-----w C:\Program Files\Microsoft Works
2008-10-27 17:22 --------- d-----w C:\Program Files\Webteh
2008-10-27 17:22 --------- d-----w C:\Documents and Settings\Srdjan\Application Data\BSplayer PRO
2008-10-27 17:21 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-27 17:18 --------- d-----w C:\Program Files\TC PowerPack
2008-10-27 17:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-27 17:10 --------- d-----w C:\Program Files\Realtek
2008-10-27 17:04 --------- d-----w C:\Program Files\Intel
2008-10-27 16:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-02 09:07 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-08-29 09:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-25 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-28 136600]
"SkyTel"="SkyTel.EXE" [2006-04-24 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2002-12-31 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Srdjan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 adfs;adfs;C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2007-09-20 17408]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 152984]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 283392]

*Newly Created Service* - PROCEXP90
*Newly Created Service* - UMWDF
.
Contents of the 'Scheduled Tasks' folder

2008-10-28 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job
- C:\Program Files\Antispyware\Antispyware.exe []

2008-10-28 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job
- C:\Program Files\Antispyware []

2008-10-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-28 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2006-03-10 21:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Antispyware - C:\Program Files\Antispyware\Antispyware.exe
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\9uioxzgf.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:41:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-28 19:41:43
ComboFix-quarantined-files.txt 2008-10-28 18:41:40

Pre-Run: 89,152,294,912 bytes free
Post-Run: 89,322,291,200 bytes free

178

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ništa konkretno ovde - par nekih sitnica...


Obriši file: C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job

i, ako postoji, folder: C:\Program Files\Antispyware


Javi kako je prošlo skeniranje...