MyCity » Ambulanta -> Arhiva Ambulante » Antivirus 2009

Antivirus 2009

Napisano na dan: 18.1.2009

Antivirus 2009
Sledeća strana Pagination

Idi na vrh

Poslao: 18 Jan 2009 20:58
Idi na vrh
offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

Ja ne znam ni da izbrisem antivirus 2009 a kamoli nesto vise



Poslao: 18 Jan 2009 21:06
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Uradi kako se ovde kaze:

[Link mogu videti samo ulogovani korisnici]



Poslao: 18 Jan 2009 21:10
Idi na vrh
offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:59, on 18.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Windows User\Desktop\TR3.exe\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\igre\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [91010732968067067043703807921716] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c9533568c3ecd4) (gupdate1c9533568c3ecd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8992 bytes

Poslao: 18 Jan 2009 21:13
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

---------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 18 Jan 2009 21:34
Idi na vrh
offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

ComboFix 09-01-17.04 - Windows User 2009-01-18 21:25:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.608 [GMT 1:00]
Running from: c:\documents and settings\Windows User\Desktop\TR3.exe\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Windows User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\documents and settings\Windows User\Start Menu\Antivirus 2009
c:\documents and settings\Windows User\Start Menu\Antivirus 2009\Antivirus 2009.lnk
c:\documents and settings\Windows User\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-17 18:05 . 2009-01-17 18:05 97,792 --a------ c:\windows\system32\drivers\ACEDRV05.sys
2009-01-16 16:14 . 2009-01-17 15:21 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-15 01:52 . 2009-01-15 01:52 268 --ah----- C:\sqmdata19.sqm
2009-01-15 01:52 . 2009-01-15 01:52 244 --ah----- C:\sqmnoopt19.sqm
2009-01-14 11:49 . 2009-01-14 11:49 268 --ah----- C:\sqmdata18.sqm
2009-01-14 11:49 . 2009-01-14 11:49 244 --ah----- C:\sqmnoopt18.sqm
2009-01-14 11:36 . 2009-01-14 11:36 268 --ah----- C:\sqmdata17.sqm
2009-01-14 11:36 . 2009-01-14 11:36 244 --ah----- C:\sqmnoopt17.sqm
2009-01-13 16:13 . 2009-01-13 16:13 268 --ah----- C:\sqmdata16.sqm
2009-01-13 16:13 . 2009-01-13 16:13 244 --ah----- C:\sqmnoopt16.sqm
2009-01-13 15:44 . 2009-01-13 15:44 <DIR> d-------- c:\program files\VirtualDJ
2009-01-12 21:59 . 2009-01-12 21:59 268 --ah----- C:\sqmdata15.sqm
2009-01-12 21:59 . 2009-01-12 21:59 244 --ah----- C:\sqmnoopt15.sqm
2009-01-12 12:13 . 2009-01-12 12:13 268 --ah----- C:\sqmdata14.sqm
2009-01-12 12:13 . 2009-01-12 12:13 244 --ah----- C:\sqmnoopt14.sqm
2009-01-11 20:42 . 2009-01-11 20:42 268 --ah----- C:\sqmdata13.sqm
2009-01-11 20:42 . 2009-01-11 20:42 244 --ah----- C:\sqmnoopt13.sqm
2009-01-11 13:12 . 2009-01-11 13:12 268 --ah----- C:\sqmdata12.sqm
2009-01-11 13:12 . 2009-01-11 13:12 244 --ah----- C:\sqmnoopt12.sqm
2009-01-10 16:25 . 2009-01-10 16:25 268 --ah----- C:\sqmdata11.sqm
2009-01-10 16:25 . 2009-01-10 16:25 244 --ah----- C:\sqmnoopt11.sqm
2009-01-10 10:24 . 2009-01-10 10:24 268 --ah----- C:\sqmdata10.sqm
2009-01-10 10:24 . 2009-01-10 10:24 244 --ah----- C:\sqmnoopt10.sqm
2009-01-10 00:10 . 2009-01-10 00:10 268 --ah----- C:\sqmdata09.sqm
2009-01-10 00:10 . 2009-01-10 00:10 244 --ah----- C:\sqmnoopt09.sqm
2009-01-09 09:40 . 2009-01-09 09:40 268 --ah----- C:\sqmdata08.sqm
2009-01-09 09:40 . 2009-01-09 09:40 244 --ah----- C:\sqmnoopt08.sqm
2009-01-08 23:03 . 2009-01-18 20:43 <DIR> d-------- c:\documents and settings\LocalService\Application Data\GameTracker
2009-01-08 23:02 . 2009-01-08 23:03 <DIR> d-------- c:\program files\GameTracker
2009-01-08 23:01 . 2009-01-18 20:44 <DIR> d-------- c:\documents and settings\Windows User\Application Data\GameTracker
2009-01-08 22:27 . 2009-01-09 18:59 <DIR> d-------- c:\program files\sXe Injected
2009-01-08 21:23 . 2009-01-08 21:23 268 --ah----- C:\sqmdata07.sqm
2009-01-08 21:23 . 2009-01-08 21:23 244 --ah----- C:\sqmnoopt07.sqm
2009-01-07 10:10 . 2009-01-07 10:10 268 --ah----- C:\sqmdata06.sqm
2009-01-07 10:10 . 2009-01-07 10:10 244 --ah----- C:\sqmnoopt06.sqm
2009-01-06 21:29 . 2009-01-06 21:29 268 --ah----- C:\sqmdata05.sqm
2009-01-06 21:29 . 2009-01-06 21:29 244 --ah----- C:\sqmnoopt05.sqm
2009-01-06 15:16 . 2009-01-06 15:16 268 --ah----- C:\sqmdata04.sqm
2009-01-06 15:16 . 2009-01-06 15:16 244 --ah----- C:\sqmnoopt04.sqm
2009-01-06 10:14 . 2009-01-06 10:14 268 --ah----- C:\sqmdata03.sqm
2009-01-06 10:14 . 2009-01-06 10:14 244 --ah----- C:\sqmnoopt03.sqm
2009-01-06 10:10 . 2009-01-06 10:10 268 --ah----- C:\sqmdata02.sqm
2009-01-06 10:10 . 2009-01-06 10:10 244 --ah----- C:\sqmnoopt02.sqm
2009-01-06 09:55 . 2009-01-16 01:27 268 --ah----- C:\sqmdata01.sqm
2009-01-06 09:55 . 2009-01-16 01:27 244 --ah----- C:\sqmnoopt01.sqm
2009-01-05 21:22 . 2009-01-05 21:30 <DIR> d-------- C:\Fraps
2009-01-05 21:22 . 2009-01-05 21:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-05 15:04 . 2009-01-15 11:24 268 --ah----- C:\sqmdata00.sqm
2009-01-05 15:04 . 2009-01-15 11:24 244 --ah----- C:\sqmnoopt00.sqm
2009-01-03 23:53 . 2009-01-05 15:24 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-03 11:59 . 2009-01-03 11:59 81,920 --a------ c:\windows\system32\frapsvid.dll
2009-01-02 18:31 . 2009-01-03 22:17 <DIR> d-------- c:\documents and settings\Windows User\Application Data\Image Zone Express
2009-01-02 18:28 . 2009-01-02 18:31 <DIR> d-------- c:\documents and settings\Windows User\Application Data\HP
2009-01-02 18:28 . 2009-01-02 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-02 18:26 . 2009-01-02 18:26 <DIR> d-------- c:\program files\Common Files\HP
2009-01-02 18:25 . 2009-01-02 18:25 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-02 18:25 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-02 18:25 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2009-01-02 18:25 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-02 18:25 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-02 18:25 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-01-02 18:25 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2009-01-02 18:25 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-02 18:24 . 2009-01-02 18:28 <DIR> d-------- c:\program files\HP
2009-01-02 18:24 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-02 18:24 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-02 18:21 . 2009-01-02 18:28 123,988 --a------ c:\windows\HPHins12.dat
2009-01-02 18:21 . 2006-05-16 07:25 77,824 -ra------ c:\windows\system32\hpzids01.dll
2009-01-02 18:21 . 2006-06-13 00:15 14,916 --------- c:\windows\hphmdl12.dat
2009-01-02 18:20 . 2006-06-03 21:29 48,640 --a------ c:\windows\system32\hpzll4pi.dll
2008-12-27 12:24 . 2008-12-27 12:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\ProStroke Golf
2008-12-27 12:23 . 2008-12-27 12:23 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 12:18 . 2008-12-27 12:18 <DIR> d-------- c:\program files\Oxygen Interactive
2008-12-23 22:44 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-23 22:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-23 22:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-23 22:44 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-23 13:15 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-23 13:15 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-23 13:14 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-23 13:14 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-23 13:14 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-23 13:14 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-23 13:14 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-23 13:14 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-23 13:14 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-23 13:14 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-23 13:14 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-23 13:09 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-23 13:09 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-23 13:09 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-23 13:09 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-23 12:49 . 2008-12-23 12:49 <DIR> d-------- c:\program files\YouTube Downloader
2008-12-21 19:01 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Windows Live Favorites
2008-12-21 19:01 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 19:01 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-21 19:01 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-21 19:00 . 2008-12-21 19:00 <DIR> d-------- c:\program files\Real
2008-12-21 19:00 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-21 19:00 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-21 19:00 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-21 19:00 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-21 19:00 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-21 18:58 . 2008-12-21 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-12-21 18:57 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Windows Live Toolbar
2008-12-21 18:56 . 2009-01-16 11:39 <DIR> d-------- c:\documents and settings\Windows User\Contacts
2008-12-21 18:55 . 2008-12-21 18:55 <DIR> d-------- c:\program files\MSN Messenger
2008-12-21 18:49 . 2008-12-21 18:49 <DIR> d-------- c:\program files\ToggleEN
2008-12-21 18:49 . 2008-12-21 18:49 <DIR> d-------- c:\program files\Conduit
2008-12-21 14:44 . 2008-12-21 14:44 <DIR> d-------- c:\program files\AskBarDis
2008-12-21 12:34 . 2008-12-21 20:49 230 --a------ c:\windows\LEXSTAT.INI
2008-12-21 12:00 . 2003-03-05 18:06 61,440 --a------ c:\windows\system32\lxbcpwr.dll
2008-12-21 11:58 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 18:42 --------- d-----w c:\documents and settings\Windows User\Application Data\uTorrent
2009-01-17 23:19 --------- d-----w c:\program files\Google
2009-01-05 10:20 --------- d-----w c:\program files\Microsoft Works
2008-12-27 16:58 --------- d-----w c:\documents and settings\Windows User\Application Data\AVGTOOLBAR
2008-12-27 11:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 11:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-14 13:26 --------- d-----w c:\program files\Winamp Toolbar
2008-12-14 13:26 --------- d-----w c:\program files\Winamp
2008-12-14 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 22:15 --------- d-----w c:\program files\Common Files\DirectX
2008-12-06 14:04 28,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-06 11:38 --------- d-----w c:\documents and settings\Windows User\Application Data\Black Sea Studios
2008-11-23 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2008-11-04 10:12 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
2004-08-03 21:59 298496 --a------ c:\windows\system32\winsystems.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-11 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="d:\igre\Steam\Steam.exe" [2003-09-11 958464]
"GameTracker"="c:\program files\GameTracker\GTLite.exe" [2008-12-11 3238752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1235736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\igre\\Pes 2008\\PES2008.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\igre\\Counter-Strike 1.6\\hl.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-04 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-04 90632]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-11-05 30336]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-21 464264]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-04 874776]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R4 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2009-01-08 2329440]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2008-12-19 49408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-21 234888]
S4 gupdate1c9533568c3ecd4;Google Update Service (gupdate1c9533568c3ecd4);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-30 133104]
S4 RPCER;Remote Procedure Call (HNM);c:\program files\Common Files\ODBC\comp.exe [2006-03-28 12801736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60e378a3-b94c-11dd-a1a2-b2f57c038434}]
\Shell\AutoRun\command - F:\sq.com
\Shell\explore\Command - F:\sq.com
\Shell\open\Command - F:\sq.com
.
Contents of the 'Scheduled Tasks' folder

2009-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-30 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-18 21:26:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-18 21:27:07
ComboFix-quarantined-files.txt 2009-01-18 20:27:06

Pre-Run: 24.731.394.048 bytes free
Post-Run: 25,056,522,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer

269 --- E O F --- 2009-01-14 10:39:19

Poslao: 18 Jan 2009 22:20
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Mozes li da uploadujes sledeci fajl:

c:\program files\Common Files\ODBC\comp.exe

na [Link mogu videti samo ulogovani korisnici] i ovde mi das link ka rezultatu.

Poslao: 19 Jan 2009 00:31
Idi na vrh
offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

Ali nema mi tog fajla kada otvorim ovo ODBC onda mi pokaze
folder"data source" i taj folder je prazan

Poslao: 19 Jan 2009 20:43
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

FileLook::
c:\program files\Common Files\ODBC\comp.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Antivirus 2009

Ko je trenutno na forumu
 

Ukupno su 941 korisnika na forumu :: 74 registrovanih, 6 sakrivenih i 861 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., amadeus, babaroga, bladesu, bobomicek, bpvl, cojapop, crazydkure, d.arsenal321, DavidA, dejanilic, deLacy, Dimitrise93, Django777, djboj, Doca, Duh16, Feller, FileFinder, FOX, g_g, galerija, Gall, Georgius, Gheljda, gomago, Jose, kybonacci, Lošmi, Macalone, Marko Marković, mayorlany, mikrimaus, milenko crazy north, Milo97, milos.cbr, mitja2512, mkukoleca, mnn2, moldway, Mrav Obrad, nelezele, nenad81, nevjerna beba, niksa517, opt1, OtacMakarije, Panter, Povratak1912, radoznao, raptorsi, Rectifier, Rogan33, ruma, samocitam, Skakac7, SlaKoj, Slingshot, sluga, stalja, stegonosa, suton, tachinni, TalicniTom, Troja, Trpe Grozni, vathra, vlad4, vukan0799, W123, wizzardone, wolf431, zombicar153