MyCity » Ambulanta -> Arhiva Ambulante » Da bi eliminisali mogucnost infekcije

Da bi eliminisali mogucnost infekcije

Napisano na dan: 23.2.2008

Da bi eliminisali mogucnost infekcije

Sledeća strana

Pagination

Odgovori

djole24 Poslao: 23 Feb 2008 17:05 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uspeo sam nekako da uradim ovo, na Briksijev predlog evo loga Logfile of HijackThis v1.99.1 Scan saved at 16:53:07, on 23.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Djordje Milenkovic\My Documents\Download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/1me10enus/2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60113 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60113 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60113 O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{585E7FA8-C40A-493F-AEE4-1CD116D06F1F}: NameServer = 194.106.162.10 194.106.162.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

dr_Bora Poslao: 23 Feb 2008 17:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

djole24 Poslao: 24 Feb 2008 10:18 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Za sad mi je proradilo i radi sve al mi je napisao problem"nircmd.cfexe-To Locate Component i onda u prozoru This application has faild to start because connAPI.DLL was not found.Re-installing the application may fix this problem. ComboFix 08-02-24 - Djordje Milenkovic 2008-02-23 21:30:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.602 [GMT 1:00] Running from: C:\Documents and Settings\Djordje Milenkovic\My Documents\Download\ComboFix1.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Starware316 C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml C:\Documents and Settings\All Users\Application Data\Starware316\contexts\travel.xml C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2) C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\BrowserSearch\BrowserSearch.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\BrowserSearch\BrowserSearch.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Configurator\Configurator.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Configurator\Configurator.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ErrorSearch\ErrorSearchOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ErrorSearch\ErrorSearchOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Games\GamesOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Games\GamesOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Layouts\ToolbarLayout.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Layouts\ToolbarLayout.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Manager\ManagerOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Manager\ManagerOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Movies\MoviesOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Movies\MoviesOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Reference\ReferenceOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Reference\ReferenceOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\RelatedSearch\RelatedSearchOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\RelatedSearch\RelatedSearchOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Screensavers\ScreensaversOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Screensavers\ScreensaversOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Toolbar\TBProductsOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Toolbar\TBProductsOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ToolbarLogo\ToolbarLogoOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ToolbarLogo\ToolbarLogoOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ToolbarSearch\ToolbarSearchOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\ToolbarSearch\ToolbarSearchOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\TravelSearch\TravelSearchOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\TravelSearch\TravelSearchOptions.xml.backup C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Weather\AlertArchive.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Weather\WeatherOptions.xml C:\Documents and Settings\Djordje Milenkovic\Application Data\Starware316(2)\Weather\WeatherOptions.xml.backup C:\Program Files\Helper C:\Program Files\Helper\1203537940.dll C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S C:\Program Files\MyWebSearch\bar\Cache\013F972E C:\Program Files\MyWebSearch\bar\Cache\013FA6DE C:\Program Files\MyWebSearch\bar\Cache\013FC377.bin C:\Program Files\MyWebSearch\bar\Cache\013FC6B6.bin C:\Program Files\MyWebSearch\bar\Cache\013FCD0C.bin C:\Program Files\MyWebSearch\bar\Cache\013FD9D7.bin C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\WINDOWS\mrofinu1535.exe C:\WINDOWS\system32\1_exception.nls C:\WINDOWS\system32\aadgh.ini C:\WINDOWS\system32\aadgh.ini2 C:\WINDOWS\system32\byxwuss.dll C:\WINDOWS\system32\drivers\GCN41.sys C:\WINDOWS\system32\drivers\Lpr03.sys C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\hgdaa.dll C:\WINDOWS\system32\pskill.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_GCN41 -------\LEGACY_LPR03 -------\LEGACY_RUNTIME -------\Lpr03 ((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))) . 2008-02-24 21:44 . 2008-02-24 21:44 <DIR> d-------- C:\WINDOWS\LastGood 2008-02-23 21:20 . 2008-02-23 21:20 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dl_ 2008-02-22 18:37 . 2004-08-04 02:07 482,304 --a--c--- C:\WINDOWS\system32\DllCache\pintlgnt.ime 2008-02-22 18:36 . 2004-08-04 02:07 13,463,552 --a--c--- C:\WINDOWS\system32\DllCache\hwxjpn.dll 2008-02-22 18:35 . 2004-08-04 02:07 1,677,824 --a--c--- C:\WINDOWS\system32\DllCache\chsbrkr.dll 2008-02-22 18:34 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\DllCache\fp4awel.dll 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-02-22 18:28 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2008-02-22 18:28 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2008-02-22 18:28 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-02-22 18:28 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-02-22 18:24 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2008-02-22 18:19 . 2004-08-04 02:07 1,042,903 -ra------ C:\WINDOWS\SET2F8.tmp 2008-02-21 22:46 . 2004-08-04 01:56 221,696 --a--c--- C:\WINDOWS\system32\DllCache\seo.dll 2008-02-21 22:46 . 2004-08-04 01:56 189,440 --a--c--- C:\WINDOWS\system32\DllCache\smtpadm.dll 2008-02-21 22:46 . 2004-08-04 01:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll 2008-02-21 22:46 . 2004-08-04 01:56 10,752 --a--c--- C:\WINDOWS\system32\DllCache\smtpapi.dll 2008-02-21 22:46 . 2004-08-04 01:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll 2008-02-21 22:46 . 2004-08-04 01:56 9,728 --a--c--- C:\WINDOWS\system32\DllCache\rwnh.dll 2008-02-20 23:49 . 2003-03-24 08:49 42,752 -ra------ C:\WINDOWS\system32\drivers\ousb2hub.sys 2008-02-20 23:49 . 2003-03-24 08:49 29,568 -ra------ C:\WINDOWS\system32\drivers\ousbehci.sys 2008-02-20 23:48 . 2008-02-20 23:48 <DIR> d-------- C:\Program Files\VIA Technologies, INC 2008-02-20 23:32 . 2006-10-22 11:22 2,973,696 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2008-02-20 23:32 . 2006-10-22 11:22 2,924,544 --a------ C:\WINDOWS\system32\nvvitvs.dll 2008-02-20 23:32 . 2006-10-22 11:22 1,732,608 --a------ C:\WINDOWS\system32\nvwssr.dll 2008-02-20 23:32 . 2006-10-22 11:22 1,236,992 --a------ C:\WINDOWS\system32\nvwss.dll 2008-02-20 23:32 . 2006-10-22 11:22 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll 2008-02-20 23:32 . 2006-10-22 11:22 35,840 --a------ C:\WINDOWS\system32\nvcod.dll 2008-02-20 23:22 . 2006-10-22 11:22 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-02-20 23:22 . 2006-10-22 11:22 3,994,624 --a--c--- C:\WINDOWS\system32\DllCache\nv4_mini.sys 2008-02-20 22:10 . 2004-08-04 02:07 2,178,131 --a--c--- C:\WINDOWS\system32\DllCache\shvlres.dll 2008-02-20 21:59 . 2004-08-04 02:07 1,685,606 --a--c--- C:\WINDOWS\system32\DllCache\sam.spd 2008-02-20 21:59 . 2004-08-04 02:07 774,144 --a--c--- C:\WINDOWS\system32\DllCache\spttseng.dll 2008-02-20 21:59 . 2004-08-04 02:07 741,376 --a--c--- C:\WINDOWS\system32\DllCache\sapi.dll 2008-02-20 21:59 . 2004-08-04 02:07 643,717 --a--c--- C:\WINDOWS\system32\DllCache\ltts1033.lxa 2008-02-20 21:59 . 2004-08-04 02:07 605,050 --a--c--- C:\WINDOWS\system32\DllCache\r1033tts.lxa 2008-02-20 21:59 . 2004-08-04 02:07 155,648 --a--c--- C:\WINDOWS\system32\DllCache\sapi.cpl 2008-02-20 21:59 . 2004-08-04 02:07 77,824 --a--c--- C:\WINDOWS\system32\DllCache\spcommon.dll 2008-02-20 21:59 . 2004-08-04 02:07 61,440 --a--c--- C:\WINDOWS\system32\DllCache\spcplui.dll 2008-02-20 21:59 . 2004-08-04 02:07 36,864 --a--c--- C:\WINDOWS\system32\DllCache\sapisvr.exe 2008-02-20 21:59 . 2004-08-04 02:07 888 --a--c--- C:\WINDOWS\system32\DllCache\sam.sdf 2008-02-20 21:59 . 2008-02-20 21:59 34 --a------ C:\WINDOWS\system\oeminfo.ini 2008-02-20 21:58 . 2004-08-04 02:07 1,086,058 -ra------ C:\WINDOWS\SET3C5.tmp 2008-02-20 21:58 . 2004-08-04 02:07 1,042,903 -ra------ C:\WINDOWS\SET3C3.tmp 2008-02-20 21:58 . 2004-08-04 02:07 13,753 -ra------ C:\WINDOWS\SET3CC.tmp 2008-02-20 21:58 . 2004-08-04 02:07 7,334 --a--c--- C:\WINDOWS\system32\DllCache\wmerrenu.cat 2008-02-20 21:00 . 2008-02-20 21:00 29 --a------ C:\WINDOWS\system32\rwpspsrw.tmp 2008-02-20 20:59 . 2008-02-20 20:59 54,764 --a------ C:\WINDOWS\system\tap64drv 2008-02-20 20:59 . 2008-02-23 21:17 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll 2008-02-19 21:37 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-02-19 21:37 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-02-19 21:37 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-02-19 21:37 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2008-02-19 21:37 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-02-19 21:37 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2008-02-17 20:42 . 2008-02-17 20:42 <DIR> d-------- C:\Documents and Settings\Djordje Milenkovic\Application Data\Corel 2008-02-17 20:37 . 2008-02-17 20:37 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-02-17 20:34 . 2008-02-17 20:37 <DIR> d-------- C:\Program Files\Corel 2008-02-17 19:41 . 2008-02-17 19:41 394 --a------ C:\WINDOWS\capture.ini 2008-02-17 18:28 . 2008-02-17 18:28 0 --a------ C:\WINDOWS\CorelDrw.INI 2008-02-17 13:42 . 2008-02-17 20:43 56 -rahs---- C:\WINDOWS\system32\CA22E06F88.sys 2008-02-17 13:31 . 2008-02-17 20:43 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-17 13:10 . 2008-02-20 21:00 <DIR> d-------- C:\Program Files\Aquitania 2008-02-13 18:25 . 2008-02-13 18:25 <DIR> d-------- C:\Documents and Settings\Djordje Milenkovic\Application Data\Media Player Classic 2008-02-13 18:23 . 2008-02-13 18:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-01-30 15:25 . 2008-01-30 15:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-30 15:25 . 2008-01-30 15:25 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 15:42 4,511,744 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp 2008-02-22 15:42 3,066,880 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp 2008-02-21 13:55 4,495,360 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp 2008-02-20 21:34 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe 2008-02-20 20:35 4,460,032 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp 2008-02-20 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-20 17:16 4,425,728 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp 2008-02-20 17:16 168,448 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp 2008-02-17 21:03 4,419,584 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp 2008-02-17 21:03 186,880 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp 2008-02-17 19:02 371,712 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp 2008-02-15 21:17 93,184 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp 2008-02-14 23:18 4,255,744 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp 2008-02-14 23:18 139,264 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp 2008-02-14 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-13 17:29 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-02-13 17:27 --------- d-----w C:\Program Files\Webteh 2008-02-13 17:20 4,251,648 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-02-13 17:20 266,240 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-02-13 17:18 --------- d-----w C:\Program Files\Real 2008-02-13 17:18 --------- d-----w C:\Program Files\Common Files\Real 2008-02-13 17:17 --------- d-----w C:\Program Files\AC3Filter 2008-02-13 17:10 --------- d-----w C:\Program Files\DkZ Studio 2008-02-07 21:29 5,332,116 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-02-03 21:16 1,408,512 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-01-19 23:01 4,212,736 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-01-17 17:17 --------- d-----w C:\Program Files\Winamp 2008-01-11 22:22 1,061,888 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-01-08 13:26 4,165,120 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2007-12-26 00:20 4,169,728 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2007-12-26 00:20 174,080 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2007-12-26 00:11 --------- d-----w C:\Program Files\Womble Multimedia 2007-12-25 22:06 --------- d-----w C:\Program Files\Nero 2007-12-22 23:57 4,132,864 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2007-12-22 23:57 1,039,872 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2007-12-08 19:31 771,072 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2007-12-02 23:25 592,384 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2007-12-02 23:25 3,956,736 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2007-11-27 23:43 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2007-11-27 23:43 3,838,464 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2007-11-26 23:02 3,837,952 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2007-11-26 23:02 101,376 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2007-11-24 18:48 172,544 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2007-11-19 21:57 65,024 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2007-11-18 22:47 3,821,056 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2007-11-18 22:47 257,024 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2007-11-17 17:38 48,640 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2007-11-17 17:21 74,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2007-11-17 17:21 3,730,432 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2007-11-17 17:00 3,772,928 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2007-11-17 17:00 1,981,952 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2007-10-30 14:17 87,552 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-10-30 14:17 3,557,376 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-10-29 23:03 628,736 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-10-29 23:03 3,560,960 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2007-10-16 22:24 3,384,832 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-10-16 22:24 174,080 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2007-10-15 22:33 1,210,368 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-02-03 16:38 20,334,347 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_02_23_47_06_full.dmp.zip 2007-02-02 23:46 20,321,006 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_02_23_25_51_full.dmp.zip 2007-02-02 23:25 20,290,598 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_01_18_09_27_full.dmp.zip 2007-02-01 18:09 20,263,367 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_01_17_21_48_full.dmp.zip 2007-02-01 17:21 21,789,939 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_23_54_00_full.dmp.zip 2007-02-01 17:21 21,012,029 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_19_46_39_full.dmp.zip 2007-01-31 19:49 36,788 ----a-w C:\WINDOWS\Cursors\pastcpuninst.exe 2007-01-31 19:46 21,017,328 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_18_37_50_full.dmp.zip 2007-01-31 18:37 20,924,936 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_25_13_full.dmp.zip 2007-01-30 22:56 20,953,852 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_30_20_10_37_full.dmp.zip 2007-01-30 20:10 20,902,576 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_30_20_04_47_full.dmp.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe] "SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-10-19 12:25 2736384] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 02:36 62054] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 02:07 388608 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 02:25 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32] WLCtrl32.dll 2008-02-23 21:17 7168 C:\WINDOWS\system32\WLCtrl32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\messenger\\msmsgs.exe"= R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-09-23 12:30] S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-24 08:49] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42] Newly Created Service - VIAAGP . Contents of the 'Scheduled Tasks' folder "2008-02-17 21:00:00 C:\WINDOWS\Tasks\SmartDefrag.job" - C:\Program Files\IObit\IObit SmartDefrag\schedule.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-24 22:16:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\WLCtrl32.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe . ************************************************************************ . Completion time: 2008-02-24 22:22:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-24 21:22:36 . 2008-02-24 20:44:57 --- E O F ---

Profil

dr_Bora Poslao: 24 Feb 2008 11:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poveća ''kolekcija'' malware-a... Idemo dalje... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\system32\rwpspsrw.tmp C:\WINDOWS\system\tap64drv C:\WINDOWS\system32\WLCtrl32.dll C:\WINDOWS\system32\msnsc.exe Registry:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnsc"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

djole24 Poslao: 24 Feb 2008 12:27 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio i evo loga ComboFix 08-02-24 - Djordje Milenkovic 2008-02-25 11:59:49.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.593 [GMT 1:00] Running from: C:\Documents and Settings\Djordje Milenkovic\My Documents\Download\ComboFix.exe Command switches used :: C:\Documents and Settings\Djordje Milenkovic\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system\tap64drv C:\WINDOWS\system32\msnsc.exe C:\WINDOWS\system32\rwpspsrw.tmp C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\system32\WLCtrl32.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system\tap64drv C:\WINDOWS\system32\drivers\Bfi14.sys C:\WINDOWS\system32\msnsc.exe C:\WINDOWS\system32\rwpspsrw.tmp C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\system32\WLCtrl32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_BFI14 -------\Bfi14 ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-22 18:37 . 2004-08-04 02:07 482,304 --a--c--- C:\WINDOWS\system32\DllCache\pintlgnt.ime 2008-02-22 18:36 . 2004-08-04 02:07 13,463,552 --a--c--- C:\WINDOWS\system32\DllCache\hwxjpn.dll 2008-02-22 18:35 . 2004-08-04 02:07 1,677,824 --a--c--- C:\WINDOWS\system32\DllCache\chsbrkr.dll 2008-02-22 18:34 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\DllCache\fp4awel.dll 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-02-22 18:28 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2008-02-22 18:28 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2008-02-22 18:28 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-02-22 18:28 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-02-22 18:24 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2008-02-22 18:19 . 2004-08-04 02:07 1,042,903 -ra------ C:\WINDOWS\SET2F8.tmp 2008-02-21 22:46 . 2004-08-04 01:56 221,696 --a--c--- C:\WINDOWS\system32\DllCache\seo.dll 2008-02-21 22:46 . 2004-08-04 01:56 189,440 --a--c--- C:\WINDOWS\system32\DllCache\smtpadm.dll 2008-02-21 22:46 . 2004-08-04 01:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll 2008-02-21 22:46 . 2004-08-04 01:56 10,752 --a--c--- C:\WINDOWS\system32\DllCache\smtpapi.dll 2008-02-21 22:46 . 2004-08-04 01:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll 2008-02-21 22:46 . 2004-08-04 01:56 9,728 --a--c--- C:\WINDOWS\system32\DllCache\rwnh.dll 2008-02-20 23:49 . 2003-03-24 08:49 42,752 -ra------ C:\WINDOWS\system32\drivers\ousb2hub.sys 2008-02-20 23:49 . 2003-03-24 08:49 29,568 -ra------ C:\WINDOWS\system32\drivers\ousbehci.sys 2008-02-20 23:48 . 2008-02-20 23:48 <DIR> d-------- C:\Program Files\VIA Technologies, INC 2008-02-20 23:32 . 2006-10-22 11:22 2,973,696 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2008-02-20 23:32 . 2006-10-22 11:22 2,924,544 --a------ C:\WINDOWS\system32\nvvitvs.dll 2008-02-20 23:32 . 2006-10-22 11:22 1,732,608 --a------ C:\WINDOWS\system32\nvwssr.dll 2008-02-20 23:32 . 2006-10-22 11:22 1,236,992 --a------ C:\WINDOWS\system32\nvwss.dll 2008-02-20 23:32 . 2006-10-22 11:22 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll 2008-02-20 23:32 . 2006-10-22 11:22 35,840 --a------ C:\WINDOWS\system32\nvcod.dll 2008-02-20 23:22 . 2006-10-22 11:22 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-02-20 23:22 . 2006-10-22 11:22 3,994,624 --a--c--- C:\WINDOWS\system32\DllCache\nv4_mini.sys 2008-02-20 22:10 . 2004-08-04 02:07 2,178,131 --a--c--- C:\WINDOWS\system32\DllCache\shvlres.dll 2008-02-20 21:59 . 2004-08-04 02:07 1,685,606 --a--c--- C:\WINDOWS\system32\DllCache\sam.spd 2008-02-20 21:59 . 2004-08-04 02:07 774,144 --a--c--- C:\WINDOWS\system32\DllCache\spttseng.dll 2008-02-20 21:59 . 2004-08-04 02:07 741,376 --a--c--- C:\WINDOWS\system32\DllCache\sapi.dll 2008-02-20 21:59 . 2004-08-04 02:07 643,717 --a--c--- C:\WINDOWS\system32\DllCache\ltts1033.lxa 2008-02-20 21:59 . 2004-08-04 02:07 605,050 --a--c--- C:\WINDOWS\system32\DllCache\r1033tts.lxa 2008-02-20 21:59 . 2004-08-04 02:07 155,648 --a--c--- C:\WINDOWS\system32\DllCache\sapi.cpl 2008-02-20 21:59 . 2004-08-04 02:07 77,824 --a--c--- C:\WINDOWS\system32\DllCache\spcommon.dll 2008-02-20 21:59 . 2004-08-04 02:07 61,440 --a--c--- C:\WINDOWS\system32\DllCache\spcplui.dll 2008-02-20 21:59 . 2004-08-04 02:07 36,864 --a--c--- C:\WINDOWS\system32\DllCache\sapisvr.exe 2008-02-20 21:59 . 2004-08-04 02:07 888 --a--c--- C:\WINDOWS\system32\DllCache\sam.sdf 2008-02-20 21:59 . 2008-02-20 21:59 34 --a------ C:\WINDOWS\system\oeminfo.ini 2008-02-20 21:58 . 2004-08-04 02:07 1,086,058 -ra------ C:\WINDOWS\SET3C5.tmp 2008-02-20 21:58 . 2004-08-04 02:07 1,042,903 -ra------ C:\WINDOWS\SET3C3.tmp 2008-02-20 21:58 . 2004-08-04 02:07 13,753 -ra------ C:\WINDOWS\SET3CC.tmp 2008-02-20 21:58 . 2004-08-04 02:07 7,334 --a--c--- C:\WINDOWS\system32\DllCache\wmerrenu.cat 2008-02-19 21:37 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-02-19 21:37 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-02-19 21:37 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-02-19 21:37 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2008-02-19 21:37 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-02-19 21:37 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2008-02-17 20:42 . 2008-02-17 20:42 <DIR> d-------- C:\Documents and Settings\Djordje Milenkovic\Application Data\Corel 2008-02-17 20:37 . 2008-02-17 20:37 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-02-17 20:34 . 2008-02-17 20:37 <DIR> d-------- C:\Program Files\Corel 2008-02-17 19:41 . 2008-02-17 19:41 394 --a------ C:\WINDOWS\capture.ini 2008-02-17 18:28 . 2008-02-17 18:28 0 --a------ C:\WINDOWS\CorelDrw.INI 2008-02-17 13:42 . 2008-02-17 20:43 56 -rahs---- C:\WINDOWS\system32\CA22E06F88.sys 2008-02-17 13:31 . 2008-02-17 20:43 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-17 13:10 . 2008-02-20 21:00 <DIR> d-------- C:\Program Files\Aquitania 2008-02-13 18:25 . 2008-02-13 18:25 <DIR> d-------- C:\Documents and Settings\Djordje Milenkovic\Application Data\Media Player Classic 2008-02-13 18:23 . 2008-02-13 18:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-01-30 15:25 . 2008-01-30 15:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-30 15:25 . 2008-01-30 15:25 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-24 21:44 4,587,008 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp 2008-02-24 21:44 3,610,112 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp 2008-02-22 15:42 4,511,744 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp 2008-02-22 15:42 3,066,880 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp 2008-02-21 13:55 4,495,360 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp 2008-02-20 21:34 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe 2008-02-20 20:35 4,460,032 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp 2008-02-20 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-20 17:16 4,425,728 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp 2008-02-20 17:16 168,448 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp 2008-02-17 21:03 4,419,584 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp 2008-02-17 21:03 186,880 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp 2008-02-17 19:02 371,712 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp 2008-02-15 21:17 93,184 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp 2008-02-14 23:18 4,255,744 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp 2008-02-14 23:18 139,264 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp 2008-02-14 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-13 17:29 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-02-13 17:27 --------- d-----w C:\Program Files\Webteh 2008-02-13 17:20 4,251,648 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-02-13 17:20 266,240 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-02-13 17:18 --------- d-----w C:\Program Files\Real 2008-02-13 17:18 --------- d-----w C:\Program Files\Common Files\Real 2008-02-13 17:17 --------- d-----w C:\Program Files\AC3Filter 2008-02-13 17:10 --------- d-----w C:\Program Files\DkZ Studio 2008-02-07 21:29 5,332,116 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-02-03 21:16 1,408,512 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-01-19 23:01 4,212,736 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-01-17 17:17 --------- d-----w C:\Program Files\Winamp 2008-01-11 22:22 1,061,888 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll 2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll 2008-01-08 13:26 4,165,120 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2007-12-26 00:20 4,169,728 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2007-12-26 00:20 174,080 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2007-12-26 00:11 --------- d-----w C:\Program Files\Womble Multimedia 2007-12-25 22:06 --------- d-----w C:\Program Files\Nero 2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-22 23:57 4,132,864 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2007-12-22 23:57 1,039,872 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2007-12-08 19:31 771,072 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2007-12-02 23:25 592,384 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2007-12-02 23:25 3,956,736 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-27 23:43 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2007-11-27 23:43 3,838,464 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2007-11-26 23:02 3,837,952 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2007-11-26 23:02 101,376 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2007-11-24 18:48 172,544 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2007-11-19 21:57 65,024 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2007-11-18 22:47 3,821,056 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2007-11-18 22:47 257,024 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2007-11-17 17:38 48,640 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2007-11-17 17:21 74,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2007-11-17 17:21 3,730,432 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2007-11-17 17:00 3,772,928 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2007-11-17 17:00 1,981,952 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2007-10-30 14:17 87,552 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-10-30 14:17 3,557,376 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-10-29 23:03 628,736 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-10-29 23:03 3,560,960 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2007-10-16 22:24 3,384,832 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-10-16 22:24 174,080 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2007-10-15 22:33 1,210,368 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-02-03 16:38 20,334,347 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_02_23_47_06_full.dmp.zip 2007-02-02 23:46 20,321,006 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_02_23_25_51_full.dmp.zip 2007-02-02 23:25 20,290,598 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_01_18_09_27_full.dmp.zip 2007-02-01 18:09 20,263,367 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_01_17_21_48_full.dmp.zip 2007-02-01 17:21 21,789,939 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_23_54_00_full.dmp.zip 2007-02-01 17:21 21,012,029 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_19_46_39_full.dmp.zip 2007-01-31 19:49 36,788 ----a-w C:\WINDOWS\Cursors\pastcpuninst.exe 2007-01-31 19:46 21,017,328 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_18_37_50_full.dmp.zip 2007-01-31 18:37 20,924,936 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_25_13_full.dmp.zip 2007-01-30 22:56 20,953,852 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_30_20_10_37_full.dmp.zip 2007-01-30 20:10 20,902,576 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_30_20_04_47_full.dmp.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe] "SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-10-19 12:25 2736384] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 02:07 388608 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 02:25 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\messenger\\msmsgs.exe"= R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-09-23 12:30] S1 tap64drv;tap64drv;C:\WINDOWS\system\tap64drv [] S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-24 08:49] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42] . Contents of the 'Scheduled Tasks' folder "2008-02-17 21:00:00 C:\WINDOWS\Tasks\SmartDefrag.job" - C:\Program Files\IObit\IObit SmartDefrag\schedule.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-25 12:05:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-02-25 12:08:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-25 11:08:53 ComboFix2.txt 2008-02-24 21:22:42 . 2008-02-24 21:49:49 --- E O F --- Dopuna: 24 Feb 2008 12:27 Samo da napomenem da sada sve radi normalno

Profil

dr_Bora Poslao: 24 Feb 2008 12:59 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada je stanje mnogo bolje, no ima još nekih stavki koje treba ukloniti... Vidim da nemaš AV program - zašto? Poželjno je da što pre instaliraš antivirus inače ovo što smo radili neće imati mnogo smisla. 1) Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: tap64drv` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ------------------------------------------------------------------------------------- 2) Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Save... dugme ispod - snimi taj logfile. Priloži snimljeni log uz iduću poruku (koristi opciju Prikači fajl)

Profil

djole24 Poslao: 24 Feb 2008 19:02 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Od AV sam imao ZoneAlarm pa sam ga deinstalirao....sada sam stavio Avast ComboFix 08-02-24 - Djordje Milenkovic 2008-02-24 18:18:59.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.519 [GMT 1:00] Running from: C:\Documents and Settings\Djordje Milenkovic\My Documents\Programi\ComboFix.exe Command switches used :: C:\Documents and Settings\Djordje Milenkovic\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))) . 2008-02-25 12:26 . 2008-02-25 12:26 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-25 12:26 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-25 12:26 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-02-25 12:26 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-25 12:26 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-25 12:26 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-25 12:26 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-25 12:26 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-25 12:26 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-25 12:17 . 2008-02-25 12:17 <DIR> d-------- C:\Documents and Settings\Djordje Milenkovic\Application Data\Locktime 2008-02-25 12:13 . 2008-02-25 12:13 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro 2008-02-25 12:13 . 2008-02-25 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime 2008-02-24 18:23 . 2008-02-24 18:23 <DIR> d-------- C:\WINDOWS\LastGood 2008-02-22 18:37 . 2004-08-04 02:07 482,304 --a--c--- C:\WINDOWS\system32\DllCache\pintlgnt.ime 2008-02-22 18:36 . 2004-08-04 02:07 13,463,552 --a--c--- C:\WINDOWS\system32\DllCache\hwxjpn.dll 2008-02-22 18:35 . 2004-08-04 02:07 1,677,824 --a--c--- C:\WINDOWS\system32\DllCache\chsbrkr.dll 2008-02-22 18:34 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\DllCache\fp4awel.dll 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-02-22 18:31 . 2008-02-22 18:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-02-22 18:28 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2008-02-22 18:28 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2008-02-22 18:28 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-02-22 18:28 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-02-22 18:24 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2008-02-22 18:19 . 2004-08-04 02:07 1,042,903 -ra------ C:\WINDOWS\SET2F8.tmp 2008-02-21 22:46 . 2004-08-04 01:56 221,696 --a--c--- C:\WINDOWS\system32\DllCache\seo.dll 2008-02-21 22:46 . 2004-08-04 01:56 189,440 --a--c--- C:\WINDOWS\system32\DllCache\smtpadm.dll 2008-02-21 22:46 . 2004-08-04 01:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll 2008-02-21 22:46 . 2004-08-04 01:56 10,752 --a--c--- C:\WINDOWS\system32\DllCache\smtpapi.dll 2008-02-21 22:46 . 2004-08-04 01:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll 2008-02-21 22:46 . 2004-08-04 01:56 9,728 --a--c--- C:\WINDOWS\system32\DllCache\rwnh.dll 2008-02-20 23:49 . 2003-03-24 08:49 42,752 -ra------ C:\WINDOWS\system32\drivers\ousb2hub.sys 2008-02-20 23:49 . 2003-03-24 08:49 29,568 -ra------ C:\WINDOWS\system32\drivers\ousbehci.sys 2008-02-20 23:48 . 2008-02-20 23:48 <DIR> d-------- C:\Program Files\VIA Technologies, INC 2008-02-20 23:32 . 2006-10-22 11:22 2,973,696 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2008-02-20 23:32 . 2006-10-22 11:22 2,924,544 --a------ C:\WINDOWS\system32\nvvitvs.dll 2008-02-20 23:32 . 2006-10-22 11:22 1,732,608 --a------ C:\WINDOWS\system32\nvwssr.dll 2008-02-20 23:32 . 2006-10-22 11:22 1,236,992 --a------ C:\WINDOWS\system32\nvwss.dll 2008-02-20 23:32 . 2006-10-22 11:22 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll 2008-02-20 23:32 . 2006-10-22 11:22 35,840 --a------ C:\WINDOWS\system32\nvcod.dll 2008-02-20 23:22 . 2006-10-22 11:22 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-02-20 23:22 . 2006-10-22 11:22 3,994,624 --a--c--- C:\WINDOWS\system32\DllCache\nv4_mini.sys 2008-02-20 22:10 . 2004-08-04 02:07 2,178,131 --a--c--- C:\WINDOWS\system32\DllCache\shvlres.dll 2008-02-20 21:59 . 2004-08-04 02:07 1,685,606 --a--c--- C:\WINDOWS\system32\DllCache\sam.spd 2008-02-20 21:59 . 2004-08-04 02:07 774,144 --a--c--- C:\WINDOWS\system32\DllCache\spttseng.dll 2008-02-20 21:59 . 2004-08-04 02:07 741,376 --a--c--- C:\WINDOWS\system32\DllCache\sapi.dll 2008-02-20 21:59 . 2004-08-04 02:07 643,717 --a--c--- C:\WINDOWS\system32\DllCache\ltts1033.lxa 2008-02-20 21:59 . 2004-08-04 02:07 605,050 --a--c--- C:\WINDOWS\system32\DllCache\r1033tts.lxa 2008-02-20 21:59 . 2004-08-04 02:07 155,648 --a--c--- C:\WINDOWS\system32\DllCache\sapi.cpl 2008-02-20 21:59 . 2004-08-04 02:07 77,824 --a--c--- C:\WINDOWS\system32\DllCache\spcommon.dll 2008-02-20 21:59 . 2004-08-04 02:07 61,440 --a--c--- C:\WINDOWS\system32\DllCache\spcplui.dll 2008-02-20 21:59 . 2004-08-04 02:07 36,864 --a--c--- C:\WINDOWS\system32\DllCache\sapisvr.exe 2008-02-20 21:59 . 2004-08-04 02:07 888 --a--c--- C:\WINDOWS\system32\DllCache\sam.sdf 2008-02-20 21:59 . 2008-02-20 21:59 34 --a------ C:\WINDOWS\system\oeminfo.ini 2008-02-20 21:58 . 2004-08-04 02:07 1,086,058 -ra------ C:\WINDOWS\SET3C5.tmp 2008-02-20 21:58 . 2004-08-04 02:07 1,042,903 -ra------ C:\WINDOWS\SET3C3.tmp 2008-02-20 21:58 . 2004-08-04 02:07 13,753 -ra------ C:\WINDOWS\SET3CC.tmp 2008-02-20 21:58 . 2004-08-04 02:07 7,334 --a--c--- C:\WINDOWS\system32\DllCache\wmerrenu.cat 2008-02-19 21:37 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-02-19 21:37 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-02-19 21:37 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-02-19 21:37 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2008-02-19 21:37 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-02-19 21:37 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2008-02-17 20:42 . 2008-02-17 20:42 <DIR> d-------- C:\Documents and Settings\Djordje Milenkovic\Application Data\Corel 2008-02-17 20:37 . 2008-02-17 20:37 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-02-17 20:34 . 2008-02-17 20:37 <DIR> d-------- C:\Program Files\Corel 2008-02-17 19:41 . 2008-02-17 19:41 394 --a------ C:\WINDOWS\capture.ini 2008-02-17 18:28 . 2008-02-17 18:28 0 --a------ C:\WINDOWS\CorelDrw.INI 2008-02-17 13:42 . 2008-02-17 20:43 56 -rahs---- C:\WINDOWS\system32\CA22E06F88.sys 2008-02-17 13:31 . 2008-02-17 20:43 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-17 13:10 . 2008-02-20 21:00 <DIR> d-------- C:\Program Files\Aquitania 2008-02-13 18:25 . 2008-02-13 18:25 <DIR> d-------- C:\Documents and Settings\Djordje Milenkovic\Application Data\Media Player Classic 2008-02-13 18:23 . 2008-02-13 18:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-01-30 15:25 . 2008-01-30 15:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-30 15:25 . 2008-01-30 15:25 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 21:34 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe 2008-02-20 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-13 17:27 --------- d-----w C:\Program Files\Webteh 2008-02-13 17:18 --------- d-----w C:\Program Files\Real 2008-02-13 17:18 --------- d-----w C:\Program Files\Common Files\Real 2008-02-13 17:17 --------- d-----w C:\Program Files\AC3Filter 2008-02-13 17:10 --------- d-----w C:\Program Files\DkZ Studio 2008-01-17 17:17 --------- d-----w C:\Program Files\Winamp 2007-12-26 00:11 --------- d-----w C:\Program Files\Womble Multimedia 2007-12-25 22:06 --------- d-----w C:\Program Files\Nero . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe] "SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-10-19 12:25 2736384] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 02:07 388608 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 02:25 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\messenger\\msmsgs.exe"= R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 12:03] R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-09-23 12:30] S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-24 08:49] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42] . Contents of the 'Scheduled Tasks' folder "2008-02-17 21:00:00 C:\WINDOWS\Tasks\SmartDefrag.job" - C:\Program Files\IObit\IObit SmartDefrag\schedule.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-24 18:27:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-02-24 18:33:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-24 17:33:02 ComboFix2.txt 2008-02-25 11:08:59 ComboFix3.txt 2008-02-24 21:22:42 . 2008-02-24 16:56:51 --- E O F --- mycity.rs/must-login.png

Profil

dr_Bora Poslao: 24 Feb 2008 19:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

djole24 Poslao: 24 Feb 2008 19:18 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @dr Bora..Svaka cast! Malo je falilo da komp zavrsi u servisu ali zahvaljujuci tebi sve je sredjeno i radi kako treba Veliko Hvala!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Da bi eliminisali mogucnost infekcije

Ko je trenutno na forumu

Ukupno su 1057 korisnika na forumu :: 27 registrovanih, 0 sakrivenih i 1030 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, babaroga, BORUTUS, Brana01, BraneS, cenejac111, cuculo, Dorcolac, goxin, Hexe, indja, Još malo pa deda, krkalon, ladro, laurusri, loon123, maiden6657, mercedesamg, mkukoleca, pein, raketaš, Ripanjac, sasa87, stegonosa, vathra, Vlada1389, vladaa012

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by