MyCity » Ambulanta -> Arhiva Ambulante » Dosta trojanaca

Dosta trojanaca

Napisano na dan: 14.10.2010

Strana:
1
2

Dosta trojanaca

Sledeća strana

Pagination

Odgovori

Strana:
1
2

bobang Poslao: 14 Okt 2010 15:09 Idi na vrh
offline bobang Ugledni građanin Pridružio: 16 Avg 2007 Poruke: 315 Gde živiš: Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Posle Update windowsa 7 pustio sam Trojan Killer i on je otkrio dosta trojanaca. Da li moram ponovo da instaliram win 7 ili moze da se virusi izbrisu. Hvala unapred DDS (Ver_10-10-10.03) - NTFSx86 Run by Boban at 14:45:39,30 on cet 14.10.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.248 [GMT 2:00] AV: Smart Engine On-access scanning enabled (Updated) {43E6C7C0-F2DA-4DCD-8168-B704F47AC639} FW: Smart Engine enabled {FBE97B5D-5C3F-4C5A-B804-509D305CD8EA} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\soundman.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\FsUsbExService.Exe C:\Windows\system32\lxblcoms.exe C:\Windows\Installer\MSI8878.tmp C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Boban\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 61.213.158.124:8080 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll TB: FlvTube Toolbar: {851552f5-b878-4b03-904f-2ad6a4cc8994} - "c:\program files\flvtube toolbar\flvtubetb.DLL" TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [SoundMan] SOUNDMAN.EXE mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe mRun: [USB Antivirus] c:\program files\usb disk security\RunUSBGuard.exe mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" dRun: [Samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 0 = msseces.exe uPolicies-disallowrun: 1 = MSASCui.exe uPolicies-disallowrun: 2 = ekrn.exe uPolicies-disallowrun: 3 = egui.exe uPolicies-disallowrun: 4 = avgnt.exe uPolicies-disallowrun: 5 = avcenter.exe uPolicies-disallowrun: 6 = avscan.exe uPolicies-disallowrun: 7 = avgfrw.exe uPolicies-disallowrun: 8 = avgui.exe uPolicies-disallowrun: 9 = avgtray.exe uPolicies-disallowrun: 10 = avgscanx.exe uPolicies-disallowrun: 11 = avgcfgex.exe uPolicies-disallowrun: 12 = avgemc.exe uPolicies-disallowrun: 13 = avgchsvx.exe uPolicies-disallowrun: 14 = avgcmgr.exe uPolicies-disallowrun: 15 = avgwdsvc.exe mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL TCP: {13216134-FE2B-463E-AAE2-7B8366D322C2} = 194.106.162.10,194.106.162.3 TCP: {E87B3B01-C5BC-4536-9537-998186833CAD} = 212.200.191.166,212.200.190.166 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL IFEO: image file execution options - svchost.exe IFEO: a.exe - svchost.exe IFEO: aAvgApi.exe - svchost.exe IFEO: AAWTray.exe - svchost.exe IFEO: About.exe - svchost.exe Note: multiple IFEO entries found. Please refer to Attach.txt Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\users\boban\appdata\roaming\mozilla\firefox\profiles\kinlniph.default\ FF - prefs.js: browser.search.selectedEngine - search FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-13 38240] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-1 222568] R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?] R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\installer\MSI8878.tmp [2010-2-28 189760] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-1 36640] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-3 27632] S2 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-5-2 135680] S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-5-2 8320] S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-5-2 12288] S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-5-2 12288] ============== File Associations =============== .txt=UltraEdit.txt =============== Created Last 30 ================ 2010-10-14 11:55:04 -------- d-----w- c:\program files\Thinking BIG 2010-10-14 09:18:25 -------- d-sh--w- c:\users\boban\appdata\roaming\Smart Engine 2010-10-14 09:18:23 -------- d-sh--w- c:\progra~2\SMPVGYFWE 2010-10-14 09:17:41 -------- d-sh--w- c:\progra~2\1c67e8 2010-10-14 08:07:53 -------- d-----w- c:\users\boban\appdata\local\Google 2010-10-14 07:48:57 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3ee9c02d-90fa-411e-b06e-8b7a57c627c2}\mpengine.dll 2010-10-14 07:35:22 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-14 07:35:09 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe 2010-10-14 07:35:08 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-10-14 07:35:02 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-10-14 07:35:00 109056 ----a-w- c:\windows\system32\t2embed.dll 2010-10-14 07:34:59 224256 ----a-w- c:\windows\system32\schannel.dll 2010-10-14 07:34:57 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-10-14 07:34:44 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-14 07:34:26 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-14 07:34:26 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-14 07:34:26 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-14 07:34:26 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-14 07:33:30 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-14 07:33:29 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-10-10 08:13:25 -------- d-----w- c:\users\boban\appdata\roaming\Uniblue 2010-10-10 08:13:25 -------- d-----w- c:\program files\Uniblue 2010-10-10 08:13:25 -------- d-----w- c:\progra~2\DriverScanner 2010-10-10 08:10:48 -------- dc-h--w- c:\progra~2\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2010-10-10 08:03:05 -------- d-----w- c:\program files\FLVTube Player 2010-10-07 08:11:14 98304 ----a-r- c:\users\boban\appdata\roaming\microsoft\installer\{3577e42b-3347-4eb8-bfda-d36e8ed3c519}\icons.exe 2010-10-01 07:37:19 -------- d-----w- c:\program files\ADR 2010-09-30 17:06:37 117760 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxblpp5c.dll 2010-09-30 07:12:15 56496 ----a-w- c:\windows\system32\wbhelp2.dll 2010-09-30 07:12:15 544768 ----a-w- c:\windows\system32\wbocx.ocx 2010-09-30 07:12:15 258352 ----a-w- c:\windows\system32\unicows.dll 2010-09-30 07:12:14 4608 ----a-w- c:\windows\system32\W95INF32.DLL 2010-09-30 07:12:14 33968 ----a-w- c:\windows\system32\anim.dll 2010-09-30 07:12:14 2272 ----a-w- c:\windows\system32\W95INF16.DLL 2010-09-30 07:12:14 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2010-09-30 07:12:13 -------- d-----w- c:\program files\WinUtilities 2010-09-30 06:45:30 -------- d-----w- c:\program files\common files\UIE 2010-09-27 20:33:44 -------- d-----w- c:\program files\GNU 2010-09-23 17:04:16 231712 ----a-w- c:\windows\FOXDOC.EXE 2010-09-23 11:19:49 -------- d-----w- C:\mag 2010-09-22 16:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2010-09-19 11:04:37 -------- d-----w- c:\users\boban\Programs 2010-09-19 10:48:03 -------- d-----w- c:\program files\Smart PC Solutions 2010-09-17 13:44:35 -------- d-----w- c:\program files\Able2Extract Professional 5.0 2010-09-14 20:28:34 -------- d-----w- c:\windows\system32\Lang ==================== Find3M ==================== 2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec 2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 14:46:23,11 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 14 Okt 2010 15:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

bobang Poslao: 14 Okt 2010 15:40 Idi na vrh
offline bobang Ugledni građanin Pridružio: 16 Avg 2007 Poruke: 315 Gde živiš: Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zaboravio sam da napisem da imam ADSL i Eset antiviru (mozda nije bio pokrenut) ComboFix 10-10-12.03 - Boban 14.10.2010 15:27:08.1.1 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.594 [GMT 2:00] Running from: c:\users\Boban\Desktop\ComboFix.exe AV: Smart Engine On-access scanning enabled (Updated) {43E6C7C0-F2DA-4DCD-8168-B704F47AC639} FW: Smart Engine enabled {FBE97B5D-5C3F-4C5A-B804-509D305CD8EA} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\progra~1\COMMON~1\UIE\DIEM.dll c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe c:\programdata\1c67e8 c:\programdata\1c67e8\1c67e8844050a1849d58ad8b2fc3bdc1.ocx c:\programdata\1c67e8\263185.reg c:\programdata\1c67e8\28419fcffd1418013cfa5b10470bea8b.ocx c:\programdata\1c67e8\4516.mof c:\programdata\1c67e8\mcp.ico c:\programdata\1c67e8\mozcrt19.dll c:\programdata\1c67e8\SM1c6_231.exe c:\programdata\1c67e8\SME.ico c:\programdata\1c67e8\sqlite3.dll c:\programdata\1c67e8\vm9q01u8d45e7tm9q01u8z6agiwkjx9n7tm9q01u8z6on9qrg.dll c:\programdata\1c67e8\xvc5e7gfagc3xnbn45e7tm9q01urg.dll c:\programdata\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger c:\programdata\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger\Ardamax Keylogger.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger\Help.lnk c:\programdata\page c:\programdata\page\page.ico c:\programdata\page\page.URL c:\users\Boban\AppData\Roaming\541 Bomber.exe c:\users\Boban\AppData\Roaming\chrtmp c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\cid.exe c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\energy.dll c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\exec.drv c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\exec.sys c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\FS.dll c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp c:\users\Boban\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe c:\users\Boban\AppData\Roaming\Microsoft\Windows\Start Menu\Smart Engine.lnk c:\users\Boban\AppData\Roaming\Smart Engine c:\users\Boban\AppData\Roaming\Smart Engine\cookies.sqlite c:\users\Boban\AppData\Roaming\Smart Engine\Instructions.ini c:\users\Boban\Desktop\Smart Engine.lnk c:\users\Public\Documents\Server\admin.txt c:\users\Public\Documents\Server\server.dat c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 ))))))))))))))))))))))))))))))) . 2010-10-14 13:34 . 2010-10-14 13:36 -------- d-----w- c:\users\Boban\AppData\Local\temp 2010-10-14 13:34 . 2010-10-14 13:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-14 11:55 . 2010-10-14 11:55 -------- d-----w- c:\program files\Thinking BIG 2010-10-14 09:18 . 2010-10-14 09:18 -------- d-sh--w- c:\programdata\SMPVGYFWE 2010-10-14 09:02 . 2010-10-14 09:02 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-14 08:07 . 2010-10-14 08:07 -------- d-----w- c:\users\Boban\AppData\Local\Google 2010-10-14 07:48 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EE9C02D-90FA-411E-B06E-8B7A57C627C2}\mpengine.dll 2010-10-14 07:35 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-14 07:35 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2010-10-14 07:35 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-10-14 07:35 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-10-14 07:35 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll 2010-10-14 07:34 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll 2010-10-14 07:34 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-10-14 07:34 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-14 07:34 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-14 07:34 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-14 07:34 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-14 07:34 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-14 07:33 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-14 07:33 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\programdata\DriverScanner 2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\users\Boban\AppData\Roaming\Uniblue 2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\program files\Uniblue 2010-10-10 08:10 . 2010-10-10 08:13 -------- dc-h--w- c:\programdata\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2010-10-10 08:03 . 2010-10-10 08:13 -------- d-----w- c:\program files\FLVTube Player 2010-10-07 08:11 . 2010-10-07 08:11 98304 ----a-r- c:\users\Boban\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe 2010-10-01 07:37 . 2010-10-01 07:37 -------- d-----w- c:\program files\ADR 2010-09-30 17:06 . 2007-03-23 00:10 117760 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxblpp5c.dll 2010-09-30 07:12 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll 2010-09-30 07:12 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx 2010-09-30 07:12 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll 2010-09-30 07:12 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll 2010-09-30 07:12 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2010-09-30 07:12 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL 2010-09-30 07:12 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL 2010-09-30 07:12 . 2010-09-30 07:18 -------- d-----w- c:\program files\WinUtilities 2010-09-30 06:45 . 2010-10-14 13:33 -------- d-----w- c:\program files\Common Files\UIE 2010-09-30 06:44 . 2010-09-30 07:22 -------- d-----w- c:\programdata\WinZip 2010-09-27 20:33 . 2010-09-27 20:33 -------- d-----w- c:\program files\GNU 2010-09-23 17:04 . 1988-07-25 13:17 231712 ----a-w- c:\windows\FOXDOC.EXE 2010-09-23 11:19 . 2010-10-08 07:29 -------- d-----w- C:\mag 2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2010-09-19 11:04 . 2010-09-19 14:29 -------- d-----w- c:\users\Boban\Programs 2010-09-19 10:48 . 2010-09-19 10:48 -------- d-----w- c:\program files\Smart PC Solutions 2010-09-17 13:44 . 2010-09-17 13:47 -------- d-----w- c:\program files\Able2Extract Professional 5.0 2010-09-14 20:28 . 2010-09-14 20:28 -------- d-----w- c:\windows\system32\Lang . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584] "USB Antivirus"="c:\program files\USB Disk Security\RunUSBGuard.exe" [2010-01-10 86016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x] R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680] R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320] R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288] R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-13 38240] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-02-25 222568] S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520] S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8878.tmp [2010-02-28 189760] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-02-16 36640] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-03-03 27632] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 61.213.158.124:8080 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {13216134-FE2B-463E-AAE2-7B8366D322C2} = 194.106.162.10,194.106.162.3 TCP: {E87B3B01-C5BC-4536-9537-998186833CAD} = 212.200.191.166,212.200.190.166 FF - ProfilePath - c:\users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- File Associations ------- . .txt=UltraEdit.txt . - - - - ORPHANS REMOVED - - - - Toolbar-{851552F5-B878-4b03-904F-2AD6A4CC8994} - c:\program files\FlvTube Toolbar\flvtubetb.DLL WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{851552F5-B878-4B03-904F-2AD6A4CC8994} - c:\program files\FlvTube Toolbar\flvtubetb.DLL HKLM-Run-egui - c:\program files\ESET\ESET Smart Security\egui.exe AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-22_MS_USB_Modem_Driver - c:\program files\SAMSUNG\USB Drivers\22_MS_USB_Modem_Driver\Uninstall.exe AddRemove-Antamedia HotSpot - c:\users\Boban\Desktop\hotspot-installer-v2.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPDFReadSpool] "ImagePath"="c:\windows\Installer\MSI8878.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-194353341-2772204618-2978154948-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E8AEAAF-AFE1-7BB8-19D0-FD7207C84D1D}] "hagjiepamipielki"=hex:6a,61,6d,6d,67,61,61,6b,6f,70,6b,6a,6a,70,6e,63,6c,64, 64,6f,00,ed "iaijadgbmhcbkmnoep"=hex:6a,61,6d,6d,67,61,61,6b,6f,70,6b,6a,6a,70,6e,63,6c,64, 64,6f,00,f2 "eaohajalgf"=hex:61,61,00,00 "eaajoemafn"=hex:61,61,00,00 [HKEY_USERS\S-1-5-21-194353341-2772204618-2978154948-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware] @DACL=(02 0000) DUMPHIVE0.003 (REGF) [HKEY_LOCAL_MACHINE\SOFTWARE\zbshareware] @DACL=(02 0000) DUMPHIVE0.003 (REGF) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(4024) c:\program files\Samsung\Samsung PC Studio 7\phonebrowser.dll c:\program files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll c:\program files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_eng.nlr c:\program files\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\soundman.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\USB Disk Security\USBGuard.exe . ************************************************************************* . Completion time: 2010-10-14 15:40:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-14 13:40 Pre-Run: 3.692.093.440 bytes free Post-Run: 3.402.817.536 bytes free - - End Of File - - 6D0FC3FDB4D8B7CD98AB108D2B708B80

Profil

diarno Poslao: 14 Okt 2010 20:34 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi svezi DDS log i Gmer logove.

Profil

bobang Poslao: 15 Okt 2010 09:24 Idi na vrh
offline bobang Ugledni građanin Pridružio: 16 Avg 2007 Poruke: 315 Gde živiš: Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 15 Okt 2010 8:55 DDS (Ver_10-10-10.03) - NTFSx86 Run by Boban at 8:53:39,04 on pet 15.10.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.486 [GMT 2:00] AV: Smart Engine On-access scanning enabled (Updated) {43E6C7C0-F2DA-4DCD-8168-B704F47AC639} FW: Smart Engine enabled {FBE97B5D-5C3F-4C5A-B804-509D305CD8EA} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\soundman.exe C:\Windows\PixArt\PAC7302\Monitor.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Windows\system32\FsUsbExService.Exe C:\Windows\system32\lxblcoms.exe C:\Windows\Installer\MSI8878.tmp C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Boban\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 61.213.158.124:8080 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [SoundMan] SOUNDMAN.EXE mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe mRun: [USB Antivirus] c:\program files\usb disk security\RunUSBGuard.exe mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" dRun: [Samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL TCP: {13216134-FE2B-463E-AAE2-7B8366D322C2} = 194.106.162.10,194.106.162.3 TCP: {E87B3B01-C5BC-4536-9537-998186833CAD} = 212.200.191.166,212.200.190.166 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\boban\appdata\roaming\mozilla\firefox\profiles\kinlniph.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-13 38240] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-1 222568] R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?] R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\installer\MSI8878.tmp [2010-2-28 189760] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-1 36640] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-3 27632] S2 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-5-2 135680] S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-5-2 8320] S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-5-2 12288] S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-5-2 12288] ============== File Associations =============== .txt=UltraEdit.txt =============== Created Last 30 ================ 2010-10-14 13:39:06 -------- d-sh--w- C:\$RECYCLE.BIN 2010-10-14 13:34:21 -------- d-----w- c:\users\boban\appdata\local\temp 2010-10-14 13:25:21 98816 ----a-w- c:\windows\sed.exe 2010-10-14 13:25:21 77312 ----a-w- c:\windows\MBR.exe 2010-10-14 13:25:21 256512 ----a-w- c:\windows\PEV.exe 2010-10-14 13:25:21 161792 ----a-w- c:\windows\SWREG.exe 2010-10-14 11:55:04 -------- d-----w- c:\program files\Thinking BIG 2010-10-14 09:18:23 -------- d-sh--w- c:\progra~2\SMPVGYFWE 2010-10-14 08:07:53 -------- d-----w- c:\users\boban\appdata\local\Google 2010-10-14 07:48:57 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3ee9c02d-90fa-411e-b06e-8b7a57c627c2}\mpengine.dll 2010-10-14 07:35:22 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-14 07:35:09 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe 2010-10-14 07:35:08 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-10-14 07:35:02 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-10-14 07:35:00 109056 ----a-w- c:\windows\system32\t2embed.dll 2010-10-14 07:34:59 224256 ----a-w- c:\windows\system32\schannel.dll 2010-10-14 07:34:57 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-10-14 07:34:44 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-14 07:34:26 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-14 07:34:26 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-14 07:34:26 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-14 07:34:26 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-14 07:33:30 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-14 07:33:29 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-10-10 08:13:25 -------- d-----w- c:\users\boban\appdata\roaming\Uniblue 2010-10-10 08:13:25 -------- d-----w- c:\program files\Uniblue 2010-10-10 08:13:25 -------- d-----w- c:\progra~2\DriverScanner 2010-10-10 08:10:48 -------- dc-h--w- c:\progra~2\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2010-10-10 08:03:05 -------- d-----w- c:\program files\FLVTube Player 2010-10-07 08:11:14 98304 ----a-r- c:\users\boban\appdata\roaming\microsoft\installer\{3577e42b-3347-4eb8-bfda-d36e8ed3c519}\icons.exe 2010-10-01 07:37:19 -------- d-----w- c:\program files\ADR 2010-09-30 17:06:37 117760 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxblpp5c.dll 2010-09-30 07:12:15 56496 ----a-w- c:\windows\system32\wbhelp2.dll 2010-09-30 07:12:15 544768 ----a-w- c:\windows\system32\wbocx.ocx 2010-09-30 07:12:15 258352 ----a-w- c:\windows\system32\unicows.dll 2010-09-30 07:12:14 4608 ----a-w- c:\windows\system32\W95INF32.DLL 2010-09-30 07:12:14 33968 ----a-w- c:\windows\system32\anim.dll 2010-09-30 07:12:14 2272 ----a-w- c:\windows\system32\W95INF16.DLL 2010-09-30 07:12:14 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2010-09-30 07:12:13 -------- d-----w- c:\program files\WinUtilities 2010-09-30 06:45:30 -------- d-----w- c:\program files\common files\UIE 2010-09-27 20:33:44 -------- d-----w- c:\program files\GNU 2010-09-23 17:04:16 231712 ----a-w- c:\windows\FOXDOC.EXE 2010-09-23 11:19:49 -------- d-----w- C:\mag 2010-09-22 16:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2010-09-19 11:04:37 -------- d-----w- c:\users\boban\Programs 2010-09-19 10:48:03 -------- d-----w- c:\program files\Smart PC Solutions 2010-09-17 13:44:35 -------- d-----w- c:\program files\Able2Extract Professional 5.0 ==================== Find3M ==================== 2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec 2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll ============= FINISH: 8:54:23,50 =============== [Link mogu videti samo ulogovani korisnici] Dopuna: 15 Okt 2010 9:24 [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 15 Okt 2010 11:14 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `RegNull:: [HKEY_USERS\S-1-5-21-194353341-2772204618-2978154948-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E8AEAAF-AFE1-7BB8-19D0-FD7207C84D1D}*] RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bobang Poslao: 15 Okt 2010 12:02 Idi na vrh
offline bobang Ugledni građanin Pridružio: 16 Avg 2007 Poruke: 315 Gde živiš: Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Combofix je zatrazioda zatvorim smart engine. Isao sa u task bar i nema takvog procesa tako da ja neznam kako da zatvorim taj program.

Profil

diarno Poslao: 15 Okt 2010 12:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koji antivirus trenutno koristis?

Profil

bobang Poslao: 15 Okt 2010 13:30 Idi na vrh
offline bobang Ugledni građanin Pridružio: 16 Avg 2007 Poruke: 315 Gde živiš: Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koristim ponovo eset 4. Na sva pitanja sam odgovorio sa yes i evo sta je napisao combofix ali nisam mogao da zatvorim smart engine. Eset sam stavio na disable Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.436 [GMT 2:00] Running from: c:\users\Boban\Desktop\ComboFix.exe Command switches used :: c:\users\Boban\Desktop\CFScript.txt AV: Smart Engine On-access scanning enabled (Updated) {43E6C7C0-F2DA-4DCD-8168-B704F47AC639} FW: Smart Engine enabled {FBE97B5D-5C3F-4C5A-B804-509D305CD8EA} * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 ))))))))))))))))))))))))))))))) . 2010-10-15 10:19 . 2010-10-15 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-15 07:34 . 2010-10-15 07:34 -------- d-----w- c:\program files\ESET 2010-10-14 13:34 . 2010-10-15 10:19 -------- d-----w- c:\users\Boban\AppData\Local\temp 2010-10-14 11:55 . 2010-10-14 11:55 -------- d-----w- c:\program files\Thinking BIG 2010-10-14 09:18 . 2010-10-14 09:18 -------- d-sh--w- c:\programdata\SMPVGYFWE 2010-10-14 09:02 . 2010-10-14 09:02 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-14 08:07 . 2010-10-14 08:07 -------- d-----w- c:\users\Boban\AppData\Local\Google 2010-10-14 07:48 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EE9C02D-90FA-411E-B06E-8B7A57C627C2}\mpengine.dll 2010-10-14 07:35 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-14 07:35 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2010-10-14 07:35 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-10-14 07:35 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-10-14 07:35 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll 2010-10-14 07:34 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll 2010-10-14 07:34 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-10-14 07:34 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-14 07:34 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-14 07:34 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-14 07:34 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-14 07:34 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-14 07:33 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-14 07:33 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\programdata\DriverScanner 2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\users\Boban\AppData\Roaming\Uniblue 2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\program files\Uniblue 2010-10-10 08:10 . 2010-10-10 08:13 -------- dc-h--w- c:\programdata\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2010-10-10 08:03 . 2010-10-10 08:13 -------- d-----w- c:\program files\FLVTube Player 2010-10-07 08:11 . 2010-10-07 08:11 98304 ----a-r- c:\users\Boban\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe 2010-10-01 07:37 . 2010-10-01 07:37 -------- d-----w- c:\program files\ADR 2010-09-30 17:06 . 2007-03-23 00:10 117760 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxblpp5c.dll 2010-09-30 07:12 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll 2010-09-30 07:12 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx 2010-09-30 07:12 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll 2010-09-30 07:12 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll 2010-09-30 07:12 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2010-09-30 07:12 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL 2010-09-30 07:12 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL 2010-09-30 07:12 . 2010-09-30 07:18 -------- d-----w- c:\program files\WinUtilities 2010-09-30 06:45 . 2010-10-14 13:33 -------- d-----w- c:\program files\Common Files\UIE 2010-09-30 06:44 . 2010-09-30 07:22 -------- d-----w- c:\programdata\WinZip 2010-09-27 20:33 . 2010-09-27 20:33 -------- d-----w- c:\program files\GNU 2010-09-23 17:04 . 1988-07-25 13:17 231712 ----a-w- c:\windows\FOXDOC.EXE 2010-09-23 11:19 . 2010-10-08 07:29 -------- d-----w- C:\mag 2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2010-09-19 11:04 . 2010-09-19 14:29 -------- d-----w- c:\users\Boban\Programs 2010-09-19 10:48 . 2010-09-19 10:48 -------- d-----w- c:\program files\Smart PC Solutions 2010-09-17 13:44 . 2010-09-17 13:47 -------- d-----w- c:\program files\Able2Extract Professional 5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584] "USB Antivirus"="c:\program files\USB Disk Security\RunUSBGuard.exe" [2010-01-10 86016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 2 (0x2) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680] R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320] R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288] R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-13 727720] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-13 38240] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-02-25 222568] S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520] S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8878.tmp [2010-02-28 189760] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-02-16 36640] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-03-03 27632] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 61.213.158.124:8080 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {13216134-FE2B-463E-AAE2-7B8366D322C2} = 194.106.162.10,194.106.162.3 TCP: {E87B3B01-C5BC-4536-9537-998186833CAD} = 212.200.191.166,212.200.190.166 FF - ProfilePath - c:\users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPDFReadSpool] "ImagePath"="c:\windows\Installer\MSI8878.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-194353341-2772204618-2978154948-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware] @DACL=(02 0000) DUMPHIVE0.003 (REGF) [HKEY_LOCAL_MACHINE\SOFTWARE\zbshareware] @DACL=(02 0000) DUMPHIVE0.003 (REGF) . Completion time: 2010-10-15 12:23:37 ComboFix-quarantined-files.txt 2010-10-15 10:23 ComboFix2.txt 2010-10-14 13:40 Pre-Run: 3.296.231.424 bytes free Post-Run: 3.256.745.984 bytes free - - End Of File - - AE9CCAEA2BD4288376BF8D8DF7958992

Profil

diarno Poslao: 15 Okt 2010 14:21 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj Smart Engine je obrisan sa sistema i to je rogue program. Verovatno je zaostao neki registry unos pa se zato CF buni... Kakvo je sad stanje sistema?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Dosta trojanaca

Ko je trenutno na forumu

Ukupno su 774 korisnika na forumu :: 18 registrovanih, 2 sakrivenih i 754 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 762k, Ace, antonije64, boban977, BojanB93, Boško Simić, dearg, havoc995, Ivan Gajic, Korle, loler54, Papadubi, spalev, TRAVUNIJA, TRZH92, Visionary, voja64, Zec

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by