Jer moze neko da pogleda ovaj log

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 01 Sep 2009 2:28

Pokupio sam preko flash-a od prijatelju gomilu virusa i NOD mi je prijavio da ih je nasao i prebacio ih je u karantin ali sada malo malo pa izbaci da je pronasao neki virus
"C:\System Volume Information\_restore{9EC09578-B35E-4D26-8888-66EA3594EE97}\RP430\A0066907.exe a variant of Win32/Kryptik.ABT trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. "

Evo loga DDS


DDS (Ver_09-07-30.01) - NTFSx86
Run by AdministratoriNET at 2:19:41,93 on uto 01.09.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1383 [GMT 2:00]

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Office Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\AdministratoriNET\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\msupdt.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [servises] c:\windows\system32\servises.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090809 serial=DR12WNG-0249275-TMV lang=EN
mRun: [WireLessMouse] c:\program files\office mouse driver\StartAutorun.exe MouseDrv.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [BigDogPath] c:\windows\VM_STI.EXE CANYON CN-WCAM23 PC-Camera
mRun: [servises] c:\windows\system32\servises.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [servises] c:\windows\system32\servises.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office 2002\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [Link mogu videti samo ulogovani korisnici]\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: imon.dll
Trusted Zone: raiffeisenbank.rs\rol
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: {078F2A67-650C-42AB-8E0B-39812A506184} = 212.200.191.166,212.200.190.166
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\webcw7nt.default\
FF - prefs.js: browser.search.selectedEngine - Pogodak.rs
FF - component: c:\documents and settings\administratorinet\application data\mozilla\firefox\profiles\webcw7nt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\documents and settings\administratorinet\application data\mozilla\firefox\profiles\webcw7nt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\administratorinet\application data\mozilla\firefox\profiles\webcw7nt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\administratorinet\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2007-11-28 25105]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 51440]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-11-3 41456]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2008-2-17 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2008-2-17 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2008-2-17 8864]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-12-16 507904]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2008-11-21 6528]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

=============== Created Last 30 ================

2009-08-31 20:09 <DIR> --dshr-- C:\Win
2009-08-30 11:56 203,776 a------- c:\windows\system32\EBAPI.dll
2009-08-30 11:56 108,032 a------- c:\windows\system32\EBUtil.dll
2009-08-30 11:56 100,864 a------- c:\windows\system32\ebpthp.dll
2009-08-30 11:56 60,020 a------- c:\windows\system32\EBPMON2.DLL
2009-08-30 11:56 32,768 a------- c:\windows\system32\ECBTEG.DLL
2009-08-30 11:56 110 a------- c:\windows\system32\EBPPORT.DAT
2009-08-30 11:56 <DIR> --d----- c:\program files\common files\EPSON
2009-08-30 11:55 <DIR> --d----- C:\EPSON
2009-08-25 21:16 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-05 18:59 <DIR> --d----- c:\program files\Motorola
2009-08-05 18:56 196,608 a------- c:\windows\system32\sm56co6a.dll
2009-08-05 17:31 0 a------- c:\windows\WTNSETUP.INI
2009-08-05 17:27 <DIR> --d----- c:\program files\common files\Concord Shared
2009-08-05 17:26 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2009-08-05 17:26 437,528 a------- c:\windows\system32\401COMUPD.EXE
2009-08-05 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-08-05 17:26 <DIR> --d----- c:\program files\Symantec
2009-08-05 17:25 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-08-05 17:25 <DIR> --d----- c:\program files\common files\Novell Shared
2009-08-05 17:25 <DIR> --d----- c:\program files\WinFax
2009-08-03 21:35 1,071 a------- c:\windows\AWMODEM.INF
2009-08-03 19:38 18,944 a------- c:\windows\system32\ventmon.dll
2009-08-03 19:38 <DIR> --d----- c:\program files\Venta

==================== Find3M ====================

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-06-27 18:11 253,952 -------- c:\windows\Setup1.exe
2009-06-27 18:11 73,216 a------- c:\windows\ST6UNST.EXE
2009-05-24 09:04 2,568 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-06-28 15:32 8 ---shr-- c:\docume~1\alluse~1\applic~1\2C5937E254.sys
2008-01-02 22:43 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 2:20:03,00 ===============




[Link mogu videti samo ulogovani korisnici]

Dopuna: 01 Sep 2009 7:11

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 03 Sep 2009 18:08

Cao helen, probao sam pre juce da uradim scan sa combo fixom i ostavio racunar da ga skenira i kada sam se vratio racunar je bio restartovan i pisalo je da se Windows oporavio od neke greske, pa sam skeniranje ponovio danas i evo loga.

ComboFix 09-09-02.02 - AdministratoriNET 03.09.2009 17:53.9.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1582 [GMT 2:00]
Running from: c:\documents and settings\AdministratoriNET\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\AdministratoriNET\Favorites\Mp3 Download.url
c:\windows\Fonts\deartheo.ttf
c:\windows\Fonts\NAUTICAL.TTF
c:\windows\Fonts\TT8729Z_.TTF
c:\windows\Fonts\TT8730Z_.TTF
c:\windows\Fonts\TT8731Z_.TTF
c:\windows\Installer\6dfb0d.msi
c:\windows\system32\_id.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-08-31 18:09 . 2009-08-31 18:09 -------- d-sh--r- C:\Win
2009-08-30 09:56 . 2009-08-30 09:56 -------- d-----w- c:\program files\Common Files\EPSON
2009-08-30 09:56 . 2000-06-26 00:20 32768 ----a-w- c:\windows\system32\ECBTEG.DLL
2009-08-30 09:56 . 2000-05-22 00:08 60020 ----a-w- c:\windows\system32\EBPMON2.DLL
2009-08-30 09:56 . 2000-04-18 00:02 110 ----a-w- c:\windows\system32\EBPPORT.DAT
2009-08-30 09:56 . 1999-07-19 08:27 203776 ----a-w- c:\windows\system32\EBAPI.dll
2009-08-30 09:56 . 1999-07-15 23:01 100864 ----a-w- c:\windows\system32\ebpthp.dll
2009-08-30 09:56 . 1998-04-03 15:15 108032 ----a-w- c:\windows\system32\EBUtil.dll
2009-08-30 09:55 . 2009-08-30 09:55 -------- d-----w- C:\EPSON
2009-08-25 19:16 . 2009-08-25 19:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-25 19:16 . 2009-08-25 19:16 -------- d-----w- c:\program files\Common Files\Skype
2009-08-05 16:59 . 2009-08-05 16:59 -------- d-----w- c:\program files\Motorola
2009-08-05 16:56 . 2008-03-04 12:43 196608 ----a-w- c:\windows\system32\sm56co6a.dll
2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\program files\Common Files\Concord Shared
2009-08-05 15:26 . 2009-08-05 15:26 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\Symantec
2009-08-05 15:26 . 1999-06-10 12:50 437528 ----a-w- c:\windows\system32\401COMUPD.EXE
2009-08-05 15:26 . 2009-08-05 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-05 15:26 . 2009-08-05 15:26 -------- d-----w- c:\program files\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 21:39 . 2008-04-27 18:52 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\uTorrent
2009-08-31 21:06 . 2008-03-01 13:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-28 05:07 . 2009-01-31 18:28 -------- d-----w- c:\program files\Java
2009-08-26 18:08 . 2008-01-02 20:42 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\Skype
2009-08-26 15:48 . 2008-01-02 20:43 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\skypePM
2009-08-25 19:16 . 2008-01-02 20:41 -------- d-----r- c:\program files\Skype
2009-08-25 19:16 . 2008-01-02 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-23 18:03 . 2009-03-09 18:42 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\Corel
2009-08-18 21:40 . 2007-12-23 00:57 -------- d-----w- c:\program files\BitComet
2009-08-08 12:26 . 2009-08-05 15:25 -------- d-----w- c:\program files\WinFax
2009-08-08 12:25 . 2009-04-06 20:35 -------- d-----w- c:\program files\QuickTime
2009-08-08 12:25 . 2009-04-06 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-05 15:28 . 2009-08-05 15:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-05 15:27 . 2007-11-28 21:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 15:25 . 2009-08-05 15:25 -------- d-----w- c:\program files\Common Files\Novell Shared
2009-08-05 15:25 . 2009-08-05 15:25 41 ----a-w- c:\windows\WFXDEL.BAT
2009-08-03 17:38 . 2009-08-03 17:38 -------- d-----w- c:\program files\Venta
2009-07-26 12:51 . 2007-12-16 12:57 -------- d-----w- c:\program files\Trillian
2009-07-25 03:23 . 2009-01-31 18:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 23:50 . 2009-07-22 23:48 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\PMCallCenter
2009-07-15 17:23 . 2007-12-16 12:19 1110464 ----a-w- c:\documents and settings\AdministratoriNET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 15:52 . 2009-07-07 15:51 -------- d-----w- c:\program files\Microsoft Office 2002
2009-06-27 16:11 . 2009-06-27 16:10 253952 ------w- c:\windows\Setup1.exe
2009-06-27 16:11 . 2009-06-27 16:10 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-16 917504]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"WireLessMouse"="c:\program files\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-08-20 40960]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-03-04 638976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-2-3 222720]
Microsoft Office.lnk - c:\program files\Microsoft Office 2002\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^AdministratoriNET^Start Menu^Programs^Startup^ProjectWhois.lnk]
path=c:\documents and settings\AdministratoriNET\Start Menu\Programs\Startup\ProjectWhois.lnk
backup=c:\windows\pss\ProjectWhois.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AdministratoriNET^Start Menu^Programs^Startup^VentaDrv.lnk]
path=c:\documents and settings\AdministratoriNET\Start Menu\Programs\Startup\VentaDrv.lnk
backup=c:\windows\pss\VentaDrv.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk
backup=c:\windows\pss\RAID Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27159:TCP"= 27159:TCP:BitComet 27159 TCP
"27159:UDP"= 27159:UDP:BitComet 27159 UDP

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [28.11.2007 23:25 25105]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 14:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 13:39 51440]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [17.2.2008 21:38 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [17.2.2008 21:38 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [17.2.2008 21:38 8864]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [21.11.2008 0:28 6528]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 18:51 4096]
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1390067357-725345543-1003Core.job
- c:\documents and settings\AdministratoriNET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 21:55]

2009-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1390067357-725345543-1003UA.job
- c:\documents and settings\AdministratoriNET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
Trusted Zone: raiffeisenbank.rs\rol
TCP: {078F2A67-650C-42AB-8E0B-39812A506184} = 212.200.191.166,212.200.190.166
FF - ProfilePath - c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\
FF - prefs.js: browser.search.selectedEngine - Pogodak.rs
FF - component: c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\AdministratoriNET\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-09-03 17:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1390067357-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568-)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\imon.dll
.
Completion time: 2009-09-03 18:01
ComboFix-quarantined-files.txt 2009-09-03 16:00
ComboFix2.txt 2008-12-16 22:29

Pre-Run: 8.361.046.016 bytes free
Post-Run: 8.432.934.912 bytes free

210



Ako mozes reci mi zasto je obrisao ove fontove i da li treba da ih obrisem sa drugog racunara jer iste fontove koristim.
Hvala unapred.
PoZ

Dopuna: 03 Sep 2009 18:25

Nadam se da nisam pogresio ali obrisao sam folder Win na C particiji jer mi je Avast na drugom racunaru odakle sam preneo virus na ovaj sa koga saljem log prijavio da je u tom folderu neki trojanac.

Dopuna: 03 Sep 2009 18:26

Pardon, nije avast nego AVG free edition

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisi pogresio, ali to je moj posao.

Dok ja nesto proverim, ti se zabavi:

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 03 Sep 2009 18:43

Ok, izvini sto sam ti se umesao u posao ali nastao je jedan problem
Pokrenuo sam program i sacekao da se izvrsi inicijalno skeniranje i ubacivao jedan po jedan flash i kada sam dosao do jednog flash-a koji mi je prijatelj dao da mu presnimim nesto na njega, nod mi je izbacio crveni prozor i istog trenutka mi je izasao plavi ekran i restartovao mi se racunar. Sta da radim dalje i kako da ocistim taj flash ?

Dopuna: 03 Sep 2009 18:46

Sada sam pogledao u NOD-u threat log ali nema nista zabelezeno za danasnji datum

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zipuj/raruj mi sledece fajlove pa mi uploaduj:


C:\Qoobox\Quarantine\C\WINDOWS\Fonts\deartheo.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\NAUTICAL.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\TT8729Z_.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\TT8730Z_.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\TT8731Z_.ttf.vir

preko ovog linka:

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zipovao sam i uploadovao.
A reci mi sta to bi pa se restartova komp, jer to ovaj program za usb ili neki virus na flashu ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probaj ponovo da skeniras sa onim programom, ali ugasi antivirus.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ponovo scan sa Combo fix-om ako si na to mislila ili sam trebao da uradim scan sa onim programom ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Trebalo je da skeniras sa USBNoRisk programom.