MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom (axxxl.exe, autoran.inf , kht i khu)

Problem sa virusom (axxxl.exe, autoran.inf , kht i khu)

Napisano na dan: 9.7.2009

Problem sa virusom (axxxl.exe, autoran.inf , kht i khu)

Sledeća strana

Pagination

Odgovori

Car Dusan Silni Poslao: 09 Jul 2009 16:27 Idi na vrh
offline Car Dusan Silni Novi MyCity građanin Pridružio: 09 Jul 2009 Poruke: 21 Gde živiš: Kosjeric, Zapadna Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Problem je takve prirode da pri uključivanju računara virus sakriva hidden fajlove i na svakoj particiji otvara kht sistem fajl, a nekada i khu sistem fajl. Znači to je fajl koji nema extension već ga mu je dodeljeno samo ime (kht i khu). Redovno ažuriram i koristim Avira Free Antivirus, ali on samo prepozna exe fajl obriše ga i tu je kraj, ali neki drugi fajl pravi Autoran fajl i pomenute fajlove sa početka poruke. Zanimljivo je takođe da se pri poevezivanju u mrežu exe, autoran fajl i kht fajlovi javljaju u svim sherovanim folderima ili particijama. Ako bude trebalo još informacija tu sam. HiJack sadržaj: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:54:42, on 10.7.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\csrcs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\WF2K.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\net.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2ADFC642-0698-47D7-A4FC-52995C1CA721}: NameServer = 192.168.100.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{2ADFC642-0698-47D7-A4FC-52995C1CA721}: NameServer = 192.168.100.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{2ADFC642-0698-47D7-A4FC-52995C1CA721}: NameServer = 192.168.100.252 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6426 bytes

Profil

dr_Bora Poslao: 09 Jul 2009 17:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Car Dusan Silni Poslao: 09 Jul 2009 17:15 Idi na vrh
offline Car Dusan Silni Novi MyCity građanin Pridružio: 09 Jul 2009 Poruke: 21 Gde živiš: Kosjeric, Zapadna Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala, za do sada ulo\en trud. ComboFix log: ComboFix 09-07-08.07 - Milovan 10.07.2009 17:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1361 [GMT 2:00] Running from: e:\02 software\01 Internet\Zastita\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\18574.msi c:\windows\system32\csrcs.exe . ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))))) . 2009-07-10 13:54 . 2009-07-10 13:54 -------- d-----w- c:\program files\Trend Micro 2009-07-08 22:52 . 2009-07-08 22:52 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-07-08 22:37 . 2009-07-09 07:38 1863712 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-08 22:37 . 2009-07-09 07:38 12064 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-08 22:05 . 2009-07-10 13:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-08 21:50 . 2009-07-08 21:50 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2009-07-08 21:46 . 2009-07-09 07:36 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-07-08 21:46 . 2009-07-09 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-07-08 21:46 . 2009-07-08 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2009-07-08 21:45 . 2009-07-08 21:45 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Downloaded Installations 2009-07-08 21:42 . 2002-01-05 09:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-07-08 21:42 . 2002-01-05 03:40 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-07-08 21:42 . 2009-07-08 21:42 -------- d-----w- c:\program files\AML Products 2009-07-08 21:42 . 2002-01-05 04:48 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-07-06 15:36 . 2009-07-06 15:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-07-06 15:31 . 2009-07-06 15:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-07-06 15:31 . 2009-07-06 15:35 -------- d-----w- c:\program files\Google 2009-07-06 12:36 . 2009-07-06 15:35 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Temp 2009-07-06 12:36 . 2009-07-06 15:35 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Google 2009-06-28 19:25 . 2009-06-28 19:26 -------- d-----w- c:\program files\QuickTime 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Apple 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\program files\Apple Software Update 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Apple Computer 2009-06-28 18:33 . 2009-06-28 18:33 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Microsoft Help 2009-06-28 18:33 . 2009-06-28 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-26 14:36 . 2009-06-26 14:36 -------- d-----w- c:\program files\MSXML 6.0 2009-06-26 14:32 . 2009-06-26 14:33 -------- d-----w- C:\3dsmax9Tutorials 2009-06-26 14:15 . 2009-06-26 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-06-26 14:09 . 2009-06-26 14:21 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Autodesk 2009-06-26 14:09 . 2009-06-26 14:18 -------- d-----w- c:\program files\Autodesk 2009-06-26 14:09 . 2009-06-26 14:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-06-26 14:04 . 2009-04-29 04:55 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-06-26 14:04 . 2009-04-29 04:55 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-06-26 14:04 . 2009-04-29 04:55 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-06-26 14:04 . 2009-04-29 04:55 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-06-26 14:04 . 2009-04-29 04:55 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-06-26 14:04 . 2009-04-28 09:05 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-06-26 14:04 . 2008-07-09 14:25 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-06-26 14:04 . 2009-04-29 04:55 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-06-26 14:02 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-06-26 14:00 . 2009-06-26 14:01 -------- d-----w- C:\3dsmax9Trial 2009-06-26 01:30 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-06-26 01:30 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-06-26 01:28 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-06-26 01:28 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-06-26 01:28 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-06-26 01:28 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-06-26 01:16 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-06-25 23:06 . 2009-06-25 23:06 -------- d-----w- c:\program files\uTorrent 2009-06-25 23:06 . 2009-07-08 21:46 -------- d-----w- c:\documents and settings\Milovan\Application Data\uTorrent 2009-06-25 23:03 . 2009-06-28 18:10 -------- d--h--w- c:\windows\$hf_mig$ 2009-06-25 17:54 . 2009-07-10 14:04 -------- d-----w- c:\documents and settings\Milovan\Application Data\skypePM 2009-06-25 17:54 . 2009-06-25 17:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-06-25 17:51 . 2009-07-10 15:03 -------- d-----w- c:\documents and settings\Milovan\Application Data\Skype 2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\program files\Common Files\Skype 2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----r- c:\program files\Skype 2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-06-25 00:53 . 2009-06-25 00:53 -------- d-----w- c:\program files\Foxit Software 2009-06-25 00:53 . 2009-06-25 00:53 -------- d-----w- c:\documents and settings\Milovan\Application Data\Foxit 2009-06-25 00:50 . 2009-06-25 17:56 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Adobe 2009-06-25 00:44 . 2009-06-25 00:44 0 ----a-w- c:\windows\nsreg.dat 2009-06-25 00:44 . 2009-06-25 00:44 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Mozilla 2009-06-25 00:21 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-25 00:21 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-25 00:21 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-25 00:21 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-25 00:20 . 2009-06-25 00:20 -------- d-----w- c:\program files\Avira 2009-06-25 00:20 . 2009-06-25 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Milovan\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-19 22:14 . 2009-06-19 22:14 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Macromedia 2009-06-19 22:07 . 2009-06-19 22:07 45056 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe 2009-06-19 22:07 . 2009-06-19 22:08 -------- d-----w- c:\program files\Macromedia 2009-06-19 22:07 . 2009-06-19 22:07 -------- d-----w- c:\program files\Common Files\Macromedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-09 07:38 . 2009-07-08 22:37 3200 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-09 07:38 . 2009-07-08 22:37 31256 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-08 21:46 . 2009-05-22 14:55 72568 ----a-w- c:\documents and settings\Milovan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-28 18:38 . 2009-05-22 07:22 -------- d-----w- c:\program files\Microsoft Works 2009-05-25 16:25 . 2009-05-25 16:25 -------- d-----w- c:\program files\Rhinoceros 3.0 2009-05-25 16:25 . 2009-05-25 16:25 -------- d-----w- c:\program files\Common Files\McNeel Shared 2009-05-25 16:25 . 2009-05-25 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McNeel 2009-05-25 16:05 . 2009-05-25 15:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-05-24 23:44 . 2009-05-22 00:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-24 12:03 . 2009-05-22 23:23 -------- d-----w- c:\documents and settings\Milovan\Application Data\CyberLink 2009-05-22 16:06 . 2009-05-22 16:02 -------- d-----w- c:\program files\CyberLink DVD Solution 2009-05-22 16:06 . 2009-05-22 00:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-22 16:04 . 2009-05-22 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-22 16:04 . 2009-05-22 16:03 -------- d-----w- c:\program files\CyberLink 2009-05-22 15:59 . 2009-05-22 14:55 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-05-22 15:59 . 2009-05-22 14:55 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-05-22 15:57 . 2009-05-22 14:55 88 --sh--r- c:\documents and settings\All Users\Application Data\F5842AF8EC.sys 2009-05-22 15:57 . 2009-05-22 14:55 88 --sh--r- c:\documents and settings\All Users\Application Data\F5842AF8EC.sys 2009-05-22 14:55 . 2009-05-22 14:55 -------- d-----w- c:\documents and settings\Milovan\Application Data\Corel 2009-05-22 07:43 . 2009-05-22 07:43 -------- d-----w- c:\program files\Common Files\Protexis 2009-05-22 07:43 . 2009-05-22 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-05-22 07:41 . 2009-05-22 07:41 -------- d-----w- c:\program files\Common Files\Corel 2009-05-22 07:36 . 2009-05-22 07:36 -------- d-----w- c:\program files\Corel 2009-05-22 07:30 . 2009-05-22 07:30 -------- d-----w- c:\program files\CorelDRAW Graphics Suite X4 2009-05-22 07:27 . 2009-05-22 07:27 -------- d-----w- c:\documents and settings\Milovan\Application Data\Design Science 2009-05-22 07:27 . 2009-05-22 07:27 -------- d-----w- c:\program files\MathType 2009-05-22 07:23 . 2009-05-22 07:23 -------- d-----w- c:\program files\Common Files\L&H 2009-05-22 07:22 . 2009-05-22 07:22 -------- d-----w- c:\program files\Microsoft.NET 2009-05-22 07:22 . 2009-05-22 07:22 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-05-22 07:17 . 2009-05-22 07:17 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-05-22 07:15 . 2009-05-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-05-22 07:15 . 2009-05-22 07:15 -------- d-----w- c:\program files\WinFast 2009-05-22 07:09 . 2009-05-22 00:07 -------- d-----w- c:\program files\Common Files\InstallShield 2009-05-22 07:04 . 2009-05-22 07:04 -------- d-----w- c:\program files\Attansic 2009-05-22 06:55 . 2009-05-22 06:55 -------- d-----w- c:\program files\Realtek 2009-05-22 06:32 . 2009-05-22 06:08 -------- d-----w- c:\program files\NVIDIA Corporation 2009-05-22 06:32 . 2009-05-22 06:32 98477 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{CE5FAE47-2316-499E-8BAF-BFFF4940769E}\_A3D2A7B84B2B0FD79E5279.exe 2009-05-22 06:32 . 2009-05-22 06:32 98477 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{CE5FAE47-2316-499E-8BAF-BFFF4940769E}\_6FEFF9B68218417F98F549.exe 2009-05-22 06:32 . 2009-05-22 06:32 10134 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{CE5FAE47-2316-499E-8BAF-BFFF4940769E}\_42896BCF9DF5217C8262B0.exe 2009-05-22 06:32 . 2009-05-22 06:32 -------- d-----w- c:\program files\Folding@home 2009-05-22 06:32 . 2009-05-22 06:32 -------- d-----w- c:\documents and settings\Milovan\Application Data\Folding@home-gpu 2009-05-22 06:03 . 2009-05-22 06:03 -------- d-----w- c:\program files\AGEIA Technologies 2009-05-22 06:02 . 2009-05-22 06:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-22 05:30 . 2009-05-21 23:58 22720 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-22 00:08 . 2009-05-22 00:08 -------- d-----w- c:\program files\VIA 2009-05-22 00:08 . 2009-05-22 00:08 -------- d-----w- c:\program files\AMD 2009-05-22 00:02 . 2009-05-22 00:02 -------- d-----w- c:\program files\microsoft frontpage 2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:56 . 2004-08-03 22:56 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-03 22:56 78336 ------w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2004-08-03 21:17 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2004-08-03 22:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2004-03-11 11:27 . 2009-05-22 16:03 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2003-12-22 86016] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-23 2836376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "WinFoxV2"="c:\windows\system32\WF2K.EXE" [2008-10-31 2342912] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-06 16262656] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Documents and Settings\\Milovan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Milovan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [22.5.2009 9:05 63232] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [22.5.2009 8:45 11264] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.6.2009 2:21 108289] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [22.5.2009 9:04 35712] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [22.5.2009 9:15 9446] R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [22.5.2009 8:07 9600] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.7.2009 17:31 133104] . Contents of the 'Scheduled Tasks' folder 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 15:31] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 15:31] 2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1383384898-839522115-1003Core.job - c:\documents and settings\Milovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-06 12:36] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1383384898-839522115-1003UA.job - c:\documents and settings\Milovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-06 12:36] . - - - - ORPHANS REMOVED - - - - HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: {2ADFC642-0698-47D7-A4FC-52995C1CA721} = 192.168.100.252 FF - ProfilePath - c:\documents and settings\Milovan\Application Data\Mozilla\Firefox\Profiles\ygg8x9bw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Milovan\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Milovan\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-10 17:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-07-10 17:04 ComboFix-quarantined-files.txt 2009-07-10 15:04 Pre-Run: 71.058.616.320 bytes free Post-Run: 71.065.174.016 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 237 --- E O F --- 2009-06-28 18:10

Profil

dr_Bora Poslao: 09 Jul 2009 17:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj PC, dvoklikom pokreni ComboFix i postavi svež log (svež = neki koji je napravljen nakon što sam ja napisao ovu poruku).

Profil

Car Dusan Silni Poslao: 09 Jul 2009 17:49 Idi na vrh
offline Car Dusan Silni Novi MyCity građanin Pridružio: 09 Jul 2009 Poruke: 21 Gde živiš: Kosjeric, Zapadna Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Po preporuci, odra]en je restart, a potom i sceniranje ComboFix-om: ComboFix 09-07-08.A0 - Milovan 07/10/2009 17:44.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1669 [GMT 2:00] Running from: e:\02 software\01 Internet\Zastita\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))))) . 2009-07-10 15:15 . 2009-07-10 15:16 -------- d-----w- c:\program files\MRSOFT 2009-07-10 13:54 . 2009-07-10 13:54 -------- d-----w- c:\program files\Trend Micro 2009-07-08 22:52 . 2009-07-08 22:52 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-07-08 22:37 . 2009-07-09 07:38 1863712 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-08 22:37 . 2009-07-09 07:38 12064 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-08 22:05 . 2009-07-10 13:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-08 21:50 . 2009-07-08 21:50 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2009-07-08 21:46 . 2009-07-09 07:36 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-07-08 21:46 . 2009-07-09 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-07-08 21:46 . 2009-07-08 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2009-07-08 21:45 . 2009-07-08 21:45 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Downloaded Installations 2009-07-08 21:42 . 2002-01-05 09:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-07-08 21:42 . 2002-01-05 03:40 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-07-08 21:42 . 2009-07-08 21:42 -------- d-----w- c:\program files\AML Products 2009-07-08 21:42 . 2002-01-05 04:48 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-07-06 15:36 . 2009-07-06 15:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-07-06 15:31 . 2009-07-06 15:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-07-06 15:31 . 2009-07-06 15:35 -------- d-----w- c:\program files\Google 2009-07-06 12:36 . 2009-07-06 15:35 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Temp 2009-07-06 12:36 . 2009-07-06 15:35 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Google 2009-06-28 19:25 . 2009-06-28 19:26 -------- d-----w- c:\program files\QuickTime 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Apple 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\program files\Apple Software Update 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-28 19:25 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Apple Computer 2009-06-28 18:33 . 2009-06-28 18:33 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Microsoft Help 2009-06-28 18:33 . 2009-06-28 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-26 14:36 . 2009-06-26 14:36 -------- d-----w- c:\program files\MSXML 6.0 2009-06-26 14:32 . 2009-06-26 14:33 -------- d-----w- C:\3dsmax9Tutorials 2009-06-26 14:15 . 2009-06-26 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-06-26 14:09 . 2009-06-26 14:21 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Autodesk 2009-06-26 14:09 . 2009-06-26 14:18 -------- d-----w- c:\program files\Autodesk 2009-06-26 14:09 . 2009-06-26 14:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-06-26 14:04 . 2009-04-29 04:55 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-06-26 14:04 . 2009-04-29 04:55 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-06-26 14:04 . 2009-04-29 04:55 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-06-26 14:04 . 2009-04-29 04:55 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-06-26 14:04 . 2009-04-29 04:55 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-06-26 14:04 . 2009-04-28 09:05 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-06-26 14:04 . 2008-07-09 14:25 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-06-26 14:04 . 2009-04-29 04:55 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-06-26 14:02 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-06-26 14:00 . 2009-06-26 14:01 -------- d-----w- C:\3dsmax9Trial 2009-06-26 01:30 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-06-26 01:30 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-06-26 01:28 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-06-26 01:28 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-06-26 01:28 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-06-26 01:28 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-06-26 01:16 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-06-25 23:06 . 2009-06-25 23:06 -------- d-----w- c:\program files\uTorrent 2009-06-25 23:06 . 2009-07-08 21:46 -------- d-----w- c:\documents and settings\Milovan\Application Data\uTorrent 2009-06-25 23:03 . 2009-06-28 18:10 -------- d--h--w- c:\windows\$hf_mig$ 2009-06-25 17:54 . 2009-07-10 14:04 -------- d-----w- c:\documents and settings\Milovan\Application Data\skypePM 2009-06-25 17:54 . 2009-06-25 17:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-06-25 17:51 . 2009-07-10 15:14 -------- d-----w- c:\documents and settings\Milovan\Application Data\Skype 2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\program files\Common Files\Skype 2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----r- c:\program files\Skype 2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-06-25 00:53 . 2009-06-25 00:53 -------- d-----w- c:\program files\Foxit Software 2009-06-25 00:53 . 2009-06-25 00:53 -------- d-----w- c:\documents and settings\Milovan\Application Data\Foxit 2009-06-25 00:50 . 2009-06-25 17:56 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Adobe 2009-06-25 00:44 . 2009-06-25 00:44 0 ----a-w- c:\windows\nsreg.dat 2009-06-25 00:44 . 2009-06-25 00:44 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Mozilla 2009-06-25 00:21 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-25 00:21 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-25 00:21 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-25 00:21 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-25 00:20 . 2009-06-25 00:20 -------- d-----w- c:\program files\Avira 2009-06-25 00:20 . 2009-06-25 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Milovan\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-19 22:14 . 2009-06-19 22:14 -------- d-----w- c:\documents and settings\Milovan\Local Settings\Application Data\Macromedia 2009-06-19 22:07 . 2009-06-19 22:07 45056 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe 2009-06-19 22:07 . 2009-06-19 22:08 -------- d-----w- c:\program files\Macromedia 2009-06-19 22:07 . 2009-06-19 22:07 -------- d-----w- c:\program files\Common Files\Macromedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-09 07:38 . 2009-07-08 22:37 3200 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-09 07:38 . 2009-07-08 22:37 31256 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-08 21:46 . 2009-05-22 14:55 72568 ----a-w- c:\documents and settings\Milovan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-28 18:38 . 2009-05-22 07:22 -------- d-----w- c:\program files\Microsoft Works 2009-05-25 16:25 . 2009-05-25 16:25 -------- d-----w- c:\program files\Rhinoceros 3.0 2009-05-25 16:25 . 2009-05-25 16:25 -------- d-----w- c:\program files\Common Files\McNeel Shared 2009-05-25 16:25 . 2009-05-25 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McNeel 2009-05-25 16:05 . 2009-05-25 15:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-05-24 23:44 . 2009-05-22 00:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-24 12:03 . 2009-05-22 23:23 -------- d-----w- c:\documents and settings\Milovan\Application Data\CyberLink 2009-05-22 16:06 . 2009-05-22 16:02 -------- d-----w- c:\program files\CyberLink DVD Solution 2009-05-22 16:06 . 2009-05-22 00:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-22 16:04 . 2009-05-22 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-22 16:04 . 2009-05-22 16:03 -------- d-----w- c:\program files\CyberLink 2009-05-22 15:59 . 2009-05-22 14:55 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-05-22 15:59 . 2009-05-22 14:55 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-05-22 15:57 . 2009-05-22 14:55 88 --sh--r- c:\documents and settings\All Users\Application Data\F5842AF8EC.sys 2009-05-22 15:57 . 2009-05-22 14:55 88 --sh--r- c:\documents and settings\All Users\Application Data\F5842AF8EC.sys 2009-05-22 14:55 . 2009-05-22 14:55 -------- d-----w- c:\documents and settings\Milovan\Application Data\Corel 2009-05-22 07:43 . 2009-05-22 07:43 -------- d-----w- c:\program files\Common Files\Protexis 2009-05-22 07:43 . 2009-05-22 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-05-22 07:41 . 2009-05-22 07:41 -------- d-----w- c:\program files\Common Files\Corel 2009-05-22 07:36 . 2009-05-22 07:36 -------- d-----w- c:\program files\Corel 2009-05-22 07:30 . 2009-05-22 07:30 -------- d-----w- c:\program files\CorelDRAW Graphics Suite X4 2009-05-22 07:27 . 2009-05-22 07:27 -------- d-----w- c:\documents and settings\Milovan\Application Data\Design Science 2009-05-22 07:27 . 2009-05-22 07:27 -------- d-----w- c:\program files\MathType 2009-05-22 07:23 . 2009-05-22 07:23 -------- d-----w- c:\program files\Common Files\L&H 2009-05-22 07:22 . 2009-05-22 07:22 -------- d-----w- c:\program files\Microsoft.NET 2009-05-22 07:22 . 2009-05-22 07:22 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-05-22 07:17 . 2009-05-22 07:17 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-05-22 07:15 . 2009-05-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-05-22 07:15 . 2009-05-22 07:15 -------- d-----w- c:\program files\WinFast 2009-05-22 07:09 . 2009-05-22 00:07 -------- d-----w- c:\program files\Common Files\InstallShield 2009-05-22 07:04 . 2009-05-22 07:04 -------- d-----w- c:\program files\Attansic 2009-05-22 06:55 . 2009-05-22 06:55 -------- d-----w- c:\program files\Realtek 2009-05-22 06:32 . 2009-05-22 06:08 -------- d-----w- c:\program files\NVIDIA Corporation 2009-05-22 06:32 . 2009-05-22 06:32 98477 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{CE5FAE47-2316-499E-8BAF-BFFF4940769E}\_A3D2A7B84B2B0FD79E5279.exe 2009-05-22 06:32 . 2009-05-22 06:32 98477 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{CE5FAE47-2316-499E-8BAF-BFFF4940769E}\_6FEFF9B68218417F98F549.exe 2009-05-22 06:32 . 2009-05-22 06:32 10134 ----a-r- c:\documents and settings\Milovan\Application Data\Microsoft\Installer\{CE5FAE47-2316-499E-8BAF-BFFF4940769E}\_42896BCF9DF5217C8262B0.exe 2009-05-22 06:32 . 2009-05-22 06:32 -------- d-----w- c:\program files\Folding@home 2009-05-22 06:32 . 2009-05-22 06:32 -------- d-----w- c:\documents and settings\Milovan\Application Data\Folding@home-gpu 2009-05-22 06:03 . 2009-05-22 06:03 -------- d-----w- c:\program files\AGEIA Technologies 2009-05-22 06:02 . 2009-05-22 06:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-22 05:30 . 2009-05-21 23:58 22720 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-22 00:08 . 2009-05-22 00:08 -------- d-----w- c:\program files\VIA 2009-05-22 00:08 . 2009-05-22 00:08 -------- d-----w- c:\program files\AMD 2009-05-22 00:02 . 2009-05-22 00:02 -------- d-----w- c:\program files\microsoft frontpage 2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:56 . 2004-08-03 22:56 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-03 22:56 78336 ------w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2004-08-03 21:17 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2004-08-03 22:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2004-03-11 11:27 . 2009-05-22 16:03 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "WinFoxV2"="c:\windows\system32\WF2K.EXE" [2008-10-31 2342912] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-06 16262656] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Documents and Settings\\Milovan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Milovan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [5/22/2009 9:05 63232] R0 Shadow;Shadow; [x] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [5/22/2009 8:45 11264] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2009 2:21 108289] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [5/22/2009 9:04 35712] R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [5/22/2009 8:07 9600] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/6/2009 17:31 133104] S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [5/22/2009 9:15 9446] --- Other Services/Drivers In Memory --- NewlyCreated - SHADOW . Contents of the 'Scheduled Tasks' folder 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 15:31] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 15:31] 2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1383384898-839522115-1003Core.job - c:\documents and settings\Milovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-06 12:36] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1383384898-839522115-1003UA.job - c:\documents and settings\Milovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-06 12:36] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: {2ADFC642-0698-47D7-A4FC-52995C1CA721} = 192.168.100.252 FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-10 17:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3976) c:\windows\system32\msi.dll . Completion time: 2009-07-10 17:47 ComboFix-quarantined-files.txt 2009-07-10 15:47 Pre-Run: 71.056.318.464 bytes free Post-Run: 71.032.885.248 bytes free 220 --- E O F --- 2009-06-28 18:10

Profil

dr_Bora Poslao: 09 Jul 2009 18:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koristiš li ovaj softver: http://www.storagecraft.com/shadow_user.php Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

Car Dusan Silni Poslao: 09 Jul 2009 20:00 Idi na vrh
offline Car Dusan Silni Novi MyCity građanin Pridružio: 09 Jul 2009 Poruke: 21 Gde živiš: Kosjeric, Zapadna Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 09 Jul 2009 19:42 dr_Bora ::Koristiš li ovaj softver: storagecraft.com/shadow_user.php Ne, ali sam ga instalirao radi probe, a potom skinuo sa računara. Dopuna: 09 Jul 2009 20:00 Urađeno po preporuci: mycity.rs/must-login.png mycity.rs/must-login.png

Profil

dr_Bora Poslao: 09 Jul 2009 20:51 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde sada ne bi trebalo biti aktivnog malware-a. Stanje?

Profil

Car Dusan Silni Poslao: 10 Jul 2009 15:14 Idi na vrh
offline Car Dusan Silni Novi MyCity građanin Pridružio: 09 Jul 2009 Poruke: 21 Gde živiš: Kosjeric, Zapadna Srbija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlično, sistem je stabilan. Nema ponavljanja starih problema. Ko bude imao ovakav problem, neka prati prethodno napisanu proceduru i 100% će rešiti problem. Uzdravlje.

Profil

dr_Bora Poslao: 10 Jul 2009 16:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. To je sve...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom (axxxl.exe, autoran.inf , kht i khu)

Ko je trenutno na forumu

Ukupno su 995 korisnika na forumu :: 29 registrovanih, 7 sakrivenih i 959 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, bbogdan, Bobrock1, bokisha253, DonRumataEstorski, Dorcolac, DPera, Frunze, GandorCC, ikan, ivan1973, Kriglord, Kubovac, ljuba, Lošmi, mercedesamg, Milos ZA, milutin134, mnn2, nemkea71, nick79, royst33, ruma, SR-3m, uruk, VJ, vladetije, Webb

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by