Možda tražite i:
Trojan Horse Packed.Protector.C
Trojan horse PSW
Trojan Horse Dropper. Agent BMH?
trojan horse

MyCity » Ambulanta -> Arhiva Ambulante » Trojan Horse SpamBot i mnogi drugi ...

Trojan Horse SpamBot i mnogi drugi ...

Napisano na dan: 23.6.2008

Strana:
1
2

Trojan Horse SpamBot i mnogi drugi ...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

milena1402 Poslao: 23 Jun 2008 17:45 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 17:11:45, on 23.6.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TechniSat DVB\bin\Server4PC.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\TechniSat DVB\bin\Server4PC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Djora.ZVER\Desktop\New Folder (6)\HT.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08639ba7-9f1d-43b2-8aa0-fc21b3464d21} - C:\WINDOWS\system32\yayXoliF.dll O2 - BHO: (no name) - {0f8f84cf-dcba-4426-ac18-30a8ab00c526} - C:\WINDOWS\system32\urqPihFy.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [a81018e4] rundll32.exe "C:\WINDOWS\system32\tiiqjvsb.dll",b O4 - HKLM\..\Run: [BMab232b78] Rundll32.exe "C:\WINDOWS\system32\pfuobgmb.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]*\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [searching] Search from the Address bar O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: urqPihFy - C:\WINDOWS\SYSTEM32\urqPihFy.dll O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\ O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Potrebna pomoc, pre dva dana je greskom iskljucen AVG i od tada imam gomilu virusa koje ne mogu da ocistim. Net ne radi kako treba, jedva otvori tek po neki sajt iz desetog pokusaja, mreza ne radi u opste, aplikacije takodje, sve u svemu, ... Tu su: Trojan Horse BackDoor, Trojan Horse Generic, Trojan Horse Small, Trojan Horse KillAV, ... Ima li ovde pomoci osim reinstalacije? Unapred hvala. Milena

Profil

dr_Bora Poslao: 23 Jun 2008 17:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Privremeno ćemo isključiti AV: * Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

milena1402 Poslao: 23 Jun 2008 18:01 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mala napomena, posto ne mogu da udjem na MyCity ni na bilo koji sajt vise uopste, podigla sam sistem iz Safe Moda. Da li da primenim gore pomenuto i dok sam pod Safe Modeom?

Profil

dr_Bora Poslao: 23 Jun 2008 18:11 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poželjno je da korisitš ComboFix u Normal Mode-u (ukoliko to iz nekog razloga nije moguće, onda može i u Safe Mode-u).

Profil

milena1402 Poslao: 23 Jun 2008 18:31 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga (radjeno u Normal Mode-u), ali net i dalje ne funkcionise (osim sto iz kesha vuce pocetnu stranu): ComboFix 08-06-20.4 - Djora 2008-06-23 18:14:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2780 [GMT 2:00] Running from: C:\Documents and Settings\Djora.ZVER\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMab232b78.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\abupcswg.ini C:\WINDOWS\system32\bsvjqiit.ini C:\WINDOWS\system32\drivers\Piy11.sys C:\WINDOWS\system32\drivers\tcpsr.sys C:\WINDOWS\system32\FiloXyay.ini C:\WINDOWS\system32\FiloXyay.ini2 C:\WINDOWS\system32\jxihesoy.dll C:\WINDOWS\system32\mbcudxlq.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\sqgwoyxq.ini C:\WINDOWS\system32\urqPihFy.dll C:\WINDOWS\system32\yayXoliF.dll C:\WINDOWS\system32\ywtvdgfj.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PIY11 -------\Legacy_tcpsr -------\Service_Piy11 -------\Service_tcpsr ((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))) . 2008-06-23 18:20 . 2008-06-23 18:20 294 ---hs---- C:\WINDOWS\system32\ywtvdgfj.ini 2008-06-23 17:55 . 2008-06-23 17:55 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-23 17:13 . 2008-06-23 17:13 86,528 --a------ C:\WINDOWS\system32\jfgdvtwy.dll 2008-06-23 17:12 . 2008-06-23 17:12 95,232 --a------ C:\WINDOWS\system32\moahodab.dll 2008-06-23 17:10 . 2008-06-23 17:10 95,232 --a------ C:\WINDOWS\system32\pfuobgmb.dll 2008-06-22 14:14 . 2008-06-22 14:14 95,232 --a------ C:\WINDOWS\system32\lpccxeks.dll 2008-06-22 08:31 . 2008-06-22 08:31 94,208 --a------ C:\WINDOWS\system32\satclygk.dll 2008-06-22 01:34 . 2008-06-23 17:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-22 01:33 . 2008-06-22 01:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\AVGTOOLBAR 2008-06-22 01:31 . 2008-06-23 01:29 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-22 01:31 . 2008-06-22 01:31 <DIR> d-------- C:\Program Files\AVG 2008-06-22 01:31 . 2008-06-23 02:29 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\AVGTOOLBAR 2008-06-22 01:31 . 2008-06-22 01:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-06-22 01:31 . 2008-06-22 01:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-22 01:31 . 2008-06-22 01:31 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-06-22 01:31 . 2008-06-22 01:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-21 21:51 . 2008-06-21 21:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-06-21 21:39 . 2008-04-14 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-06-21 21:38 . 2008-04-14 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-06-21 21:04 . 2008-06-21 21:05 <DIR> d-------- C:\$WIN_NT$.~BT 2008-06-20 16:46 . 2008-06-23 18:20 62,384 --a------ C:\WINDOWS\system32\pqasghjd.sys 2008-06-20 16:46 . 2008-06-20 16:46 2 --a------ C:\-1475340213 2008-06-16 18:39 . 2008-06-19 17:01 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\skypePM 2008-06-16 18:39 . 2008-06-16 18:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-16 18:36 . 2008-06-16 18:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype 2008-06-09 21:27 . 2008-06-09 21:27 36 --a------ C:\WINDOWS\DaemonPlugin.INI 2008-06-02 20:46 . 2008-06-02 20:46 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\InstallShield 2008-05-29 12:06 . 2008-05-29 12:06 <DIR> d-------- C:\Program Files\Real Alternative 2008-05-29 12:06 . 2008-05-29 12:06 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\Media Player Classic 2008-05-29 12:06 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-05-29 12:06 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-05-23 23:06 . 2002-07-16 22:30 128,512 -ra------ C:\WINDOWS\system32\CNDUE124.dll 2008-05-23 23:06 . 2002-07-09 23:33 65,536 -ra------ C:\WINDOWS\system32\PSCLE124.dll 2008-05-23 23:06 . 2002-07-16 22:29 55,808 -ra------ C:\WINDOWS\system32\CNDCE124.dll 2008-05-23 23:06 . 2002-06-29 05:53 53,248 -ra------ C:\WINDOWS\system32\CNDNDlg.exe 2008-05-23 23:06 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-05-23 23:02 . 2008-05-23 23:02 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\WINDOWS 2008-05-23 23:02 . 1997-12-17 17:33 304,128 --a------ C:\WINDOWS\IsUninst.exe 2008-05-23 23:02 . 2008-05-23 23:02 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-05-23 23:00 . 2008-05-23 23:02 <DIR> d-------- C:\Program Files\Canon 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-05-23 15:36 . 2008-05-23 15:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI 2008-05-23 15:28 . 2008-04-14 05:42 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-05-23 15:28 . 2008-04-14 00:16 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2008-05-23 15:28 . 2008-04-14 05:42 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2008-05-23 15:28 . 2008-04-14 00:16 51,200 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2008-05-23 15:28 . 2008-04-14 05:42 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2008-05-23 15:28 . 2008-04-14 00:16 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2008-05-23 15:28 . 2008-04-14 00:16 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2008-05-23 15:28 . 2008-04-14 00:09 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2008-05-23 15:10 . 2008-05-23 15:11 <DIR> d-------- C:\Program Files\ATI Technologies 2008-05-23 15:10 . 2008-05-12 10:49 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe 2008-05-23 12:21 . 2008-06-21 23:19 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-23 12:21 . 2008-06-21 23:19 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-23 12:21 . 2008-06-21 23:20 <DIR> d-------- C:\WINDOWS\L2Schemas 2008-05-23 10:48 . 2008-04-14 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-05-23 10:48 . 2008-04-14 14:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll 2008-05-23 10:48 . 2008-04-14 14:00 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll 2008-05-23 10:46 . 2008-04-14 14:00 290,304 --a------ C:\WINDOWS\system32\rhttpaa.dll 2008-05-23 10:46 . 2008-04-14 14:00 290,304 --a--c--- C:\WINDOWS\system32\dllcache\rhttpaa.dll 2008-05-23 10:46 . 2008-04-14 14:00 136,192 --a--c--- C:\WINDOWS\system32\dllcache\aaclient.dll 2008-05-23 10:46 . 2008-04-14 14:00 136,192 --a------ C:\WINDOWS\system32\aaclient.dll 2008-05-23 10:46 . 2008-04-14 14:00 53,248 --a------ C:\WINDOWS\system32\tsgqec.dll 2008-05-23 10:46 . 2008-04-14 14:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\tsgqec.dll 2008-05-23 10:43 . 2008-05-23 10:43 4,444 --a------ C:\WINDOWS\system32\pid.PNF 2008-05-23 10:33 . 2008-04-14 14:00 1,296,669 -ra------ C:\WINDOWS\SET4E.tmp 2008-05-23 10:33 . 2008-04-14 14:00 1,088,840 -ra------ C:\WINDOWS\SET4F.tmp 2008-05-23 10:33 . 2008-04-14 14:00 16,535 -ra------ C:\WINDOWS\SET5B.tmp 2008-05-23 10:33 . 2008-05-23 10:51 4,382 --a------ C:\WINDOWS\imsins.BAK 2008-05-23 10:11 . 2008-04-14 14:00 480,367 -ra------ C:\txtsetup.sif 2008-05-23 10:11 . 2008-04-14 14:00 260,288 -ra------ C:\$LDR$ 2008-05-23 10:04 . 2008-05-23 10:05 <DIR> d-------- C:\Program Files\TechniSat DVB 2008-05-23 10:04 . 2008-05-23 10:04 <DIR> d-------- C:\Program Files\DVBViewerTE 2008-05-23 10:01 . 2008-06-21 20:44 638,248 --a------ C:\WINDOWS\setupapi.old 2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 20:28 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-21 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-21 19:52 --------- d-----w C:\Program Files\Electronic Arts 2008-06-20 13:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files 2008-06-13 20:22 --------- d-----w C:\Program Files\eMule 2008-06-10 15:50 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-06-10 15:50 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-06-06 11:52 --------- d-----w C:\Program Files\DivX 2008-06-02 18:47 --------- d-----w C:\Program Files\Intel 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-28 17:51 --------- d-----w C:\Documents and Settings\Djora.ZVER\Application Data\DAEMON Tools 2008-05-23 13:50 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-15 10:54 --------- d-----w C:\Program Files\Hmonitor 2008-05-15 10:41 --------- d-----w C:\Program Files\FreshDevices 2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-05-10 22:03 823,856 ----a-w C:\WINDOWS\MF0802.zip 2008-04-26 15:01 --------- d-----w C:\Program Files\USB Disk Security 2008-04-25 12:52 --------- d-----w C:\Program Files\Google 2008-04-25 08:20 --------- d-----w C:\Program Files\FLAC 2008-04-23 06:57 --------- d-----w C:\Program Files\Kaspersky Lab 2008-04-14 03:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll 2008-04-14 03:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll 2008-03-10 18:37 22,328 ----a-w C:\Documents and Settings\Djora.ZVER\Application Data\PnkBstrK.sys 2006-06-23 12:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:00 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-22 01:31 1177368] "a81018e4"="C:\WINDOWS\system32\jfgdvtwy.dll" [2008-06-23 17:13 86528] "BMab232b78"="C:\WINDOWS\system32\moahodab.dll" [2008-06-23 17:12 95232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 14:00 15360] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [5/23/2008 10:04:44 AM 338448] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-08-08 18:31 148760 C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "WZCSVC"=2 (0x2) "W32Time"=2 (0x2) "Wmi"=3 (0x3) "MSIServer"=3 (0x3) "stisvc"=3 (0x3) "VSS"=3 (0x3) "upnphost"=3 (0x3) "UPS"=3 (0x3) "Themes"=2 (0x2) "Schedule"=2 (0x2) "LmHosts"=2 (0x2) "srservice"=2 (0x2) "SCardSvr"=3 (0x3) "lanmanserver"=2 (0x2) "SSDPSRV"=3 (0x3) "NtmsSvc"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "RSVP"=3 (0x3) "ProtectedStorage"=2 (0x2) "WmdmPmSN"=3 (0x3) "SysmonLog"=3 (0x3) "Nla"=3 (0x3) "mnmsrvc"=3 (0x3) "Netlogon"=3 (0x3) "SwPrv"=3 (0x3) "dmserver"=2 (0x2) "PolicyAgent"=2 (0x2) "ImapiService"=3 (0x3) "helpsvc"=2 (0x2) "MSDTC"=3 (0x3) "TrkWks"=2 (0x2) "Browser"=2 (0x2) "COMSysApp"=3 (0x3) "BITS"=3 (0x3) "AppMgmt"=3 (0x3) "ALG"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Install\\Staro\\Programi\\satelitska\\ProgDVB\\gbox\\gboxx86.exe"= "C:\\Install\\Staro\\Programi\\satelitska\\ProgDVB\\ProgDVB.exe"= "C:\\Install\\Programi\\Strong DC++\\StrongDC.exe"= "C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"= "C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-22 01:31] R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 14:44] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-22 01:31] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-22 01:31] R2 avgtdix;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-22 01:31] R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-03-20 18:35] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-23 18:20:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ywtvdgfj.ini 294 bytes scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-06-23 18:22:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-23 16:22:12 Pre-Run: 62,885,654,528 bytes free Post-Run: 64,805,810,176 bytes free 303

Profil

dr_Bora Poslao: 23 Jun 2008 19:35 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

milena1402 Poslao: 23 Jun 2008 20:40 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Preuzela sam Gmer, ali problem je sto uporno vec nakon 20-ak sekundi skeniranja resetuje komp. Ne mogu da odradim sken do kraja. Dopuna: 23 Jun 2008 20:40 Evo skenova iz Safe Moda. [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 23 Jun 2008 20:52 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\ywtvdgfj.ini C:\WINDOWS\system32\jfgdvtwy.dll C:\WINDOWS\system32\moahodab.dll C:\WINDOWS\system32\pfuobgmb.dll C:\WINDOWS\system32\lpccxeks.dll C:\WINDOWS\system32\satclygk.dll C:\WINDOWS\system32\pqasghjd.sys C:\-1475340213 Driver:: pqasghjd Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "a81018e4"=- "BMab232b78"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

milena1402 Poslao: 23 Jun 2008 21:20 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo najnovijeg loga: ComboFix 08-06-20.4 - Djora 2008-06-23 21:07:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2833 [GMT 2:00] Running from: C:\Documents and Settings\Djora.ZVER\Desktop\ComboFix.exe Command switches used :: C:\Install\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\-1475340213 C:\WINDOWS\system32\jfgdvtwy.dll C:\WINDOWS\system32\lpccxeks.dll C:\WINDOWS\system32\moahodab.dll C:\WINDOWS\system32\pfuobgmb.dll C:\WINDOWS\system32\pqasghjd.sys C:\WINDOWS\system32\satclygk.dll C:\WINDOWS\system32\ywtvdgfj.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1475340213 C:\WINDOWS\BMab232b78.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\jfgdvtwy.dll C:\WINDOWS\system32\lpccxeks.dll C:\WINDOWS\system32\moahodab.dll C:\WINDOWS\system32\pfuobgmb.dll C:\WINDOWS\system32\pqasghjd.sys C:\WINDOWS\system32\satclygk.dll C:\WINDOWS\system32\ywtvdgfj.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_pqasghjd ((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))) . 2008-06-23 20:16 . 2008-06-23 20:24 250 --a------ C:\WINDOWS\gmer.ini 2008-06-23 17:55 . 2008-06-23 17:55 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-22 01:34 . 2008-06-23 17:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-22 01:33 . 2008-06-22 01:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\AVGTOOLBAR 2008-06-22 01:31 . 2008-06-23 01:29 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-22 01:31 . 2008-06-22 01:31 <DIR> d-------- C:\Program Files\AVG 2008-06-22 01:31 . 2008-06-23 02:29 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\AVGTOOLBAR 2008-06-22 01:31 . 2008-06-22 01:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-06-22 01:31 . 2008-06-22 01:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-22 01:31 . 2008-06-22 01:31 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-06-22 01:31 . 2008-06-22 01:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-21 21:51 . 2008-06-21 21:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-06-21 21:39 . 2008-04-14 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-06-21 21:38 . 2008-04-14 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-06-21 21:36 . 2008-06-21 21:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-06-21 21:04 . 2008-06-21 21:05 <DIR> d-------- C:\$WIN_NT$.~BT 2008-06-16 18:39 . 2008-06-19 17:01 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\skypePM 2008-06-16 18:39 . 2008-06-16 18:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-16 18:36 . 2008-06-16 18:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype 2008-06-09 21:27 . 2008-06-09 21:27 36 --a------ C:\WINDOWS\DaemonPlugin.INI 2008-06-02 20:46 . 2008-06-02 20:46 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\InstallShield 2008-05-29 12:06 . 2008-05-29 12:06 <DIR> d-------- C:\Program Files\Real Alternative 2008-05-29 12:06 . 2008-05-29 12:06 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\Application Data\Media Player Classic 2008-05-29 12:06 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-05-29 12:06 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-05-23 23:06 . 2002-07-16 22:30 128,512 -ra------ C:\WINDOWS\system32\CNDUE124.dll 2008-05-23 23:06 . 2002-07-09 23:33 65,536 -ra------ C:\WINDOWS\system32\PSCLE124.dll 2008-05-23 23:06 . 2002-07-16 22:29 55,808 -ra------ C:\WINDOWS\system32\CNDCE124.dll 2008-05-23 23:06 . 2002-06-29 05:53 53,248 -ra------ C:\WINDOWS\system32\CNDNDlg.exe 2008-05-23 23:06 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-05-23 23:02 . 2008-05-23 23:02 <DIR> d-------- C:\Documents and Settings\Djora.ZVER\WINDOWS 2008-05-23 23:02 . 1997-12-17 17:33 304,128 --a------ C:\WINDOWS\IsUninst.exe 2008-05-23 23:02 . 2008-05-23 23:02 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-05-23 23:00 . 2008-05-23 23:02 <DIR> d-------- C:\Program Files\Canon 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-05-23 15:36 . 2008-05-23 15:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI 2008-05-23 15:28 . 2008-04-14 05:42 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-05-23 15:28 . 2008-04-14 00:16 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2008-05-23 15:28 . 2008-04-14 05:42 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2008-05-23 15:28 . 2008-04-14 00:16 51,200 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2008-05-23 15:28 . 2008-04-14 05:42 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2008-05-23 15:28 . 2008-04-14 00:16 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2008-05-23 15:28 . 2008-04-14 00:16 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2008-05-23 15:28 . 2008-04-14 00:09 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2008-05-23 15:10 . 2008-05-23 15:11 <DIR> d-------- C:\Program Files\ATI Technologies 2008-05-23 15:10 . 2008-05-12 10:49 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe 2008-05-23 12:21 . 2008-06-21 23:19 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-23 12:21 . 2008-06-21 23:19 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-23 12:21 . 2008-06-21 23:20 <DIR> d-------- C:\WINDOWS\L2Schemas 2008-05-23 10:48 . 2008-04-14 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-05-23 10:48 . 2008-04-14 14:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll 2008-05-23 10:48 . 2008-04-14 14:00 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll 2008-05-23 10:46 . 2008-04-14 14:00 290,304 --a------ C:\WINDOWS\system32\rhttpaa.dll 2008-05-23 10:46 . 2008-04-14 14:00 290,304 --a--c--- C:\WINDOWS\system32\dllcache\rhttpaa.dll 2008-05-23 10:46 . 2008-04-14 14:00 136,192 --a--c--- C:\WINDOWS\system32\dllcache\aaclient.dll 2008-05-23 10:46 . 2008-04-14 14:00 136,192 --a------ C:\WINDOWS\system32\aaclient.dll 2008-05-23 10:46 . 2008-04-14 14:00 53,248 --a------ C:\WINDOWS\system32\tsgqec.dll 2008-05-23 10:46 . 2008-04-14 14:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\tsgqec.dll 2008-05-23 10:43 . 2008-05-23 10:43 4,444 --a------ C:\WINDOWS\system32\pid.PNF 2008-05-23 10:33 . 2008-04-14 14:00 1,296,669 -ra------ C:\WINDOWS\SET4E.tmp 2008-05-23 10:33 . 2008-04-14 14:00 1,088,840 -ra------ C:\WINDOWS\SET4F.tmp 2008-05-23 10:33 . 2008-04-14 14:00 16,535 -ra------ C:\WINDOWS\SET5B.tmp 2008-05-23 10:33 . 2008-05-23 10:51 4,382 --a------ C:\WINDOWS\imsins.BAK 2008-05-23 10:11 . 2008-04-14 14:00 480,367 -ra------ C:\txtsetup.sif 2008-05-23 10:11 . 2008-04-14 14:00 260,288 -ra------ C:\$LDR$ 2008-05-23 10:04 . 2008-05-23 10:05 <DIR> d-------- C:\Program Files\TechniSat DVB 2008-05-23 10:04 . 2008-05-23 10:04 <DIR> d-------- C:\Program Files\DVBViewerTE 2008-05-23 10:01 . 2008-06-21 20:44 638,248 --a------ C:\WINDOWS\setupapi.old 2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 20:28 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-21 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-21 19:52 --------- d-----w C:\Program Files\Electronic Arts 2008-06-20 13:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files 2008-06-13 20:22 --------- d-----w C:\Program Files\eMule 2008-06-10 15:50 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-06-10 15:50 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-06-06 11:52 --------- d-----w C:\Program Files\DivX 2008-06-02 18:47 --------- d-----w C:\Program Files\Intel 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-28 17:51 --------- d-----w C:\Documents and Settings\Djora.ZVER\Application Data\DAEMON Tools 2008-05-23 13:50 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-15 10:54 --------- d-----w C:\Program Files\Hmonitor 2008-05-15 10:41 --------- d-----w C:\Program Files\FreshDevices 2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-05-10 22:03 823,856 ----a-w C:\WINDOWS\MF0802.zip 2008-04-26 15:01 --------- d-----w C:\Program Files\USB Disk Security 2008-04-25 12:52 --------- d-----w C:\Program Files\Google 2008-04-25 08:20 --------- d-----w C:\Program Files\FLAC 2008-04-23 06:57 --------- d-----w C:\Program Files\Kaspersky Lab 2008-04-14 03:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll 2008-04-14 03:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll 2008-03-10 18:37 22,328 ----a-w C:\Documents and Settings\Djora.ZVER\Application Data\PnkBstrK.sys 2006-06-23 12:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-23 16:19:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-23 19:10:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-23 18:16:17 884,736 ----a-w C:\WINDOWS\gmer.dll + 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe + 2008-06-23 18:16:17 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys - 2008-06-23 16:09:03 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-23 18:26:11 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-23 16:09:03 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-23 18:26:11 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:00 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-22 01:31 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 14:00 15360] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [5/23/2008 10:04:44 AM 338448] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-08-08 18:31 148760 C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "WZCSVC"=2 (0x2) "W32Time"=2 (0x2) "Wmi"=3 (0x3) "MSIServer"=3 (0x3) "stisvc"=3 (0x3) "VSS"=3 (0x3) "upnphost"=3 (0x3) "UPS"=3 (0x3) "Themes"=2 (0x2) "Schedule"=2 (0x2) "LmHosts"=2 (0x2) "srservice"=2 (0x2) "SCardSvr"=3 (0x3) "lanmanserver"=2 (0x2) "SSDPSRV"=3 (0x3) "NtmsSvc"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "RSVP"=3 (0x3) "ProtectedStorage"=2 (0x2) "WmdmPmSN"=3 (0x3) "SysmonLog"=3 (0x3) "Nla"=3 (0x3) "mnmsrvc"=3 (0x3) "Netlogon"=3 (0x3) "SwPrv"=3 (0x3) "dmserver"=2 (0x2) "PolicyAgent"=2 (0x2) "ImapiService"=3 (0x3) "helpsvc"=2 (0x2) "MSDTC"=3 (0x3) "TrkWks"=2 (0x2) "Browser"=2 (0x2) "COMSysApp"=3 (0x3) "BITS"=3 (0x3) "AppMgmt"=3 (0x3) "ALG"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Install\\Staro\\Programi\\satelitska\\ProgDVB\\gbox\\gboxx86.exe"= "C:\\Install\\Staro\\Programi\\satelitska\\ProgDVB\\ProgDVB.exe"= "C:\\Install\\Programi\\Strong DC++\\StrongDC.exe"= "C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"= "C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-22 01:31] R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 14:44] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-22 01:31] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-22 01:31] R2 avgtdix;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-22 01:31] R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-03-20 18:35] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-23 21:10:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-06-23 21:12:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-23 19:12:32 ComboFix2.txt 2008-06-23 16:22:15 Pre-Run: 64,750,215,168 bytes free Post-Run: 64,739,520,512 bytes free 305

Profil

dr_Bora Poslao: 23 Jun 2008 21:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajde sada probaj da odradiš Gmer Rootkit/Malware scan iz Normal Mode-a (prethodno isključi antivirus) - ako uspe, prikači logfile uz poruku. Kakvo je trenutno stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan Horse SpamBot i mnogi drugi ...

Ko je trenutno na forumu

Ukupno su 1004 korisnika na forumu :: 69 registrovanih, 8 sakrivenih i 927 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100jan, Asteker, Bobrock1, Boris90, Borski1977, Brankojle, brkan1, C-Gun, cvrle312, dj.ape, Django777, djboj, Dorcolac2, drgrozozo, drimer, dule10savic, Dvojac005, famoso, Flanker-G, FOX, Georgius, Hardenberg, iceburn, Ir, ivran064, Japidson, Kibice, Kozi-RS, Kuroje, leopard83, Lotus, lucko1, Marko Marković, mexo, milenko crazy north, milenko1980, milikonst, mnn2, Mr. Majevica, mrav pesadinac, MrNo, museum, nikoladim, Nobunaga, Paklenica, pein, pera bager, Povratak1912, Prašinar, precan, procesor, Profica, raptorsi, repac, rodoljub, shlauf, sickmouse, Sioux7674, Snorks, Srki94, tomislav33, VladaDi, Vrač, vukan0799, W123, Wrangler, yrraf, Zoca, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by