MyCity » Ambulanta -> Arhiva Ambulante » antivirus pokazuje trojanca

antivirus pokazuje trojanca

Napisano na dan: 15.9.2008

Strana:
1
2

antivirus pokazuje trojanca

Sledeća strana

Pagination

Odgovori

Strana:
1
2

max1101 Poslao: 15 Sep 2008 20:50 Idi na vrh
offline max1101 Građanin Pridružio: 15 Sep 2008 Poruke: 74	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:29, on 15.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\sdphost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\BHROOT\BIN\NT611SVC.EXE C:\Program Files\BHROOT\BIN\monitor.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BHROOT\BIN\PORTMAP.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Robi\Desktop\Nova mapa\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.hr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file) R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing) O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Files Driver] sdphost.exe O4 - HKLM\..\RunServices: [Files Driver] sdphost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe" "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe" "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot O4 - HKCU\..\Run: [svchost] c:\windows\swchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYHR O8 - Extra context menu item: Mail to a Friend... - client.alexa.com/holiday/script/actions/mailto.htm O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.0.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: bh611 - Bell& Howell - C:\Program Files\BHROOT\BIN\NT611SVC.EXE O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\BHROOT\BIN\monitor.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Update Service (gupdate1c8fe527b2f7a97) (gupdate1c8fe527b2f7a97) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\BHROOT\BIN\PORTMAP.EXE -- End of file - 8040 bytes evo napravio sam kako piše u uputama za postavlajnje teme ovdje. Problem je da mi nod32 pokazuje da imam trojanca a kad ga hoću obrisat sa nod-om kaže da je zakljućana datoteka i da ju nemože obrisat, kako da ga maknem? Molim vas pomozite mi!

Profil

dr_Bora Poslao: 15 Sep 2008 21:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

max1101 Poslao: 15 Sep 2008 21:17 Idi na vrh
offline max1101 Građanin Pridružio: 15 Sep 2008 Poruke: 74	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo log od combofix-a ComboFix 08-09-15.01 - Robi 2008-09-15 21:06:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.251 [GMT 2:00] Running from: C:\Documents and Settings\Robi\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Robi\Application Data\inst.exe C:\Documents and Settings\Robi\Cookies\robi@a.fish4.co[1].txt C:\Documents and Settings\Robi\Cookies\robi@ad.yieldmanager[2].txt C:\Documents and Settings\Robi\Cookies\robi@clicktorrent[1].txt C:\Documents and Settings\Robi\Cookies\robi@mercedesklub[1].txt C:\WINDOWS\system32\btfunc.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll . ---- Previous Run ------- . C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 ))))))))))))))))))))))))))))))) . 2008-09-15 21:09 . 2008-09-15 21:09 240,240 --a------ C:\WINDOWS\system32\wpcap.dll 2008-09-15 21:09 . 2008-09-15 21:09 88,704 --a------ C:\WINDOWS\system32\packet.dll 2008-09-15 14:30 . 2008-09-15 14:31 <DIR> d-------- C:\Program Files\Euro Truck Simulator 2008-09-15 14:27 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2008-09-15 14:10 . 2008-09-15 14:10 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MozillaControl 2008-09-15 12:59 . 2008-09-15 12:59 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests 2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests 2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\aidualc3 2008-09-15 00:55 . 2008-09-15 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-09-14 02:04 . 2008-09-14 02:04 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-09-14 00:45 . 2008-08-30 01:53 151,552 --a------ C:\WINDOWS\system32\securenet.dll 2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys 2008-09-13 17:02 . 2008-09-13 17:02 32 --a------ C:\WINDOWS\tdlp32.ini 2008-09-13 16:54 . 2008-09-15 12:52 <DIR> d-------- C:\Program Files\Xara 2008-09-13 13:13 . 2008-09-13 13:13 236 --a------ C:\sqmdata01.sqm 2008-09-13 13:13 . 2008-09-13 13:13 200 --a------ C:\sqmnoopt01.sqm 2008-09-12 20:59 . 2008-09-12 20:59 <DIR> d-------- C:\Program Files\vso 2008-09-12 20:59 . 2008-09-12 21:22 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Vso 2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\Documents and Settings\Robi\Application Data\pcouffin.sys 2008-09-11 15:23 . 2008-09-11 15:23 248 --a------ C:\sqmdata00.sqm 2008-09-11 15:23 . 2008-09-11 15:23 200 --a------ C:\sqmnoopt00.sqm 2008-09-10 18:43 . 2008-09-10 18:43 <DIR> d-------- C:\Program Files\AVG 2008-09-09 00:16 . 2008-09-09 00:16 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-09-08 21:39 . 2008-09-08 21:38 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-09-08 21:39 . 2008-09-08 21:38 274,432 --a------ C:\WINDOWS\system32\imon.dll 2008-09-08 21:30 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2008-09-08 21:30 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2008-09-08 21:30 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax 2008-09-08 21:30 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2008-09-08 21:30 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2008-09-08 21:30 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv 2008-09-08 21:30 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2008-09-08 21:30 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd 2008-09-08 21:30 . 2008-09-08 21:30 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2008-09-08 21:30 . 2008-09-08 21:30 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2008-09-07 23:48 . 2008-09-07 23:48 <DIR> d-------- C:\Program Files\PowerISO 2008-09-07 20:34 . 2008-09-07 20:34 88 --a------ C:\WINDOWS\StyleBuilder.INI 2008-09-07 02:05 . 2008-09-07 02:05 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-09-07 00:43 . 2008-09-07 00:43 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\InstallShield 2008-09-06 22:34 . 2008-09-06 22:34 360,320 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-09-06 21:23 . 2008-09-06 21:23 <DIR> d-------- C:\Program Files\uTorrent 2008-09-06 21:23 . 2008-09-15 14:26 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\uTorrent 2008-09-06 17:58 . 2008-09-06 17:58 <DIR> d-------- C:\Program Files\VDOWNLOADER 2008-09-06 15:37 . 2008-09-06 15:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-06 15:34 . 2008-09-06 15:34 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-09-06 15:20 . 2008-09-10 21:50 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-09-06 15:09 . 2008-09-07 02:05 <DIR> d-------- C:\Program Files\Reganam 2008-09-06 15:09 . 2008-09-06 15:09 <DIR> d-------- C:\Program Files\Conduit 2008-09-06 15:09 . 2008-09-07 02:03 <DIR> d-------- C:\Program Files\3GP Player 2008-09-06 14:06 . 2008-09-15 21:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-04 23:38 . 2008-09-04 23:38 520 --a------ C:\WINDOWS\netdet.ini 2008-09-04 23:37 . 2000-12-06 01:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx 2008-09-04 23:37 . 2000-12-06 01:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx 2008-09-02 20:39 . 2008-09-02 20:39 <DIR> d-------- C:\Program Files\MyXOFT 2008-09-02 20:39 . 2006-12-01 22:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-09-02 20:39 . 2006-12-01 22:03 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll 2008-09-02 20:39 . 2006-12-02 06:22 479,232 --a------ C:\WINDOWS\system32\msvcm80.dll 2008-09-02 20:39 . 2006-12-01 22:03 1,869 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest 2008-08-30 21:35 . 2008-08-30 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\ICQ 2008-08-30 21:35 . 2008-08-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ 2008-08-30 21:34 . 2008-08-30 21:36 <DIR> d-------- C:\Program Files\ICQ6 2008-08-30 00:13 . 2008-09-14 21:06 <DIR> d-------- C:\Documents and Settings\Robi\Tracing 2008-08-30 00:13 . 2008-09-09 21:48 <DIR> d-------- C:\Documents and Settings\Robi\Contacts 2008-08-30 00:11 . 2008-09-08 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MSN6 2008-08-30 00:11 . 2008-08-30 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-08-30 00:01 . 2008-08-30 00:01 <DIR> d-------- C:\Program Files\Common Files\Windows Live 2008-08-29 23:56 . 2008-08-29 23:56 <DIR> d-------- C:\Program Files\Windows Live 2008-08-27 23:06 . 2008-08-27 23:06 <DIR> d-------- C:\Program Files\BitTorrent 2008-08-27 23:06 . 2008-09-09 15:17 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\BitTorrent 2008-08-26 09:10 . 2008-09-03 11:41 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-24 21:29 . 2008-08-24 21:29 <DIR> d-------- C:\Program Files\Far 2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-08-24 16:02 . 2008-08-24 16:02 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-24 16:02 . 2008-08-24 16:02 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-08-24 16:02 . 2008-08-24 16:02 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-08-24 16:00 . 2008-08-24 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-08-24 15:58 . 2008-08-24 22:16 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-08-23 20:15 . 2008-09-07 01:36 <DIR> d-------- C:\Program Files\IDoser v4 2008-08-21 22:56 . 2008-08-21 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner 2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper 2008-08-16 19:01 . 2008-08-24 15:03 <DIR> d-------- C:\Program Files\Dachshund Software 2008-08-16 19:01 . 2008-08-24 15:00 221 --ah----- C:\WINDOWS\winshell.dat 2008-08-16 18:25 . 2008-08-16 18:25 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Uniblue 2008-08-15 15:52 . 2008-08-16 19:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-15 15:52 . 2008-08-15 15:52 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-15 19:09 42,512 ----a-w C:\WINDOWS\system32\drivers\npf.sys 2008-09-15 14:27 --------- d-----w C:\Program Files\Google 2008-09-15 12:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-13 18:33 --------- d-----w C:\Documents and Settings\Robi\Application Data\TransRender 2008-09-13 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-12 16:54 --------- d-----w C:\Documents and Settings\Robi\Application Data\Temporary 2008-09-08 20:04 --------- d-----w C:\Program Files\Eset 2008-09-06 20:34 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-08-24 19:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-19 16:36 --------- d-----w C:\Program Files\IrfanView 2008-08-16 17:32 --------- d-----w C:\Program Files\Winamp 2008-08-16 17:21 --------- d-----w C:\Documents and Settings\Robi\Application Data\Smart PC Solutions 2008-08-16 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-16 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-13 11:25 --------- d-----w C:\Documents and Settings\Robi\Application Data\www.TheXSoft.com 2008-08-13 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\www.TheXSoft.com 2008-08-12 22:52 --------- d-----w C:\Program Files\DivX 2008-08-12 22:48 --------- d-----w C:\Program Files\DrWindows 2008-08-12 20:03 --------- d-----w C:\Program Files\Common Files\Vbox 2008-08-12 19:53 --------- d-----w C:\Program Files\PSP 2008-08-11 20:27 --------- d-----w C:\Documents and Settings\Robi\Application Data\zweitgeist 2008-08-08 16:05 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-08-08 15:45 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-08-07 22:13 --------- d-----w C:\Documents and Settings\Robi\Application Data\ICQ Toolbar 2008-08-07 18:16 --------- d-----w C:\Program Files\Marvell 2008-08-05 19:07 --------- d-----w C:\Documents and Settings\Robi\Application Data\DivX 2008-07-31 20:23 --------- d-----w C:\Program Files\Common Files\Autodata Limited Shared 2007-06-13 10:23 933,888 --sh--r C:\WINDOWS\system32\sdphost.exe 2008-05-21 18:59 116,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-21 18:10 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ------- Sigcheck ------- 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys 2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys 2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}] 2008-08-29 19:28 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] 2008-09-06 15:11 1569304 --------- C:\Program Files\Reganam\tbReg1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-08 921600] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl] "Files Driver"="sdphost.exe" [2007-06-13 C:\WINDOWS\system32\sdphost.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Files Driver"="sdphost.exe" [2007-06-13 C:\WINDOWS\system32\sdphost.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "D:\\Program Files\\game.dat"= "D:\\UT2004\\System\\UT2004.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-24 13352] S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [2008-09-15 42512] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe HKCU-Run-Registry Helper - C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe HKCU-Run-Disk Cleaner - C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe HKLM-Run-OpenDNS Update - C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.hr/ R0 -: HKCU-Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNxmk142YYHR&fl=0&ptb=rFSuPRdDEVSyAqSB4yXKBw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore O8 -: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYHR O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-15 21:09:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\packet.dll 88704 bytes executable C:\WINDOWS\system32\wpcap.dll 240240 bytes executable scan completed successfully hidden files: 2 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\BHROOT\BIN\NT611SVC.EXE C:\Program Files\BHROOT\BIN\MONITOR.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\BHROOT\BIN\PORTMAP.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\ComboFix\pv.cfexe . ************************************************************************ . Completion time: 2008-09-15 21:11:45 - machine was rebooted [Robi] ComboFix-quarantined-files.txt 2008-09-15 19:11:41 Pre-Run: 30,593,269,760 bytes free Post-Run: 31,035,498,496 bytes free 276 --- E O F --- 2008-09-11 02:32:04

Profil

dr_Bora Poslao: 15 Sep 2008 21:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\sdphost.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Files Driver"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Files Driver"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

max1101 Poslao: 15 Sep 2008 21:57 Idi na vrh
offline max1101 Građanin Pridružio: 15 Sep 2008 Poruke: 74	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo napravio sam sve po uputama i evo log combofix-a: ComboFix 08-09-15.01 - Robi 2008-09-15 21:47:21.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.236 [GMT 2:00] Running from: C:\Documents and Settings\Robi\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Robi\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\sdphost.exe C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 ))))))))))))))))))))))))))))))) . 2008-09-15 14:30 . 2008-09-15 14:31 <DIR> d-------- C:\Program Files\Euro Truck Simulator 2008-09-15 14:27 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2008-09-15 14:10 . 2008-09-15 14:10 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MozillaControl 2008-09-15 12:59 . 2008-09-15 12:59 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests 2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests 2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\aidualc3 2008-09-15 00:55 . 2008-09-15 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-09-14 02:04 . 2008-09-14 02:04 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-09-14 00:45 . 2008-08-30 01:53 151,552 --a------ C:\WINDOWS\system32\securenet.dll 2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys 2008-09-13 17:02 . 2008-09-13 17:02 32 --a------ C:\WINDOWS\tdlp32.ini 2008-09-13 16:54 . 2008-09-15 12:52 <DIR> d-------- C:\Program Files\Xara 2008-09-13 13:13 . 2008-09-13 13:13 236 --a------ C:\sqmdata01.sqm 2008-09-13 13:13 . 2008-09-13 13:13 200 --a------ C:\sqmnoopt01.sqm 2008-09-12 20:59 . 2008-09-12 20:59 <DIR> d-------- C:\Program Files\vso 2008-09-12 20:59 . 2008-09-12 21:22 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Vso 2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\Documents and Settings\Robi\Application Data\pcouffin.sys 2008-09-11 15:23 . 2008-09-11 15:23 248 --a------ C:\sqmdata00.sqm 2008-09-11 15:23 . 2008-09-11 15:23 200 --a------ C:\sqmnoopt00.sqm 2008-09-10 18:43 . 2008-09-10 18:43 <DIR> d-------- C:\Program Files\AVG 2008-09-09 00:16 . 2008-09-09 00:16 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-09-08 21:39 . 2008-09-08 21:38 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-09-08 21:39 . 2008-09-08 21:38 274,432 --a------ C:\WINDOWS\system32\imon.dll 2008-09-08 21:30 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2008-09-08 21:30 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2008-09-08 21:30 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax 2008-09-08 21:30 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2008-09-08 21:30 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2008-09-08 21:30 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv 2008-09-08 21:30 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2008-09-08 21:30 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd 2008-09-08 21:30 . 2008-09-08 21:30 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2008-09-08 21:30 . 2008-09-08 21:30 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2008-09-07 23:48 . 2008-09-07 23:48 <DIR> d-------- C:\Program Files\PowerISO 2008-09-07 20:34 . 2008-09-07 20:34 88 --a------ C:\WINDOWS\StyleBuilder.INI 2008-09-07 02:05 . 2008-09-07 02:05 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-09-07 00:43 . 2008-09-07 00:43 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\InstallShield 2008-09-06 22:34 . 2008-09-06 22:34 360,320 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-09-06 21:23 . 2008-09-06 21:23 <DIR> d-------- C:\Program Files\uTorrent 2008-09-06 21:23 . 2008-09-15 14:26 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\uTorrent 2008-09-06 17:58 . 2008-09-06 17:58 <DIR> d-------- C:\Program Files\VDOWNLOADER 2008-09-06 15:37 . 2008-09-06 15:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-06 15:34 . 2008-09-06 15:34 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-09-06 15:20 . 2008-09-10 21:50 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-09-06 15:09 . 2008-09-07 02:05 <DIR> d-------- C:\Program Files\Reganam 2008-09-06 15:09 . 2008-09-06 15:09 <DIR> d-------- C:\Program Files\Conduit 2008-09-06 15:09 . 2008-09-07 02:03 <DIR> d-------- C:\Program Files\3GP Player 2008-09-06 14:06 . 2008-09-15 21:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-04 23:38 . 2008-09-04 23:38 520 --a------ C:\WINDOWS\netdet.ini 2008-09-04 23:37 . 2000-12-06 01:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx 2008-09-04 23:37 . 2000-12-06 01:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx 2008-09-02 20:39 . 2008-09-02 20:39 <DIR> d-------- C:\Program Files\MyXOFT 2008-09-02 20:39 . 2006-12-01 22:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-09-02 20:39 . 2006-12-01 22:03 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll 2008-09-02 20:39 . 2006-12-02 06:22 479,232 --a------ C:\WINDOWS\system32\msvcm80.dll 2008-09-02 20:39 . 2006-12-01 22:03 1,869 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest 2008-08-30 21:35 . 2008-08-30 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\ICQ 2008-08-30 21:35 . 2008-08-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ 2008-08-30 21:34 . 2008-08-30 21:36 <DIR> d-------- C:\Program Files\ICQ6 2008-08-30 00:13 . 2008-09-14 21:06 <DIR> d-------- C:\Documents and Settings\Robi\Tracing 2008-08-30 00:13 . 2008-09-09 21:48 <DIR> d-------- C:\Documents and Settings\Robi\Contacts 2008-08-30 00:11 . 2008-09-08 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MSN6 2008-08-30 00:11 . 2008-08-30 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-08-30 00:01 . 2008-08-30 00:01 <DIR> d-------- C:\Program Files\Common Files\Windows Live 2008-08-29 23:56 . 2008-08-29 23:56 <DIR> d-------- C:\Program Files\Windows Live 2008-08-27 23:06 . 2008-08-27 23:06 <DIR> d-------- C:\Program Files\BitTorrent 2008-08-27 23:06 . 2008-09-09 15:17 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\BitTorrent 2008-08-26 09:10 . 2008-09-03 11:41 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-24 21:29 . 2008-08-24 21:29 <DIR> d-------- C:\Program Files\Far 2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-08-24 16:02 . 2008-08-24 16:02 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-24 16:02 . 2008-08-24 16:02 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-08-24 16:02 . 2008-08-24 16:02 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-08-24 16:00 . 2008-08-24 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-08-24 15:58 . 2008-08-24 22:16 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-08-23 20:15 . 2008-09-07 01:36 <DIR> d-------- C:\Program Files\IDoser v4 2008-08-21 22:56 . 2008-08-21 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner 2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper 2008-08-16 19:01 . 2008-08-24 15:03 <DIR> d-------- C:\Program Files\Dachshund Software 2008-08-16 19:01 . 2008-08-24 15:00 221 --ah----- C:\WINDOWS\winshell.dat 2008-08-16 18:25 . 2008-08-16 18:25 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Uniblue 2008-08-15 15:52 . 2008-08-16 19:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-15 15:52 . 2008-08-15 15:52 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-15 14:27 --------- d-----w C:\Program Files\Google 2008-09-15 12:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-13 18:33 --------- d-----w C:\Documents and Settings\Robi\Application Data\TransRender 2008-09-13 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-12 16:54 --------- d-----w C:\Documents and Settings\Robi\Application Data\Temporary 2008-09-08 20:04 --------- d-----w C:\Program Files\Eset 2008-09-06 20:34 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-08-24 19:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-19 16:36 --------- d-----w C:\Program Files\IrfanView 2008-08-16 17:32 --------- d-----w C:\Program Files\Winamp 2008-08-16 17:21 --------- d-----w C:\Documents and Settings\Robi\Application Data\Smart PC Solutions 2008-08-16 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-16 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-13 11:25 --------- d-----w C:\Documents and Settings\Robi\Application Data\www.TheXSoft.com 2008-08-13 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\www.TheXSoft.com 2008-08-12 22:52 --------- d-----w C:\Program Files\DivX 2008-08-12 22:48 --------- d-----w C:\Program Files\DrWindows 2008-08-12 20:03 --------- d-----w C:\Program Files\Common Files\Vbox 2008-08-12 19:53 --------- d-----w C:\Program Files\PSP 2008-08-11 20:27 --------- d-----w C:\Documents and Settings\Robi\Application Data\zweitgeist 2008-08-08 16:05 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-08-08 15:45 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-08-07 22:13 --------- d-----w C:\Documents and Settings\Robi\Application Data\ICQ Toolbar 2008-08-07 18:16 --------- d-----w C:\Program Files\Marvell 2008-08-05 19:07 --------- d-----w C:\Documents and Settings\Robi\Application Data\DivX 2008-07-31 20:23 --------- d-----w C:\Program Files\Common Files\Autodata Limited Shared 2008-05-21 18:59 116,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-21 18:10 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ------- Sigcheck ------- 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys 2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys 2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}] 2008-08-29 19:28 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] 2008-09-06 15:11 1569304 --------- C:\Program Files\Reganam\tbReg1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-08 921600] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "D:\\Program Files\\game.dat"= "D:\\UT2004\\System\\UT2004.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-24 13352] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-15 21:50:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\BHROOT\BIN\NT611SVC.EXE C:\Program Files\BHROOT\BIN\MONITOR.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\BHROOT\BIN\PORTMAP.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\ComboFix\pv.cfexe . ************************************************************************ . Completion time: 2008-09-15 21:52:03 - machine was rebooted [Robi] ComboFix-quarantined-files.txt 2008-09-15 19:51:59 ComboFix2.txt 2008-09-15 19:11:46 Pre-Run: 30,982,746,112 bytes free Post-Run: 30,990,143,488 bytes free 245 --- E O F --- 2008-09-11 02:32:04

Profil

dr_Bora Poslao: 15 Sep 2008 22:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li NOD sada nešto detektuje?

Profil

max1101 Poslao: 15 Sep 2008 22:13 Idi na vrh
offline max1101 Građanin Pridružio: 15 Sep 2008 Poruke: 74	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne, eh da još sam zaboravio, pojavila se crvena ikonica neki dan dolje kod sata i u njoj je x i dok držim miš na njoj piše sigurnosna upozorenja windowsa, a dok ju kliknem dvaput otvori se centar za sigurnost i vatrozid je uključen ali automatsko ažuriranje nije i ne mogu ga uključit

Profil

dr_Bora Poslao: 15 Sep 2008 22:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prijavi li Windows neku grešku pri pokušaju aktiviranja Automatic Updates-a? Da probamo ovako... Skini: http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip Raspakuj arhivu i pokreni Dial-a-Fix.exe. Čekiraj opciju Fix Windows update i klikni Go. Restartuj PC i proveri kakvo je stanje.

Profil

max1101 Poslao: 15 Sep 2008 22:39 Idi na vrh
offline max1101 Građanin Pridružio: 15 Sep 2008 Poruke: 74	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sad je sve ok, hvala ti puno

Profil

dr_Bora Poslao: 15 Sep 2008 22:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlično. Uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » antivirus pokazuje trojanca

Ko je trenutno na forumu

Ukupno su 928 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 895 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, Atomski čoban, Bobrock1, bojankrstc, Botovac, dijica, FOX, Griffon vulture, Haris, ivan1973, JanaH, Kubovac, kybonacci, Milos1389, MilosKop, miodrag, MiroslavD, mrav pesadinac, nenad81, niksa517, oldtimer, Povratak1912, sabros, Sass Drake, Sir Budimir, Snorks, TalicniTom, VP6919, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by