MyCity » Ambulanta -> Arhiva Ambulante » autorun.exe

autorun.exe

Napisano na dan: 30.10.2008

Strana:
1
2

autorun.exe

Sledeća strana

Pagination

Odgovori

Strana:
1
2

no_fear Poslao: 30 Okt 2008 15:37 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nakon sto ubacim usb stick, svakih pet minuta mi izadje ovo. Ima li iko ideju kako da otklonim?

Profil

dr_Bora Poslao: 30 Okt 2008 16:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Možda i ima... http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

no_fear Poslao: 31 Okt 2008 10:41 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:38:02, on 31.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Elvis\Desktop\New Folder\TR3.exe.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = windowsupdate.microsoft.com/ R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\Elvis\My Documents\Private\AutoRunKiller172\CPE17AntiAutorun1330.exe /start O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvnw.exe] C:\WINDOWS\system32\kdvnw.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: DesktopEarth AutoStart.lnk = ? O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F4B888B3-A520-4C07-AEBB-17C0E939C9EA}: NameServer = 85.255.112.88;85.255.112.11 O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6653 bytes

Profil

dr_Bora Poslao: 31 Okt 2008 13:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HijackThis, skeniraj i čekiraj sledeću liniju: O17 - HKLM\System\CCS\Services\Tcpip\..\{F4B888B3-A520-4C07-AEBB-17C0E939C9EA}: NameServer = 85.255.112.88;85.255.112.11 a zatim klikni Fix checked. ------------------------------------------------------------------------------------- Klikni desnim tasterom na F-Secure ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Unload. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

no_fear Poslao: 31 Okt 2008 15:46 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-30.12 - Elvis 2008-10-31 14:57:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.148 [GMT 1:00] Running from: C:\Documents and Settings\Elvis\My Documents\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Program Files\altcmd C:\Program Files\altcmd\altcmd.inf C:\Program Files\altcmd\uninstall.bat C:\resycled C:\resycled\boot.com C:\WINDOWS\system32\kdvnw.exe C:\WINDOWS\system32\pxafs.dll C:\WINDOWS\vmreg32.dll . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 ))))))))))))))))))))))))))))))) . 2008-10-31 15:06 . 2008-10-31 15:06 <DIR> dr-hs---- C:\resycled 2008-10-31 13:13 . 2008-10-31 13:13 103 -r-hs---- C:\autorun.0nf 2008-10-30 16:17 . 2008-10-31 13:07 <DIR> d-------- C:\Documents and Settings\Elvis\DoctorWeb 2008-10-30 12:06 . 2008-10-30 12:06 62 --a------ C:\WINDOWS\PDF2XL.INI 2008-10-30 11:47 . 2008-10-30 12:06 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Cogniview 2008-10-30 11:46 . 2008-10-30 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cogniview 2008-10-30 11:43 . 2008-10-30 11:43 <DIR> d-------- C:\Program Files\MSECache 2008-10-30 10:53 . 2008-10-30 10:53 <DIR> d-------- C:\Program Files\Investintech.com Inc 2008-10-22 15:53 . 2008-10-30 09:58 <DIR> d-------- C:\Program Files\Macromedia 2008-10-22 15:53 . 2008-10-30 09:52 <DIR> d-------- C:\Program Files\Common Files\Macromedia 2008-10-22 09:25 . 2008-10-22 12:44 <DIR> d-------- C:\Program Files\DesktopEarth 2008-10-21 14:32 . 2008-10-21 14:33 <DIR> d-------- C:\Program Files\QuickTime 2008-10-21 14:32 . 2008-10-30 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-10-21 14:29 . 2008-10-21 14:29 <DIR> d-------- C:\Program Files\Apple Software Update 2008-10-21 14:27 . 2008-10-30 10:12 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-10-21 12:42 . 2008-10-21 12:50 <DIR> d-------- C:\Program Files\honestech VHS to DVD 3.0 2008-10-21 11:42 . 2008-10-21 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-10-21 11:36 . 2008-10-21 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo 2008-10-21 11:35 . 2008-10-21 11:35 <DIR> d-------- C:\Program Files\Ashampoo 2008-10-15 08:04 . 2008-10-15 08:04 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\zweitgeist 2008-10-13 11:38 . 2008-10-13 11:38 <DIR> d-------- C:\Program Files\Babylon 2008-10-13 11:38 . 2008-10-21 09:19 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Babylon 2008-10-13 11:38 . 2008-10-13 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\UC.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\RAR.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\LHA.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\ARJ.PIF 2008-10-10 10:05 . 2008-10-10 10:08 <DIR> d-------- C:\Program Files\Unlocker 2008-10-10 10:03 . 2008-10-10 10:03 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Desktopicon 2008-10-10 09:22 . 2008-10-10 09:22 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\PEERNET 2008-10-10 09:22 . 2008-10-10 09:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PEERNET 2008-10-09 14:43 . 2008-10-09 14:43 <DIR> dr-h----- C:\WINDOWS\system32\VProRecovery 2008-10-09 14:14 . 2008-10-09 14:14 32 --a------ C:\WINDOWS\0 2008-10-09 14:14 . 2008-10-09 14:14 0 --a------ C:\WINDOWS\system32\0 2008-10-08 15:00 . 2008-10-08 15:00 <DIR> d-------- C:\Program Files\Webteh 2008-10-08 15:00 . 2008-10-08 15:02 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\BSplayer Pro 2008-10-08 14:25 . 2008-10-08 14:26 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Ashampoo 2008-10-08 14:06 . 2008-10-21 14:35 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Apple Computer 2008-10-08 13:51 . 2008-10-08 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-10-08 13:34 . 2008-10-08 13:34 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\AshampooBackup 2008-10-08 09:11 . 2008-10-08 09:11 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\AVS4YOU 2008-10-08 09:11 . 2008-10-08 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-10-08 09:09 . 2008-10-08 09:10 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-10-08 09:09 . 2007-02-27 18:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-10-08 09:09 . 2007-02-27 18:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2008-10-08 09:00 . 2008-10-08 09:00 <DIR> d-------- C:\DVDVideoSoft 2008-10-08 08:58 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2008-10-08 08:46 . 2008-10-09 09:21 <DIR> d-------- C:\Documents and Settings\Elvis\dwhelper 2008-10-08 08:02 . 2008-10-08 08:02 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Symantec 2008-10-07 15:18 . 2007-03-21 19:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-10-07 15:18 . 2007-03-21 19:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL 2008-10-07 15:15 . 2008-10-10 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-07 11:43 . 2008-10-07 11:44 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Media Player Classic 2008-09-29 15:06 . 2008-09-29 15:06 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Ahead 2008-09-29 14:58 . 2007-02-27 18:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-09-29 14:57 . 2008-10-21 11:56 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-09-29 14:57 . 2008-09-29 15:08 <DIR> d-------- C:\Program Files\Ahead 2008-09-29 14:57 . 2008-10-21 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2008-09-29 14:43 . 2008-10-10 14:14 <DIR> d-------- C:\Program Files\Recuva 2008-09-29 11:31 . 2008-10-07 13:49 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Thinstall 2008-09-29 11:20 . 2008-09-29 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SymplisIT 2008-09-29 11:16 . 2008-10-30 09:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-09-26 14:59 . 2008-09-26 14:59 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Nitro PDF 2008-09-26 14:59 . 2008-09-29 12:40 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\F-Secure 2008-09-26 14:57 . 2008-09-26 14:57 <DIR> d-------- C:\Program Files\Nitro PDF 2008-09-26 14:57 . 2008-09-26 14:57 <DIR> d-------- C:\Program Files\Common Files\Nitro PDF 2008-09-26 14:57 . 2008-09-26 14:57 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies 2008-09-26 14:57 . 2008-09-26 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nitro PDF 2008-09-25 15:27 . 2008-10-30 10:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-09-25 15:27 . 2008-10-08 08:37 <DIR> d-------- C:\Documents and Settings\Elvis\Contacts 2008-09-25 15:23 . 2008-09-25 15:26 <DIR> d-------- C:\Program Files\Windows Live 2008-09-25 15:23 . 2008-09-25 15:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-25 15:23 . 2008-09-25 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-25 12:39 . 2008-09-25 12:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-09-25 12:15 . 2008-09-25 12:15 <DIR> d-------- C:\Program Files\Winamp Toolbar 2008-09-25 12:15 . 2008-09-25 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-09-25 12:15 . 2008-09-25 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-09-25 12:14 . 2008-09-25 12:20 <DIR> d-------- C:\Program Files\Winamp Remote 2008-09-25 12:14 . 2008-09-25 12:14 <DIR> d---s---- C:\Documents and Settings\Elvis\UserData 2008-09-25 12:11 . 2007-03-08 00:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-09-25 12:11 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-25 12:11 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-25 12:07 . 2008-09-25 12:16 <DIR> d-------- C:\Program Files\Winamp 2008-09-25 12:07 . 2008-09-25 12:18 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Winamp 2008-09-25 12:06 . 2008-09-25 12:10 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-25 12:06 . 2008-10-21 15:19 <DIR> d-------- C:\Program Files\FLV Player 2008-09-25 12:06 . 2007-03-21 19:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL 2008-09-25 12:05 . 2008-09-25 12:05 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-09-25 12:01 . 2008-09-25 12:01 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-25 10:02 . 2008-09-25 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-09-25 09:46 . 2008-09-25 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-09-25 09:43 . 2008-09-25 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-09-25 09:40 . 2004-03-22 14:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2008-09-25 09:40 . 2008-09-25 09:40 376 --a------ C:\WINDOWS\ODBC.INI 2008-09-25 09:39 . 2008-09-25 09:39 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-09-25 09:39 . 2008-09-25 09:39 <DIR> d-------- C:\Program Files\Common Files\L&H 2008-09-25 09:38 . 2008-09-25 09:44 <DIR> d-------- C:\Program Files\Microsoft Works 2008-09-25 09:37 . 2008-09-25 09:39 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-09-25 09:35 . 2008-09-25 09:35 <DIR> dr-h----- C:\MSOCache 2008-09-25 09:32 . 2008-09-25 11:59 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-09-25 09:32 . 2008-09-25 09:32 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\AdobeUM 2008-09-25 09:29 . 2008-09-25 09:29 <DIR> d-------- C:\WINDOWS\Cache 2008-09-25 09:29 . 2003-12-10 08:21 4,224 -ra------ C:\WINDOWS\system32\drivers\AC2003.sys 2008-09-25 08:44 . 2008-10-30 16:17 <DIR> d-------- C:\Documents and Settings\Elvis 2008-09-24 16:19 . 2008-10-31 15:10 63,804 --a------ C:\WINDOWS\system32\nvapps.xml 2008-09-24 16:18 . 2008-09-24 16:24 <DIR> d-------- C:\WINDOWS\nview 2008-09-24 16:18 . 2008-09-24 16:18 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-09-24 16:18 . 2008-09-24 16:17 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-09-24 15:35 . 2006-02-21 02:27 81,987 --a------ C:\WINDOWS\system32\AUCPLMNT.DLL 2008-09-24 15:33 . 2008-09-24 15:35 <DIR> d-a------ C:\Program Files\Canon 2008-09-24 15:29 . 2008-09-24 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-24 15:27 . 2008-09-24 15:27 <DIR> d-------- C:\Program Files\CyberLink 2008-09-24 15:22 . 2008-09-24 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-09-24 15:00 . 2008-09-24 15:00 1,160 --a------ C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 11:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-24 15:17 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll 2008-09-24 13:47 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-24 12:38 --------- d-----w C:\Program Files\F-Secure 2008-09-24 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-09-24 12:26 606,848 ----a-w C:\WINDOWS\flashax.exe 2008-09-24 12:26 194,560 ----a-w C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr 2008-09-24 12:26 12,288 ----a-w C:\WINDOWS\impborl.dll 2008-09-24 12:25 --------- d-----w C:\Program Files\ASUS 2008-09-24 12:22 --------- d-----w C:\Program Files\Marvell 2008-09-24 12:21 --------- d-----w C:\Program Files\Analog Devices 2008-09-24 12:16 --------- d-----w C:\Program Files\Intel 2008-09-24 11:51 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2007-08-27 182952] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 895600] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-24 7618560] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe] "nwiz"="nwiz.exe" [2008-09-24 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2008-09-24 C:\WINDOWS\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\Elvis\Start Menu\Programs\Startup\ DesktopEarth AutoStart.lnk - C:\Documents and Settings\Elvis\Application Data\Microsoft\Installer\{655AE5B5-F796-448E-B463-25D791DA6C3F}\_985DB897DF895EDAB9EBA4.exe [2008-10-22 29926] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] --a------ 2008-10-13 11:39 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor] --a------ 2008-02-08 15:42 210208 C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-04-01 02:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-08-27 60272] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 70768] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 62064] S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2003-12-10 4224] S3 bepldr;BCL easyPDF SDK 5 Loader;C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2007-11-15 151552] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 39792] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 25200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2008-10-31 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe [2007-08-27 14:27] . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe HKLM-Run-C:\WINDOWS\system32\kdvnw.exe - C:\WINDOWS\system32\kdvnw.exe HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe MSConfigStartUp-protect_autorun - C:\Documents and Settings\Elvis\My Documents\Private\AutoRunKiller172\CPE17AntiAutorun1330.exe MSConfigStartUp-Symantec Backup Exec System Recovery 8 - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\1tokhitf.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?lc=1033&id=6528&ru=http%3a%2f%2fmy.msn.com%2f&tw=14400&kv=9&ct=1222341754&cb=SiteID=msft&msppjph=1&ver=2.1.6000.1&rn=AnMlXUVb&tpf=3f1ed9587985e34003c3ce661a867403 FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-31 15:10:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\ATKKBService.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\common\FSMB32.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\F-Secure\common\FCH32.EXE C:\Program Files\F-Secure\common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\common\FNRB32.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\F-Secure\common\FIH32.exe C:\Program Files\F-Secure\FWES\program\fsdfwd.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************ . Completion time: 2008-10-31 15:12:25 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-31 14:12:16 Pre-Run: 64.719.659.008 bytes free Post-Run: 64,821,927,936 bytes free 283 --- E O F --- 2008-09-25 11:40:13

Profil

dr_Bora Poslao: 31 Okt 2008 17:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\autorun.0nf Folder:: C:\resycled` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

no_fear Poslao: 03 Nov 2008 13:47 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-30.12 - Elvis 2008-11-03 12:48:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.264 [GMT 1:00] Running from: C:\Documents and Settings\Elvis\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Elvis\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\autorun.0nf . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.0nf C:\resycled . ((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 ))))))))))))))))))))))))))))))) . 2008-10-30 16:17 . 2008-10-31 13:07 <DIR> d-------- C:\Documents and Settings\Elvis\DoctorWeb 2008-10-30 12:06 . 2008-10-30 12:06 62 --a------ C:\WINDOWS\PDF2XL.INI 2008-10-30 11:47 . 2008-10-31 16:19 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Cogniview 2008-10-30 11:46 . 2008-10-30 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cogniview 2008-10-30 11:43 . 2008-10-30 11:43 <DIR> d-------- C:\Program Files\MSECache 2008-10-30 10:53 . 2008-10-30 10:53 <DIR> d-------- C:\Program Files\Investintech.com Inc 2008-10-22 15:53 . 2008-10-30 09:58 <DIR> d-------- C:\Program Files\Macromedia 2008-10-22 15:53 . 2008-10-30 09:52 <DIR> d-------- C:\Program Files\Common Files\Macromedia 2008-10-22 09:25 . 2008-10-31 16:19 <DIR> d-------- C:\Program Files\DesktopEarth 2008-10-21 14:32 . 2008-10-21 14:33 <DIR> d-------- C:\Program Files\QuickTime 2008-10-21 14:32 . 2008-10-30 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-10-21 14:29 . 2008-10-21 14:29 <DIR> d-------- C:\Program Files\Apple Software Update 2008-10-21 14:27 . 2008-10-30 10:12 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-10-21 12:42 . 2008-10-21 12:50 <DIR> d-------- C:\Program Files\honestech VHS to DVD 3.0 2008-10-21 11:42 . 2008-10-21 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-10-21 11:36 . 2008-10-21 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo 2008-10-21 11:35 . 2008-10-21 11:35 <DIR> d-------- C:\Program Files\Ashampoo 2008-10-15 08:04 . 2008-10-15 08:04 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\zweitgeist 2008-10-13 11:38 . 2008-10-13 11:38 <DIR> d-------- C:\Program Files\Babylon 2008-10-13 11:38 . 2008-10-21 09:19 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Babylon 2008-10-13 11:38 . 2008-10-13 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\UC.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\RAR.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\LHA.PIF 2008-10-10 10:47 . 2008-04-22 06:03 545 --a------ C:\WINDOWS\ARJ.PIF 2008-10-10 10:05 . 2008-10-10 10:08 <DIR> d-------- C:\Program Files\Unlocker 2008-10-10 10:03 . 2008-10-10 10:03 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Desktopicon 2008-10-10 09:22 . 2008-10-10 09:22 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\PEERNET 2008-10-10 09:22 . 2008-10-10 09:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PEERNET 2008-10-09 14:43 . 2008-10-09 14:43 <DIR> dr-h----- C:\WINDOWS\system32\VProRecovery 2008-10-09 14:14 . 2008-10-09 14:14 32 --a------ C:\WINDOWS\0 2008-10-09 14:14 . 2008-10-09 14:14 0 --a------ C:\WINDOWS\system32\0 2008-10-08 15:00 . 2008-10-08 15:00 <DIR> d-------- C:\Program Files\Webteh 2008-10-08 15:00 . 2008-10-08 15:02 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\BSplayer Pro 2008-10-08 14:25 . 2008-10-08 14:26 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Ashampoo 2008-10-08 14:06 . 2008-10-21 14:35 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Apple Computer 2008-10-08 13:51 . 2008-10-08 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-10-08 13:34 . 2008-10-08 13:34 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\AshampooBackup 2008-10-08 09:11 . 2008-10-08 09:11 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\AVS4YOU 2008-10-08 09:11 . 2008-10-08 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-10-08 09:09 . 2008-10-08 09:10 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-10-08 09:09 . 2007-02-27 18:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-10-08 09:09 . 2007-02-27 18:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2008-10-08 09:00 . 2008-10-08 09:00 <DIR> d-------- C:\DVDVideoSoft 2008-10-08 08:58 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2008-10-08 08:46 . 2008-10-09 09:21 <DIR> d-------- C:\Documents and Settings\Elvis\dwhelper 2008-10-08 08:02 . 2008-10-08 08:02 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Symantec 2008-10-07 15:18 . 2007-03-21 19:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-10-07 15:18 . 2007-03-21 19:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL 2008-10-07 15:15 . 2008-10-10 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-07 11:43 . 2008-10-07 11:44 <DIR> d-------- C:\Documents and Settings\Elvis\Application Data\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 15:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-21 14:19 --------- d-----w C:\Program Files\FLV Player 2008-10-21 10:56 --------- d-----w C:\Program Files\Common Files\Ahead 2008-10-21 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-10-10 13:14 --------- d-----w C:\Program Files\Recuva 2008-10-07 12:49 --------- d-----w C:\Documents and Settings\Elvis\Application Data\Thinstall 2008-09-29 14:08 --------- d-----w C:\Program Files\Ahead 2008-09-29 14:06 --------- d-----w C:\Documents and Settings\Elvis\Application Data\Ahead 2008-09-29 11:40 --------- d-----w C:\Documents and Settings\Elvis\Application Data\F-Secure 2008-09-29 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SymplisIT 2008-09-26 13:59 --------- d-----w C:\Documents and Settings\Elvis\Application Data\Nitro PDF 2008-09-26 13:57 --------- d-----w C:\Program Files\Nitro PDF 2008-09-26 13:57 --------- d-----w C:\Program Files\Common Files\Nitro PDF 2008-09-26 13:57 --------- d-----w C:\Program Files\Common Files\BCL Technologies 2008-09-26 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nitro PDF 2008-09-25 14:26 --------- d-----w C:\Program Files\Windows Live 2008-09-25 14:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-25 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-25 11:20 --------- d-----w C:\Program Files\Winamp Remote 2008-09-25 11:18 --------- d-----w C:\Documents and Settings\Elvis\Application Data\Winamp 2008-09-25 11:16 --------- d-----w C:\Program Files\Winamp 2008-09-25 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-09-25 11:15 --------- d-----w C:\Program Files\Winamp Toolbar 2008-09-25 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-09-25 11:10 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-25 11:05 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-09-25 11:01 --------- d-----w C:\Documents and Settings\Elvis\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-25 10:59 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-25 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-09-25 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-09-25 08:44 --------- d-----w C:\Program Files\Microsoft Works 2008-09-25 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-09-25 08:39 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-09-25 08:39 --------- d-----w C:\Program Files\Common Files\L&H 2008-09-25 08:32 --------- d-----w C:\Documents and Settings\Elvis\Application Data\AdobeUM 2008-09-24 15:17 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll 2008-09-24 14:35 --------- d---a-w C:\Program Files\Canon 2008-09-24 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-24 14:27 --------- d-----w C:\Program Files\CyberLink 2008-09-24 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-09-24 13:47 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-24 12:38 --------- d-----w C:\Program Files\F-Secure 2008-09-24 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-09-24 12:26 606,848 ----a-w C:\WINDOWS\flashax.exe 2008-09-24 12:26 194,560 ----a-w C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr 2008-09-24 12:26 12,288 ----a-w C:\WINDOWS\impborl.dll 2008-09-24 12:25 --------- d-----w C:\Program Files\ASUS 2008-09-24 12:22 --------- d-----w C:\Program Files\Marvell 2008-09-24 12:21 --------- d-----w C:\Program Files\Analog Devices 2008-09-24 12:16 --------- d-----w C:\Program Files\Intel 2008-09-24 11:51 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2007-08-27 182952] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 895600] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-24 7618560] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe] "nwiz"="nwiz.exe" [2008-09-24 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2008-09-24 C:\WINDOWS\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] --a------ 2008-10-13 11:39 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor] --a------ 2008-02-08 15:42 210208 C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-04-01 02:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-08-27 60272] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 70768] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 62064] S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2003-12-10 4224] S3 bepldr;BCL easyPDF SDK 5 Loader;C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2007-11-15 151552] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 39792] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 25200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2008-11-03 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe [2007-08-27 14:27] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-03 12:53:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-03 12:54:48 ComboFix-quarantined-files.txt 2008-11-03 11:54:42 ComboFix2.txt 2008-10-31 14:12:27 Pre-Run: 64.784.003.072 bytes free Post-Run: 64,774,897,664 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 210 --- E O F --- 2008-09-25 11:40:13

Profil

dr_Bora Poslao: 03 Nov 2008 16:55 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi svež HijackThis logfile i napiši kakvo je sada stanje.

Profil

no_fear Poslao: 04 Nov 2008 16:23 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:21:34, on 4.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Elvis\Desktop\New Folder\TR3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = windowsupdate.microsoft.com/ R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5869 bytes

Profil

dr_Bora Poslao: 04 Nov 2008 16:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda ok. Ukoliko ne postoji neki problem, uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore I to bi onda bilo sve.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » autorun.exe

Ko je trenutno na forumu

Ukupno su 1045 korisnika na forumu :: 32 registrovanih, 6 sakrivenih i 1007 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, bokisha253, Boris90, borya90, cincarin, dankisha, dragan_mig31, draggan, ikan, Istman, kybonacci, Leonov, loon123, Metanoja, Miki01, Milos ZA, milos.cbr, MiroslavD, nextyamb, nuke92, operniki, Petarvu, Povratak1912, raptorsi, rovac, sap, Shinobi, trajkoni018, Vlada1389, vukovi, yrraf, YugoSlav

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by