MyCity » Ambulanta -> Arhiva Ambulante » gkrteodr.dll - Nod32 detekcija..

gkrteodr.dll - Nod32 detekcija..

Napisano na dan: 10.3.2008

Strana:
1
2

gkrteodr.dll - Nod32 detekcija..

Sledeća strana

Pagination

Odgovori

Strana:
1
2

MixaCar Poslao: 10 Mar 2008 13:05 Idi na vrh
offline MixaCar Novi MyCity građanin Pridružio: 12 Sep 2006 Poruke: 15 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tragajuci za nekim programom na netu upao mi je neki djavo u komp i nema sanse da ga sredim. Nod32 ga je registrovao ali ja sam mahinalno kliknuo ignore i napravio katastrofalnu gresku.... Probao sam da ocistim komp sa Zone Alarm, Nod32, a-squared i Hijack This ali bezuspesno, stalno mi se vraca.....cak i ako iskljucim taj proces u startup files.... Restore point mi je obrisao, u task manager ne mogu da udjem, stalno mi startuje explorer sa linkom za antivirus program, a neverovatno sporo radi..... Najradije bi ga reinstalirao ali ne mogu jer mi treba stalno zbog posla. E i da napomenem da je u pitanju laptop.....ako to nesto menja stvari.... Nod mi locira problem u C:\WINDOWS\system32\gkrteodr.dll ali koliko god da ga brisem uvek se javlja ponovo..... Ima li nekog reshenja ili da ga bacam kroz prozor? Log: Logfile of HijackThis v1.99.1 Scan saved at 12:53:07, on 3/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Anicic Mladjan\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RDL Rolex - {2067D801-7BC0-4866-B71F-1C9E6B7ADFFD} - C:\WINDOWS\dkxrstqoqr.dll O2 - BHO: (no name) - {5AC555CB-8268-48AA-BE77-235DF176CC25} - C:\WINDOWS\system32\hgggebb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {7cde2a37-0783-32d9-32e4-9a753fbedc08} - {80cdebf3-57a9-4e23-9d23-387073a2edc7} - C:\WINDOWS\system32\jlkehdyr.dll O2 - BHO: (no name) - {C9F86A0D-3F5C-4980-B5AB-08B010AEE3F6} - C:\WINDOWS\system32\opnmj.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [BM8fbb3417] Rundll32.exe "C:\WINDOWS\system32\gkrteodr.dll",s O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: hgggebb - C:\WINDOWS\SYSTEM32\hgggebb.dll O21 - SSODL: btrklfr - {C7B989F5-707C-4139-86A7-250DDE78B152} - C:\WINDOWS\btrklfr.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

helen1 Poslao: 10 Mar 2008 17:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i postavi ga ovde. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. Kad sve to zavrsis postavi i novi Hijack This log.

Profil

MixaCar Poslao: 11 Mar 2008 11:03 Idi na vrh
offline MixaCar Novi MyCity građanin Pridružio: 12 Sep 2006 Poruke: 15 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! VundoFix log: VundoFix V7.0.1 Scan started at 08:21:51 3/11/2008 Listing files found while scanning.... C:\WINDOWS\system32\jmnpo.ini C:\WINDOWS\system32\jmnpo.ini2 C:\WINDOWS\system32\opnmj.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\jmnpo.ini C:\WINDOWS\system32\jmnpo.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jmnpo.ini2 C:\WINDOWS\system32\jmnpo.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\opnmj.dll C:\WINDOWS\system32\opnmj.dll Has been deleted! Performing Repairs to the registry. Done! ComboFix log: ComboFix 08-03-10.1 - Anicic Mladjan 2008-03-11 10:11:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526 [GMT 1:00] Running from: C:\Documents and Settings\Anicic Mladjan\Desktop\New Folder\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Common Files\{8C880~1 C:\Program Files\Common Files\{8C880~2 C:\WINDOWS\BM8fbb3417.xml C:\WINDOWS\pskt.ini C:\WINDOWS\rs.txt C:\WINDOWS\system32\arjgefeo.dll C:\WINDOWS\system32\hgggebb.dll C:\WINDOWS\system32\ibuqxvem.dll C:\WINDOWS\system32\iiffdby.dll C:\WINDOWS\system32\jlkehdyr.dll C:\WINDOWS\system32\madjxkyy.dll C:\WINDOWS\system32\mbejupts.ini C:\WINDOWS\system32\mevxqubi.ini C:\WINDOWS\system32\oawgxwjc.dll C:\WINDOWS\system32\oefegjra.ini C:\WINDOWS\system32\olacqnrj.dll C:\WINDOWS\system32\qtjfpnhk.dll C:\WINDOWS\system32\sruvw.ini C:\WINDOWS\system32\sruvw.ini2 C:\WINDOWS\system32\stpujebm.dll C:\WINDOWS\system32\wvurs.dll C:\WINDOWS\system32\yayxwwv.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CLIENT_IP-IPX -------\Client IP-IPX ((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))) . 2008-03-11 08:21 . 2008-03-11 09:19 <DIR> d-------- C:\VundoFix Backups 2008-03-10 11:02 . 2008-03-10 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-10 11:02 . 2008-03-10 11:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-10 08:08 . 2008-03-10 08:08 89,664 --a------ C:\WINDOWS\system32\gkrteodr.brt 2008-03-08 12:38 . 2008-03-08 12:38 <DIR> d-------- C:\Program Files\Readiris Pro 9 2008-03-08 12:38 . 1997-05-26 14:55 23,040 --a------ C:\WINDOWS\system32\irisco32.dll 2008-03-08 12:38 . 2008-03-08 12:38 154 --a------ C:\WINDOWS\Readiris.ini 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpCD438.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpC9A28.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpB4328.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpA1A18.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp76728.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp72628.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp59D38.FOT 2008-03-08 11:38 . 2008-03-08 14:28 <DIR> d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2008-03-08 10:00 . 2008-03-08 07:13 266,240 --a------ C:\WINDOWS\btrklfr.dll 2008-03-08 10:00 . 2008-03-08 07:13 221,184 --a------ C:\WINDOWS\dkxrstqoqr.dll 2008-03-08 09:40 . 2008-03-08 09:40 <DIR> d-------- C:\Documents and Settings\Anicic Mladjan\Application Data\ABBYY 2008-03-08 09:33 . 2008-03-08 09:33 <DIR> d-------- C:\Temp\FR80PE 2008-03-05 09:35 . 2008-03-05 09:35 <DIR> d-------- C:\Program Files\VOX-II 2008-03-05 08:17 . 2008-03-05 08:17 <DIR> d-------- C:\Documents and Settings\Anicic Mladjan\Application Data\MSNInstaller 2008-02-29 16:39 . 2008-03-05 09:35 <DIR> d-------- C:\Program Files\VOX-II(2) 2008-02-26 12:21 . 2008-02-26 12:27 357 --a------ C:\WINDOWS\pdf2word.INI 2008-02-14 18:59 . 2008-02-14 18:59 10 --a------ C:\WINDOWS\popcinfo.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-11 08:32 5,926,195 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-10 08:38 --------- d-----w C:\Program Files\a-squared Free 2008-03-09 18:59 --------- d-----w C:\Program Files\Webteh 2008-03-08 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-06 06:51 3,984,896 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-03-06 06:44 3,984,896 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-03-05 08:34 --------- d-----w C:\Program Files\MSN Messenger 2008-02-29 15:35 3,985,920 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-02-28 08:40 --------- d-----w C:\Program Files\Google 2008-02-28 06:46 --------- d-----w C:\Program Files\Lx_cats 2008-02-27 20:11 68,521 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_02_26_14_46_59_small.dmp.zip 2008-02-26 11:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-02-19 14:45 3,961,856 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-02-11 07:07 --------- d-----w C:\Program Files\Java 2008-02-08 06:35 --------- d-----w C:\Program Files\Eset 2008-01-29 07:15 32,187,634 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_28_17_00_33_full.dmp.zip 2008-01-25 19:09 3,912,704 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-01-21 15:00 73,183 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_21_14_34_50_small.dmp.zip 2008-01-14 21:41 --------- d-----w C:\Program Files\EA Games 2008-01-12 11:01 --------- d-----w C:\Program Files\Yahoo SiteBuilder 2008-01-12 11:00 --------- d-----w C:\Program Files\MIKSOFT 2008-01-12 10:53 80,165 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_11_18_49_16_small.dmp.zip 2008-01-08 09:38 66,956 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_08_03_24_03_small.dmp.zip 2007-12-20 10:44 389,632 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2007-12-20 10:44 3,837,440 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2007-12-20 10:39 70,608 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_12_19_14_56_25_small.dmp.zip 2007-12-19 13:42 3,922 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-12-19 13:01 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll 2007-12-19 13:01 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll 2007-12-01 10:32 111,641 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_01_11_26_37_small.dmp.zip 2007-11-06 15:27 71,483 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_11_05_18_04_15_small.dmp.zip 2007-10-22 18:53 87,610 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_10_16_23_56_09_small.dmp.zip 2007-10-14 13:48 3,701,760 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2007-10-14 13:48 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2007-10-14 12:44 3,700,224 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2007-10-14 12:44 252,928 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2007-10-09 14:48 86,529 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_10_08_16_18_55_small.dmp.zip 2007-10-06 22:27 3,688,960 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2007-10-03 16:31 3,686,912 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2007-09-28 06:16 340,480 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2007-09-28 06:16 3,682,816 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2007-09-26 12:02 98,336 ----a-w C:\Documents and Settings\Anicic Mladjan\Application Data\GDIPFONTCACHEV1.DAT 2007-09-15 09:01 388,608 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2007-09-15 09:01 3,614,720 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2007-09-05 16:00 3,568,640 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2007-09-05 16:00 116,224 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2007-09-02 13:27 654,848 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2007-09-02 13:27 3,564,544 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2007-08-11 15:31 3,522,048 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2007-08-11 15:31 2,658,816 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2007-07-15 01:35 3,427,328 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-06-08 10:45 3,323,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-05-31 22:01 3,286,528 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-05-31 22:01 2,693,120 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-05-30 16:41 3,284,992 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-03-01 10:51 2,321,408 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2067D801-7BC0-4866-B71F-1C9E6B7ADFFD}] 2008-03-08 07:13 221184 --a------ C:\WINDOWS\dkxrstqoqr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9450073F-5444-4F8D-9182-11CBB0632369}] C:\WINDOWS\system32\opnmj.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-11-15 10:48 921600] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-06 17:52 7118848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "btrklfr"= {C7B989F5-707C-4139-86A7-250DDE78B152} - C:\WINDOWS\btrklfr.dll [2008-03-08 07:13 266240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggebb] hgggebb.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Anicic Mladjan^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Anicic Mladjan\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Anicic Mladjan^Start Menu^Programs^Startup^BORGChat.lnk] path=C:\Documents and Settings\Anicic Mladjan\Start Menu\Programs\Startup\BORGChat.lnk backup=C:\WINDOWS\pss\BORGChat.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8c88078b] C:\WINDOWS\system32\stpujebm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus] C:\Program Files\antiviirus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] -ra------ 2003-01-21 08:19 40960 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8fbb3417] C:\WINDOWS\system32\gkrteodr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote] --a------ 2006-04-04 10:09 65536 C:\Program Files\VOX-II\RemoteControl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] --a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2007-02-15 03:30 204843 C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager] --a------ 2004-02-02 12:58 139264 C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-07-06 17:52 7118848 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-07-06 17:52 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-09-25 18:50 20053544 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 12:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\support\\go_ez.exe"= "C:\\Program Files\\EA Games\\Need For Speed Hot Pursuit 2\\Support\\Need For Speed Hot Pursuit 2_eReg.exe"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\support\\Generals_eReg.exe"= R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-06 17:23] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 18:25] S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:50] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-02-14 00:39] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-02-14 00:39] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-02-14 00:39] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-02-14 00:39] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-02-14 00:39] S3 TridDev;Trident Device;C:\WINDOWS\system32\DRIVERS\Triddev.sys [2005-04-26 08:01] S3 TridVid;Trident Analog plus Digital Video;C:\WINDOWS\system32\DRIVERS\TridVid.sys [2006-04-14 03:25] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{biueaxge-ylft-fbsw-ybpg-ofmxrkfqqqlt}] C:\WINDOWS\system32\vidpy.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-03-11 10:18:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe . ************************************************************************ . Completion time: 2008-03-11 10:42:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-11 09:26:01 Hijack This log: Logfile of HijackThis v1.99.1 Scan saved at 10:51:27, on 3/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Anicic Mladjan\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RDL Rolex - {2067D801-7BC0-4866-B71F-1C9E6B7ADFFD} - C:\WINDOWS\dkxrstqoqr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {9450073F-5444-4F8D-9182-11CBB0632369} - C:\WINDOWS\system32\opnmj.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: hgggebb - hgggebb.dll (file missing) O21 - SSODL: btrklfr - {C7B989F5-707C-4139-86A7-250DDE78B152} - C:\WINDOWS\btrklfr.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Dopuna: 11 Mar 2008 11:03 Ehej......sad sam tek primetio da se sve vratilo u normalu! Task manager je ponovo dostupan i u njemu ne vidim neke nepozeljne procese. Ali uostalom vi cete to najbolje videti preko logova, nadam se da je sada sve Ok... Hvala puno......ulepsali ste mi dan....

Profil

helen1 Poslao: 12 Mar 2008 14:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nismo jos gotovi. Uploaduj mi sledeci fajl: C:\WINDOWS\system32\tmpCD438.FOT preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MixaCar Poslao: 12 Mar 2008 15:21 Idi na vrh
offline MixaCar Novi MyCity građanin Pridružio: 12 Sep 2006 Poruke: 15 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslao sam fajl.... Meni su vec NOD i Zone Alarm odradili skeniranje i obrisali i stavili u karantin oko 10-ak fajlova.....izmedju ostalog i neke fajlove koje su stvorili a-squared i VundoFix......ali mi sve radi Ok......

Profil

helen1 Poslao: 12 Mar 2008 17:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi folder: C:\VundoFix Backups Uploaduj mi ovaj file na pregled: C:\WINDOWS\system32\gkrteodr.brt preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\btrklfr.dll C:\WINDOWS\dkxrstqoqr.dll C:\WINDOWS\system32\vidpy.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "btrklfr"=- [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{biueaxge-ylft-fbsw-ybpg-ofmxrkfqqqlt}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggebb] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8c88078b] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8fbb3417] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2067D801-7BC0-4866-B71F-1C9E6B7ADFFD}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9450073F-5444-4F8D-9182-11CBB0632369}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MixaCar Poslao: 13 Mar 2008 09:43 Idi na vrh
offline MixaCar Novi MyCity građanin Pridružio: 12 Sep 2006 Poruke: 15 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Folder Vundofixa sam obrisao. A gkrteodr.brt ne mogu da nadjem, izgleda da ga je neki od mojih antivirusa vec pokupio u medjuvremenu. ComboFix log: ComboFix 08-03-10.1 - Anicic Mladjan 2008-03-13 9:02:28.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1498 [GMT 1:00] Running from: C:\Documents and Settings\Anicic Mladjan\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Anicic Mladjan\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\btrklfr.dll C:\WINDOWS\dkxrstqoqr.dll C:\WINDOWS\system32\vidpy.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Anicic Mladjan\Favorites\Error Cleaner.url C:\Documents and Settings\Anicic Mladjan\Favorites\Privacy Protector.url C:\Documents and Settings\Anicic Mladjan\Favorites\Spyware&Malware Protection.url C:\WINDOWS\btrklfr.dll C:\WINDOWS\N.EXE . ((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))) . 2008-03-10 11:02 . 2008-03-10 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-10 11:02 . 2008-03-10 11:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-08 12:38 . 2008-03-08 12:38 <DIR> d-------- C:\Program Files\Readiris Pro 9 2008-03-08 12:38 . 1997-05-26 14:55 23,040 --a------ C:\WINDOWS\system32\irisco32.dll 2008-03-08 12:38 . 2008-03-08 12:38 154 --a------ C:\WINDOWS\Readiris.ini 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpCD438.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpC9A28.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpB4328.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpA1A18.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp76728.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp72628.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp59D38.FOT 2008-03-08 11:38 . 2008-03-08 14:28 <DIR> d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2008-03-08 09:40 . 2008-03-08 09:40 <DIR> d-------- C:\Documents and Settings\Anicic Mladjan\Application Data\ABBYY 2008-03-08 09:33 . 2008-03-08 09:33 <DIR> d-------- C:\Temp\FR80PE 2008-03-05 09:35 . 2008-03-05 09:35 <DIR> d-------- C:\Program Files\VOX-II 2008-03-05 08:17 . 2008-03-05 08:17 <DIR> d-------- C:\Documents and Settings\Anicic Mladjan\Application Data\MSNInstaller 2008-02-29 16:39 . 2008-03-05 09:35 <DIR> d-------- C:\Program Files\VOX-II(2) 2008-02-26 12:21 . 2008-02-26 12:27 357 --a------ C:\WINDOWS\pdf2word.INI 2008-02-14 18:59 . 2008-02-14 18:59 10 --a------ C:\WINDOWS\popcinfo.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-11 08:32 5,926,195 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-10 08:38 --------- d-----w C:\Program Files\a-squared Free 2008-03-09 18:59 --------- d-----w C:\Program Files\Webteh 2008-03-08 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-06 06:51 3,984,896 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-03-06 06:44 3,984,896 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-03-05 08:34 --------- d-----w C:\Program Files\MSN Messenger 2008-02-29 15:35 3,985,920 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-02-28 08:40 --------- d-----w C:\Program Files\Google 2008-02-28 06:46 --------- d-----w C:\Program Files\Lx_cats 2008-02-27 20:11 68,521 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_02_26_14_46_59_small.dmp.zip 2008-02-26 11:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-02-19 14:45 3,961,856 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-02-11 07:07 --------- d-----w C:\Program Files\Java 2008-02-08 06:35 --------- d-----w C:\Program Files\Eset 2008-01-29 07:15 32,187,634 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_28_17_00_33_full.dmp.zip 2008-01-25 19:09 3,912,704 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-01-21 15:00 73,183 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_21_14_34_50_small.dmp.zip 2008-01-14 21:41 --------- d-----w C:\Program Files\EA Games 2008-01-12 10:53 80,165 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_11_18_49_16_small.dmp.zip 2008-01-08 09:38 66,956 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_08_03_24_03_small.dmp.zip 2007-12-20 10:44 389,632 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2007-12-20 10:44 3,837,440 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2007-12-20 10:39 70,608 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_12_19_14_56_25_small.dmp.zip 2007-12-19 13:42 3,922 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-12-19 13:01 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll 2007-12-19 13:01 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll 2007-12-01 10:32 111,641 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_01_11_26_37_small.dmp.zip 2007-11-06 15:27 71,483 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_11_05_18_04_15_small.dmp.zip 2007-10-22 18:53 87,610 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_10_16_23_56_09_small.dmp.zip 2007-10-14 13:48 3,701,760 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2007-10-14 13:48 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2007-10-14 12:44 3,700,224 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2007-10-14 12:44 252,928 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2007-10-09 14:48 86,529 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_10_08_16_18_55_small.dmp.zip 2007-10-06 22:27 3,688,960 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2007-10-03 16:31 3,686,912 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2007-09-28 06:16 340,480 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2007-09-28 06:16 3,682,816 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2007-09-26 12:02 98,336 ----a-w C:\Documents and Settings\Anicic Mladjan\Application Data\GDIPFONTCACHEV1.DAT 2007-09-15 09:01 388,608 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2007-09-15 09:01 3,614,720 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2007-09-05 16:00 3,568,640 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2007-09-05 16:00 116,224 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2007-09-02 13:27 654,848 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2007-09-02 13:27 3,564,544 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2007-08-11 15:31 3,522,048 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2007-08-11 15:31 2,658,816 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2007-07-15 01:35 3,427,328 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-06-08 10:45 3,323,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-05-31 22:01 3,286,528 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-05-31 22:01 2,693,120 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-05-30 16:41 3,284,992 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-03-01 10:51 2,321,408 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp . ((((((((((((((((((((((((((((( snapshot@2008-03-11_10.23.46.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-06 10:39:20 17,600 ----a-w C:\WINDOWS\system32\nvModes.dat + 2008-03-12 11:28:23 17,600 ----a-w C:\WINDOWS\system32\nvModes.dat - 2008-03-11 08:36:22 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-13 07:09:43 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-11 08:36:22 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-13 07:09:43 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-11 08:33:37 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat + 2008-03-13 07:06:55 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat - 2008-03-08 07:42:03 63,816 ----a-w C:\WINDOWS\system32\ZoneLabs\boot.dat + 2008-03-12 07:31:57 63,816 ----a-w C:\WINDOWS\system32\ZoneLabs\boot.dat - 2008-02-26 07:02:03 8,032,695 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2008-03-13 07:09:35 8,220,055 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat - 2008-03-08 07:42:03 13,742,120 ----a-w C:\WINDOWS\system32\ZoneLabs\vet.dat + 2008-03-12 07:31:57 13,798,616 ----a-w C:\WINDOWS\system32\ZoneLabs\vet.dat - 2008-02-26 07:02:03 8,032,695 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat + 2008-03-13 07:09:35 8,220,055 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat - 2008-03-08 13:18:46 23,144,960 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat + 2008-03-11 09:25:27 23,144,960 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-11-15 10:48 921600] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-06 17:52 7118848] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"= 0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "btrklfr"= {F1DB48EA-5B1E-4EF4-B05A-26EB2186CB9B} - C:\WINDOWS\btrklfr.dll [ ] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Anicic Mladjan^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Anicic Mladjan\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Anicic Mladjan^Start Menu^Programs^Startup^BORGChat.lnk] path=C:\Documents and Settings\Anicic Mladjan\Start Menu\Programs\Startup\BORGChat.lnk backup=C:\WINDOWS\pss\BORGChat.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8c88078b] C:\WINDOWS\system32\stpujebm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus] C:\Program Files\antiviirus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] -ra------ 2003-01-21 08:19 40960 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8fbb3417] C:\WINDOWS\system32\gkrteodr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote] --a------ 2006-04-04 10:09 65536 C:\Program Files\VOX-II\RemoteControl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] --a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2007-02-15 03:30 204843 C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager] --a------ 2004-02-02 12:58 139264 C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-07-06 17:52 7118848 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-07-06 17:52 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-09-25 18:50 20053544 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 12:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\support\\go_ez.exe"= "C:\\Program Files\\EA Games\\Need For Speed Hot Pursuit 2\\Support\\Need For Speed Hot Pursuit 2_eReg.exe"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\support\\Generals_eReg.exe"= R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-06 17:23] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 18:25] S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:50] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-02-14 00:39] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-02-14 00:39] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-02-14 00:39] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-02-14 00:39] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-02-14 00:39] S3 TridDev;Trident Device;C:\WINDOWS\system32\DRIVERS\Triddev.sys [2005-04-26 08:01] S3 TridVid;Trident Analog plus Digital Video;C:\WINDOWS\system32\DRIVERS\TridVid.sys [2006-04-14 03:25] Newly Created Service - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{biueaxge-ylft-fbsw-ybpg-ofmxrkfqqqlt}] C:\WINDOWS\system32\vidpy.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-03-13 09:30:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-13 9:35:26 ComboFix-quarantined-files.txt 2008-03-13 08:34:15 ComboFix2.txt 2008-03-11 09:42:09

Profil

helen1 Poslao: 14 Mar 2008 16:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\gkrteodr.dll C:\WINDOWS\system32\stpujebm.dll C:\Program Files\antiviirus.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8fbb3417] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8c88078b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "btrklfr"=- [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{biueaxge-ylft-fbsw-ybpg-ofmxrkfqqqlt}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MixaCar Poslao: 15 Mar 2008 20:05 Idi na vrh
offline MixaCar Novi MyCity građanin Pridružio: 12 Sep 2006 Poruke: 15 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-10.1 - Anicic Mladjan 2008-03-15 19:39:39.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1561 [GMT 1:00] Running from: C:\Documents and Settings\Anicic Mladjan\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Anicic Mladjan\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Program Files\antiviirus.exe C:\WINDOWS\system32\gkrteodr.dll C:\WINDOWS\system32\stpujebm.dll . ((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))) . 2008-03-08 12:38 . 2008-03-08 12:38 <DIR> d-------- C:\Program Files\Readiris Pro 9 2008-03-08 12:38 . 1997-05-26 14:55 23,040 --a------ C:\WINDOWS\system32\irisco32.dll 2008-03-08 12:38 . 2008-03-08 12:38 154 --a------ C:\WINDOWS\Readiris.ini 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpCD438.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpC9A28.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpB4328.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmpA1A18.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp76728.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp72628.FOT 2008-03-08 12:08 . 2008-03-08 12:08 1,409 --a------ C:\WINDOWS\system32\tmp59D38.FOT 2008-03-08 11:38 . 2008-03-08 14:28 <DIR> d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2008-03-08 09:40 . 2008-03-08 09:40 <DIR> d-------- C:\Documents and Settings\Anicic Mladjan\Application Data\ABBYY 2008-03-08 09:33 . 2008-03-08 09:33 <DIR> d-------- C:\Temp\FR80PE 2008-03-05 09:35 . 2008-03-05 09:35 <DIR> d-------- C:\Program Files\VOX-II 2008-03-05 08:17 . 2008-03-05 08:17 <DIR> d-------- C:\Documents and Settings\Anicic Mladjan\Application Data\MSNInstaller 2008-02-29 16:39 . 2008-03-05 09:35 <DIR> d-------- C:\Program Files\VOX-II(2) 2008-02-26 12:21 . 2008-02-26 12:27 357 --a------ C:\WINDOWS\pdf2word.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-11 08:32 5,926,195 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-10 08:38 --------- d-----w C:\Program Files\a-squared Free 2008-03-09 18:59 --------- d-----w C:\Program Files\Webteh 2008-03-08 11:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-06 06:51 3,984,896 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-03-06 06:44 3,984,896 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-03-05 08:34 --------- d-----w C:\Program Files\MSN Messenger 2008-02-29 15:35 3,985,920 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-02-28 08:40 --------- d-----w C:\Program Files\Google 2008-02-28 06:46 --------- d-----w C:\Program Files\Lx_cats 2008-02-27 20:11 68,521 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_02_26_14_46_59_small.dmp.zip 2008-02-26 11:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-02-19 14:45 3,961,856 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-02-11 07:07 --------- d-----w C:\Program Files\Java 2008-02-08 06:35 --------- d-----w C:\Program Files\Eset 2008-01-29 07:15 32,187,634 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_28_17_00_33_full.dmp.zip 2008-01-25 19:09 3,912,704 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-01-21 15:00 73,183 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_21_14_34_50_small.dmp.zip 2008-01-12 10:53 80,165 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_11_18_49_16_small.dmp.zip 2008-01-08 09:38 66,956 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_08_03_24_03_small.dmp.zip 2007-12-20 10:44 389,632 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2007-12-20 10:44 3,837,440 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2007-12-20 10:39 70,608 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_12_19_14_56_25_small.dmp.zip 2007-12-19 13:42 3,922 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-12-19 13:01 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll 2007-12-19 13:01 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll 2007-12-01 10:32 111,641 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_01_11_26_37_small.dmp.zip 2007-11-06 15:27 71,483 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_11_05_18_04_15_small.dmp.zip 2007-10-22 18:53 87,610 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_10_16_23_56_09_small.dmp.zip 2007-10-14 13:48 3,701,760 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2007-10-14 13:48 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2007-10-14 12:44 3,700,224 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2007-10-14 12:44 252,928 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2007-10-09 14:48 86,529 ----a-w C:\WINDOWS\Internet Logs\Explorer_2nd_2007_10_08_16_18_55_small.dmp.zip 2007-10-06 22:27 3,688,960 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2007-10-03 16:31 3,686,912 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2007-09-28 06:16 340,480 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2007-09-28 06:16 3,682,816 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2007-09-26 12:02 98,336 ----a-w C:\Documents and Settings\Anicic Mladjan\Application Data\GDIPFONTCACHEV1.DAT 2007-09-15 09:01 388,608 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2007-09-15 09:01 3,614,720 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2007-09-05 16:00 3,568,640 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2007-09-05 16:00 116,224 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2007-09-02 13:27 654,848 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2007-09-02 13:27 3,564,544 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2007-08-11 15:31 3,522,048 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2007-08-11 15:31 2,658,816 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2007-07-15 01:35 3,427,328 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-06-08 10:45 3,323,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-05-31 22:01 3,286,528 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-05-31 22:01 2,693,120 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-05-30 16:41 3,284,992 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-03-01 10:51 2,321,408 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp . ((((((((((((((((((((((((((((( snapshot@2008-03-11_10.23.46.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-06 10:39:20 17,600 ----a-w C:\WINDOWS\system32\nvModes.dat + 2008-03-14 13:12:10 17,600 ----a-w C:\WINDOWS\system32\nvModes.dat - 2008-03-11 08:36:22 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-15 18:22:51 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-11 08:36:22 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-15 18:22:51 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-11 08:33:37 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat + 2008-03-14 08:02:45 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat - 2008-03-08 07:42:03 63,816 ----a-w C:\WINDOWS\system32\ZoneLabs\boot.dat + 2008-03-15 18:34:11 63,816 ----a-w C:\WINDOWS\system32\ZoneLabs\boot.dat - 2008-02-26 07:02:03 8,032,695 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2008-03-13 07:09:35 8,220,055 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat - 2008-03-08 07:42:03 13,742,120 ----a-w C:\WINDOWS\system32\ZoneLabs\vet.dat + 2008-03-15 18:34:11 13,988,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vet.dat - 2008-02-26 07:02:03 8,032,695 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat + 2008-03-13 07:09:35 8,220,055 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat - 2008-03-08 13:18:46 23,144,960 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat + 2008-03-13 08:33:16 23,144,960 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-11-15 10:48 921600] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-06 17:52 7118848] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Anicic Mladjan^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Anicic Mladjan\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Anicic Mladjan^Start Menu^Programs^Startup^BORGChat.lnk] path=C:\Documents and Settings\Anicic Mladjan\Start Menu\Programs\Startup\BORGChat.lnk backup=C:\WINDOWS\pss\BORGChat.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] -ra------ 2003-01-21 08:19 40960 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote] --a------ 2006-04-04 10:09 65536 C:\Program Files\VOX-II\RemoteControl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] --a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2007-02-15 03:30 204843 C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager] --a------ 2004-02-02 12:58 139264 C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-07-06 17:52 7118848 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-07-06 17:52 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-09-25 18:50 20053544 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 12:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\support\\go_ez.exe"= "C:\\Program Files\\EA Games\\Need For Speed Hot Pursuit 2\\Support\\Need For Speed Hot Pursuit 2_eReg.exe"= "C:\\Program Files\\EA Games\\Command and Conquer Generals\\support\\Generals_eReg.exe"= R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:50] R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-06 17:23] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 18:25] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-02-14 00:39] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-02-14 00:39] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-02-14 00:39] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-02-14 00:39] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-02-14 00:39] S3 TridDev;Trident Device;C:\WINDOWS\system32\DRIVERS\Triddev.sys [2005-04-26 08:01] S3 TridVid;Trident Analog plus Digital Video;C:\WINDOWS\system32\DRIVERS\TridVid.sys [2006-04-14 03:25] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-03-15 19:47:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-15 19:52:00 ComboFix-quarantined-files.txt 2008-03-15 18:51:29 ComboFix2.txt 2008-03-13 08:35:43 ComboFix3.txt 2008-03-11 09:42:09

Profil

helen1 Poslao: 15 Mar 2008 20:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » gkrteodr.dll - Nod32 detekcija..

Ko je trenutno na forumu

Ukupno su 817 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 812 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Griffon vulture, havoc995, Koridor, Kriglord, Milicija Krajine

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by