moj log,pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:27 PM, on 7/21/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vlado\Desktop\klinika\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072209 serial=xxxxxxxxxx
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vlado\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://forum.maxi(zabranjeno).com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6663 bytes



Naime,dobio sam pismenim putem upozorenje od telekoma srpske (mtel-r.srpska) da saljem spam na veliki broj adresa na internetu sto nisam znao.Inace kao zastitu koristim nod32,malwarebytes' i spamihilator.Molim za pomoc na resavanju mog problema da nebi nastavio sa slanjem pomenutog bez mog znanja,odnosno slanja uopste.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Mada je trebalo vremena ipak je obavljeno.

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-20.05 - Vlado 07/21/2009 21:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.188 [GMT 2:00]
Running from: c:\documents and settings\Vlado\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 12:47 . 2009-07-21 12:47 -------- d-----w- c:\documents and settings\Vlado\Application Data\Malwarebytes
2009-07-21 12:47 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 12:47 . 2009-07-21 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 12:47 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 12:47 . 2009-07-21 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 11:21 . 2009-07-21 11:35 -------- d-----w- c:\windows\BDOSCAN8
2009-07-21 11:16 . 2009-07-21 11:22 -------- d-----w- c:\documents and settings\Vlado\Application Data\HPAppData
2009-07-21 10:38 . 2009-07-21 10:39 -------- d-----w- c:\program files\Spamihilator
2009-07-21 10:28 . 2009-07-21 10:28 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\Identities
2009-07-21 10:21 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 10:11 . 2009-07-21 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-21 09:51 . 2009-07-21 10:08 -------- d-----w- c:\documents and settings\Vlado\Application Data\The Bat!
2009-07-21 07:51 . 2009-07-21 10:41 -------- d-----w- c:\documents and settings\Vlado\Application Data\Spamihilator
2009-07-19 19:19 . 2009-07-19 19:19 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\Apple Computer
2009-07-18 14:28 . 2007-10-30 09:11 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-07-18 14:28 . 2007-10-30 09:11 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-07-18 14:28 . 2007-10-30 09:11 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-07-18 14:24 . 2009-07-18 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-18 14:23 . 2009-07-18 14:23 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-18 14:23 . 2009-07-18 14:23 -------- d-----w- c:\program files\Common Files\HP
2009-07-18 14:16 . 2009-07-18 14:31 157454 ----a-w- c:\windows\hpoins27.dat
2009-07-18 14:16 . 2008-01-18 15:56 932 ------w- c:\windows\hpomdl27.dat
2009-07-18 14:15 . 2007-10-30 09:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-07-18 14:15 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-07-15 13:52 . 2009-07-15 13:52 25214 ----a-r- c:\documents and settings\Vlado\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-07-15 13:52 . 2009-07-15 13:52 25214 ----a-r- c:\documents and settings\Vlado\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-07-15 13:52 . 2009-07-15 13:52 25214 ----a-r- c:\documents and settings\Vlado\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-07-15 13:52 . 2009-07-15 13:52 25214 ----a-r- c:\documents and settings\Vlado\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-07-15 13:52 . 2009-07-15 13:52 25214 ----a-r- c:\documents and settings\Vlado\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-07-15 13:52 . 2009-07-15 13:52 25214 ----a-r- c:\documents and settings\Vlado\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-07-15 13:47 . 2009-07-15 14:44 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\Google
2009-07-07 19:43 . 2009-07-07 19:43 -------- d-----w- c:\program files\Common Files\L&H
2009-07-07 19:43 . 2009-07-07 19:43 -------- d-----w- c:\program files\Microsoft.NET
2009-07-07 19:43 . 2009-07-07 19:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-07 19:42 . 2009-07-07 19:42 -------- d-----w- c:\program files\Microsoft Works
2009-07-07 19:41 . 2009-07-07 19:43 -------- d-----w- c:\windows\SHELLNEW
2009-07-07 19:39 . 2009-07-07 19:39 -------- d--h--r- C:\MSOCache
2009-07-07 17:44 . 2009-07-07 17:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-07-07 15:06 . 2009-07-07 15:06 -------- d-----w- c:\documents and settings\Vlado\Application Data\Corel
2009-07-07 14:54 . 2009-07-07 14:54 -------- d-----w- c:\program files\Common Files\Corel
2009-07-07 14:53 . 2009-07-07 14:53 -------- d-----w- c:\program files\Corel
2009-07-02 23:18 . 2009-07-02 23:18 -------- d-----w- c:\windows\system32\Adobe
2009-07-02 23:18 . 2001-10-26 21:16 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-07-02 23:15 . 2009-07-02 23:15 -------- d-----w- c:\windows\Adobe Illustrator CS
2009-07-02 20:21 . 2009-07-02 20:21 -------- d-----w- c:\program files\Bonjour
2009-07-02 03:38 . 2009-07-02 03:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-01 20:34 . 2009-07-01 20:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-01 19:21 . 2009-04-24 02:55 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-07-01 19:21 . 2009-07-01 19:21 -------- d-----w- c:\program files\Nitro PDF
2009-07-01 15:59 . 2009-07-01 15:59 -------- d-----w- c:\documents and settings\Vlado\Application Data\Media Player Classic
2009-06-29 04:36 . 2009-06-29 04:36 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\HP
2009-06-29 04:35 . 2009-06-29 04:35 -------- d-----w- c:\documents and settings\Vlado\Application Data\HP
2009-06-29 04:35 . 2009-06-29 04:35 -------- d-s---w- c:\documents and settings\Vlado\UserData
2009-06-29 04:35 . 2009-06-29 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-06-29 04:32 . 2007-10-30 09:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-06-29 04:32 . 2007-10-30 09:25 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-06-29 04:31 . 2009-06-29 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-29 04:31 . 2007-11-08 14:52 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-06-29 04:31 . 2007-10-21 00:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
2009-06-29 04:31 . 2007-10-30 09:25 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-06-29 04:30 . 2007-11-30 23:28 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-29 04:30 . 2007-11-30 23:28 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-29 04:25 . 2009-07-18 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-29 04:25 . 2009-06-29 04:25 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-29 04:23 . 2009-07-21 10:21 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 04:22 . 2009-06-29 04:25 -------- d-----w- c:\program files\HP
2009-06-29 04:22 . 2007-11-30 23:31 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-06-29 04:13 . 2007-11-30 23:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-29 04:13 . 2007-11-30 23:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-29 04:13 . 2007-11-30 23:31 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-29 04:13 . 2007-11-30 23:31 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-28 20:29 . 2009-06-28 20:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-28 20:29 . 2009-07-19 10:44 -------- d-----w- c:\documents and settings\Vlado\Application Data\skypePM
2009-06-28 20:21 . 2009-07-20 14:19 -------- d-----w- c:\documents and settings\Vlado\Application Data\Skype
2009-06-28 20:20 . 2009-06-28 20:20 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 20:19 . 2009-06-28 20:20 -------- d-----r- c:\program files\Skype
2009-06-28 20:19 . 2009-06-28 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-28 19:45 . 2009-06-28 19:45 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\Ahead
2009-06-28 19:07 . 2004-05-26 14:08 7296 ------r- c:\windows\system32\drivers\EIO.sys
2009-06-28 18:46 . 2009-06-28 18:46 -------- d-----w- c:\documents and settings\Vlado\Application Data\AdobeUM
2009-06-28 18:43 . 2009-06-28 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-28 18:08 . 2009-06-28 18:08 -------- d-----w- c:\program files\Adobe Media Player
2009-06-28 18:05 . 2009-06-28 18:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-28 18:04 . 2009-07-03 00:16 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\Adobe
2009-06-28 17:13 . 2009-07-21 13:53 -------- d-----w- c:\documents and settings\Vlado\Tracing
2009-06-28 17:12 . 2009-06-28 17:12 -------- d-----w- c:\program files\Microsoft
2009-06-28 17:12 . 2009-06-28 17:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-28 17:09 . 2009-06-28 17:09 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-28 17:00 . 2009-06-28 17:12 -------- d-----w- c:\program files\Windows Live
2009-06-28 16:50 . 2009-07-02 23:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-28 16:46 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-28 16:38 . 2009-06-28 19:48 -------- d-----w- c:\documents and settings\Vlado\Application Data\Ahead
2009-06-28 16:36 . 2009-06-28 16:38 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-28 16:36 . 2009-06-28 16:36 -------- d-----w- c:\program files\Nero
2009-06-28 16:29 . 2009-06-28 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-28 16:25 . 2007-11-30 21:26 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-28 16:24 . 2009-06-28 16:24 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-28 16:23 . 2009-06-28 16:23 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-28 16:23 . 2009-06-28 16:23 -------- d-----w- c:\windows\system32\LogFiles
2009-06-28 16:23 . 2006-09-25 23:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-28 16:09 . 2009-06-28 16:09 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\ESET
2009-06-28 15:41 . 2008-01-07 20:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-06-28 15:01 . 2009-07-08 07:06 87248 ----a-w- c:\documents and settings\Vlado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 15:00 . 2009-06-28 15:00 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 15:00 . 2009-06-28 15:00 -------- d-----w- c:\documents and settings\Vlado\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 19:12 . 2009-06-28 07:05 -------- d-----w- c:\documents and settings\Vlado\Application Data\DNA
2009-07-21 13:51 . 2009-06-28 07:05 -------- d-----w- c:\program files\DNA
2009-07-07 19:59 . 2009-06-28 07:10 -------- d-----w- c:\documents and settings\Vlado\Application Data\BitTorrent
2009-07-07 14:55 . 2009-06-28 20:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 14:54 . 2009-06-28 20:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-30 16:20 . 2009-06-28 14:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-28 20:02 . 2009-06-28 20:02 -------- d-----w- c:\program files\Analog Devices
2009-06-28 16:28 . 2009-06-28 16:28 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-28 14:45 . 2009-06-28 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-28 14:37 . 2009-06-28 14:37 -------- d-----w- c:\program files\microsoft frontpage
2009-06-28 14:36 . 2009-06-28 14:36 2644 ----a-w- c:\windows\unins000.dat
2009-06-28 14:36 . 2009-06-28 14:36 673546 ----a-w- c:\windows\unins000.exe
2009-06-28 14:36 . 2009-06-28 14:36 -------- d-----w- c:\program files\internet download manager
2009-06-28 14:32 . 2009-06-28 14:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-28 07:21 . 2009-06-28 07:21 -------- d-----w- c:\program files\ESET
2009-06-28 07:05 . 2009-06-28 07:05 -------- d-----w- c:\program files\BitTorrent
2009-06-28 07:05 . 2009-06-28 07:05 -------- d-----w- c:\program files\AskSearch
2009-06-03 09:20 . 2009-06-28 15:00 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2008-01-11 17:46 1613824 2B60598FE17A9EAA1468C1B8F73EA0B9 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-28 321344]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-27 24264488]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Google Update"="c:\documents and settings\Vlado\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-11-30 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-12 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-01-11 64512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-3 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [2/26/2006 5:21 PM 4928]
R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [3/28/2006 4:43 PM 91707]
R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [11/1/2004 12:21 PM 10368]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 4:21 PM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 4:21 PM 468224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1292428093-1417001333-1003Core.job
- c:\documents and settings\Vlado\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 13:47]

2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1292428093-1417001333-1003UA.job
- c:\documents and settings\Vlado\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 13:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Vlado\Application Data\Mozilla\Firefox\Profiles\a575hvgp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\Vlado\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-21 21:14
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-21 21:16
ComboFix-quarantined-files.txt 2009-07-21 19:16

Pre-Run: 27,634,544,640 bytes free
Post-Run: 28,815,773,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

250




To je to.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Vidim da si danas instalirao MBAM. Da li je on nešto detektovao?

Ako jeste, iskopiraj izveštaj skeniranja u temu (možeš ga otvoriti iz samog programa).


Da li ti je bilo koji program nešto detektovao/obrisao u periodu između dobijanja toga obaveštenja i otvaranja ove teme?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo je sto se tice MBAM log-a

Verzija baze podataka: 2468
Windows 5.1.2600 Service Pack 3, v.3264

7/21/2009 3:46:14 PM
mbam-log-2009-07-21 (15-46-14).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 86400
Proteklo vreme: 5 minute(s), 41 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu detektovane)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
(Maliciozne stavke nisu detektovane)

Ni NOD mi nije nista nasao,a sto se tice poste danas sam je primio pa sam se odmah bacio na posao,inace posta je danas bila u naselju tako da sam se raspitao kod ljudi koji koriste iste usluge mtel-a kao i ja medjutim ja sam tu jedini "spamer".

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK. Idemo dalje...



Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Iskopiraj sadržaj tog izveštaja u iduću poruku.



-------------------------------------------------------------------------------------




Preuzmi Dr.Web CureIt (~13 MB).
Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

C:\Document and Settings\Vlado\Desktop\RootRepeal.zip
The archive is either in unknown format or damaged


a Dr.web C.i. je downl.pa cemo vidjeti sta on kaze.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kasap.v ::C:\Document and Settings\Vlado\Desktop\RootRepeal.zip
The archive is either in unknown format or damaged

Ponovi download.