Poslao: 20 Okt 2008 16:19
|
offline
- vojas99
- Novi MyCity građanin
- Pridružio: 20 Okt 2008
- Poruke: 5
|
Mobilni telefon Nokia 6120 Clasic više od pola vremena se ponača kao da nije u mreyi. Ubrzo po propuštenim pozoivima, network me obavestava o njima. U isto vreme u foderu ''instalations'' u kome su fajlovi koji se odnose na Nokijin progam ''PC suit'' Avast mi je prijavio Win 32:zlob. Kasnije ga je nasao u jos nekoliko fajlova u istom folderu, nije uspeo da ga izbrise pa sam deinstalirala ''Nokia pc suit'' i brutalno na ''delete'' izbrisala folder sa fajlovima koji se na njega odnose i koji su sadrzavali trojanca. Da li je moguce da se ovaj trojanac nalazi i u telefonu i da pravi opisane probleme? Kako se on brise iz telefona ako je tamo? Da li ovaj Hijack log file daje neku informaciju od koristi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:10 PM, on 10/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Documents and Settings\user\Desktop\New Folder\tr3.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7267 bytes
Hvala,
Dragana
|
|
|
|
|
Poslao: 20 Okt 2008 18:58
|
offline
- vojas99
- Novi MyCity građanin
- Pridružio: 20 Okt 2008
- Poruke: 5
|
Javlja mi da nemam ''windows recovery console'' i pita da li hocu da instaliram.
Da li da instaliram?
Dopuna: 20 Okt 2008 18:58
PS rec je o racunaru na poslu sa legalnim OS
|
|
|
|
Poslao: 20 Okt 2008 19:18
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
To neće naškoditi bilo čemu. No, ukoliko smatraš da ne bi trebalo da instaliraš RC (obzirom na to da nije tvoj kompjuter), odbij instalaciju.
|
|
|
|
Poslao: 20 Okt 2008 19:29
|
offline
- vojas99
- Novi MyCity građanin
- Pridružio: 20 Okt 2008
- Poruke: 5
|
Evo ga :
ComboFix 08-10-19.04 - user 2008-10-20 19:24:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.425 [GMT 2:00]
Running from: C:\Documents and Settings\user\Desktop\New Folder\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Application Data\ShoppingReport
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
.
2008-10-19 12:13 . 2008-10-19 12:18 275 --a------ C:\Shortcut to zajednicko.lnk
2008-10-18 13:56 . 2008-10-18 13:56 <DIR> d-------- C:\film
2008-10-15 11:19 . 2008-10-15 11:19 <DIR> d-------- C:\Documents and Settings\user\Phone Browser
2008-10-15 11:17 . 2008-10-15 11:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\Nokia
2008-10-15 11:16 . 2008-10-20 15:08 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-10-15 11:16 . 2008-10-20 15:44 <DIR> d-------- C:\Program Files\Nokia
2008-10-15 11:16 . 2008-10-15 11:17 <DIR> d-------- C:\Program Files\DIFX
2008-10-15 11:16 . 2008-10-15 11:20 <DIR> d-------- C:\Documents and Settings\user\Application Data\PC Suite
2008-10-15 11:16 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-10-15 11:16 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-10-15 11:16 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-15 11:16 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-10-15 11:16 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-10-15 11:16 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-10-15 11:14 . 2008-10-20 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-10-14 20:41 . 2008-10-14 20:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-06 18:01 . 2008-10-06 18:01 <DIR> d-------- C:\VundoFix Backups
2008-09-22 13:38 . 2008-09-22 13:38 <DIR> d-------- C:\Program Files\Duplicate File Cleaner
2008-09-22 13:38 . 2008-09-22 13:38 42 --a------ C:\WINDOWS\system32\DuplicateFileCleaner.lie
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 06:52 --------- d-----w C:\Documents and Settings\user\Application Data\OpenOffice.org2
2008-10-18 14:18 --------- d-----w C:\Program Files\SPSSEVAL
2008-10-12 16:03 --------- d-----w C:\Program Files\downloads
2008-09-19 18:30 --------- d-----w C:\Program Files\SpirXPlorer
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 11:29 --------- d-----w C:\Documents and Settings\user\Application Data\Winamp
2008-09-13 11:09 --------- d-----w C:\Program Files\Winamp Toolbar
2008-09-13 11:09 --------- d-----w C:\Program Files\Winamp
2008-09-08 10:01 --------- d-----w C:\Documents and Settings\user\Application Data\ZoomBrowser EX
2008-09-08 10:01 --------- d-----w C:\Documents and Settings\user\Application Data\CameraWindowDC
2008-09-06 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-09-06 14:01 --------- d-----w C:\Program Files\IVT Corporation
2008-09-03 19:33 --------- d-----w C:\Program Files\arj
2008-09-03 07:40 --------- d-----w C:\Program Files\Symantec
2008-09-03 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-02 19:24 --------- d-----w C:\Program Files\Alwil Software
2008-09-02 14:31 --------- d-----w C:\Program Files\Eurogrowth
2008-08-31 15:54 --------- d-----w C:\Program Files\FreeCommander
2008-08-31 15:19 --------- d-----w C:\Program Files\DBF Viewer 2000
2008-08-31 15:04 --------- d-----w C:\Documents and Settings\user\Application Data\AD ON Multimedia
2008-08-31 15:03 2,508,665 ----a-w C:\fc_setup_.zip
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-24 05:39 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
2008-08-24 05:38 --------- d-----w C:\Program Files\iTunes
2008-08-24 05:38 --------- d-----w C:\Program Files\iPod
2008-08-24 05:38 --------- d-----w C:\Program Files\Bonjour
2008-08-24 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-24 05:37 --------- d-----w C:\Program Files\QuickTime
2008-08-24 05:37 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 05:36 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-24 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-22 20:44 --------- d-----w C:\Documents and Settings\user\Application Data\MSNInstaller
2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 94208]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 C:\WINDOWS\SkyTel.exe]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 61440]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 661776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Server.V.0.2-XiLiNCE\\bin\\WoWemu.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 28416]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = <local>;*.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 -: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
O16 -: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
C:\WINDOWS\Downloaded Program Files\FSINT.dll
O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
C:\WINDOWS\Downloaded Program Files\SGCMSCCD.DLL
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-20 19:24:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-10-20 19:25:48
ComboFix-quarantined-files.txt 2008-10-20 17:25:45
Pre-Run: 21,137,383,424 bytes free
Post-Run: 21,392,486,400 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
183 --- E O F --- 2008-10-15 21:10:35
|
|
|
|
Poslao: 20 Okt 2008 19:43
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Da li je na ovom kompjuteru bio instaliran Norton antivirus?
Ako nije, onda upload-uj sledeći file na proveru: C:\WINDOWS\system32\NavLogon.dll
|
|
|
|
Poslao: 20 Okt 2008 20:03
|
offline
- vojas99
- Novi MyCity građanin
- Pridružio: 20 Okt 2008
- Poruke: 5
|
Bio je instaliran pa je skinut jer je bio nelegalan kad smo se odlucili za skroz legalan softver
|
|
|
|
|
Poslao: 20 Okt 2008 20:31
|
offline
- vojas99
- Novi MyCity građanin
- Pridružio: 20 Okt 2008
- Poruke: 5
|
Hvala ti, mnogo si mi pomogao i sa ovim.
Divno je da nesto ovako postoji
(do sada nisam bila ninakakvom forumu i pravi sam pocetnik u tome).
Pozdrav Dragana )
|
|
|
|