zelim trojance van mog racunara!!!!

1

zelim trojance van mog racunara!!!!

offline
  • Pridružio: 18 Avg 2008
  • Poruke: 9
  • Gde živiš: kosmos, planeta Zemlja

Antivirus mi prilikom skeniranja hard diska prijavljuje nekoliko virusa koje nikako ne mogu da izbacim Shocked .... HELP PLEASE !!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:55 PM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Desktop\FixQhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe /wait
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

--
End of file - 4560 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Pozdrav,

potrebno je da HijackThis.exe promenis u neko drugo ime i onda mi postavis novi log.

Promeni u npr. thesign.exe

jel mozes da mi napises sta prijavljuje?

offline
  • Pridružio: 18 Avg 2008
  • Poruke: 9
  • Gde živiš: kosmos, planeta Zemlja

Logfile THESIGN.EXE
Scan saved at 2:22:03 PM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Desktop\FixQhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe /wait
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

--
End of file - 4560 bytes
...MOLIM DA SACEKAS DA BIH TI PRENEO PORUKU KOJU PRIJAVLJUJE ANTIVIRUS... HVALA !!!!!!

Dopuna: 18 Avg 2008 14:33

TROJAN.WIN32.MONDER.BVI

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Nismo se bili razumeli oko promene imena (lose sam ti objasnio) ali nema veze.

Uradi sledece:


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

- Zatim skinuti file sa ovog linka na Desktop.
- Pokrenuti file dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 18 Avg 2008
  • Poruke: 9
  • Gde živiš: kosmos, planeta Zemlja

Mali problem... kako da skinam fajl na desktop? to mi ne ide...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Koji fajl? Imas tri linka koja sam ti dao. Kliknes na bilo koji i pitace te gde da sacuvas ili ce samo izbaciti prozor gde kliknes save.

offline
  • Pridružio: 18 Avg 2008
  • Poruke: 9
  • Gde živiš: kosmos, planeta Zemlja

ComboFix 08-08-17.03 - mirza 2008-08-18 14:57:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.363 [GMT 2:00]
Running from: C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\mirza.BACCARA-GRAPHIC\UserData
C:\Documents and Settings\mirza.BACCARA-GRAPHIC\UserData\index.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-18 11:33 . 2008-08-18 11:33 <DIR> d-------- C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\Simply Super Software
2008-08-18 11:33 . 2008-08-18 11:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2008-08-18 11:33 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-18 11:33 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-08-18 11:33 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-18 11:33 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-18 11:33 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-18 11:14 . 2008-08-18 11:14 <DIR> d-------- C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\AdobeUM
2008-08-13 15:32 . 2008-08-13 15:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-08-07 14:14 . 2008-08-07 14:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2008-08-07 14:14 . 2008-08-07 14:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
2008-08-07 13:35 . 2008-08-07 13:35 2,181,888 --a------ C:\WINDOWS\system32\KERNEL.TMP
2008-08-07 13:35 . 2004-08-03 23:20 2,180,992 --a------ C:\WINDOWS\system32\kernel1.exe
2008-08-07 12:56 . 2008-08-02 14:43 211 --a------ C:\BOOT.BKK
2008-08-04 15:10 . 2008-08-04 15:10 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-08-04 15:05 . 2008-08-04 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-04 14:17 . 2008-08-04 14:17 39,073 --a------ C:\WINDOWS\FontData.fdb
2008-08-04 14:15 . 2008-08-04 14:15 <DIR> d-------- C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\Corel
2008-08-04 14:14 . 2008-08-04 14:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-08-04 09:04 . 2008-08-04 09:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-04 09:04 . 2008-08-04 09:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-04 08:57 . 2008-08-04 08:57 <DIR> d-------- C:\Program Files\TGTSoft
2008-08-02 15:48 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-08-02 15:48 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-08-02 15:48 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-08-02 15:36 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-02 15:24 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-02 15:09 . 2008-08-02 15:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-02 15:08 . 2008-08-02 15:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-02 15:00 . 2008-08-02 15:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-08-02 14:40 . 2008-08-07 14:13 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-02 14:26 . 2004-08-04 00:56 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-08-02 14:15 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2008-08-02 14:15 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2008-08-02 14:15 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax
2008-08-02 14:15 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-08-02 14:15 . 2004-08-04 00:56 32,768 --------- C:\WINDOWS\system32\asr_pfu.exe
2008-08-02 14:15 . 2004-08-03 22:59 12,800 --------- C:\WINDOWS\system32\spiisupd.exe
2008-08-02 14:15 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-08-02 14:12 . 2008-08-02 14:12 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-02 14:00 . 2008-08-02 14:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-02 13:51 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-08-02 13:46 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002257_.tmp
2008-08-02 13:45 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-02 13:36 . 2008-08-02 13:36 <DIR> d-------- C:\WINDOWS\EHome
2008-08-02 13:04 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-08-02 13:02 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-08-02 13:02 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-08-02 13:02 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-02 13:02 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-08-02 13:02 . 2001-08-17 14:19 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2008-08-02 13:02 . 2001-08-17 14:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-08-02 13:02 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-08-01 15:50 . 2008-08-01 15:50 <DIR> d-------- C:\Program Files\AV9
2008-08-01 15:06 . 2008-08-02 11:27 <DIR> d-------- C:\Program Files\Common Files\AVP Shared Files
2008-08-01 10:36 . 2008-08-01 10:36 <DIR> d-------- C:\Program Files\Bonjour
2008-07-30 15:36 . 2008-07-30 15:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 12:15 --------- d-----w C:\Program Files\Winamp
2008-08-07 12:14 --------- d-----w C:\Program Files\Winamp Toolbar
2008-08-07 12:14 --------- d-----w C:\Program Files\Winamp Remote
2008-08-02 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 09:33 --------- d-----w C:\Program Files\Ahead
2008-08-01 13:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-01 10:37 --------- d-----w C:\Program Files\Common Files\Filseclab
2008-08-01 08:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-30 13:35 --------- d-----w C:\Program Files\BitComet
2008-07-15 11:48 --------- d-----w C:\Program Files\Tajima
2008-07-15 11:10 --------- d-----w C:\Program Files\Corel
2008-07-15 11:04 --------- d-----w C:\Documents and Settings\Guest\Application Data\Corel
2008-07-02 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-01 09:48 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-27 13:22 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-27 13:22 --------- d-----w C:\Program Files\ACD Systems
2008-06-26 13:22 --------- d-----w C:\Program Files\DIFX
2008-06-26 12:36 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-26 10:08 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2008-06-21 07:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-06-21 06:48 --------- d-----w C:\Program Files\ThreatFire
2008-06-20 13:09 --------- d-----w C:\Program Files\Common Files\Corel
2008-06-20 13:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 11:25 --------- d-----w C:\Program Files\Microsoft Works
2008-06-20 11:24 --------- d-----w C:\Program Files\MSBuild
2008-06-19 13:15 --------- d-----w C:\Program Files\VIA
2008-06-19 13:11 --------- d-----w C:\Program Files\S3
2008-06-19 11:46 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 22:51 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 19:01 1368064]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVPCC"="C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe" [2000-10-10 11:31 352320]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2007-02-06 07:30 176128 C:\WINDOWS\system32\S3Trayp.exe]

C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 15:37:44 338216]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-06-26 14:33:48 106560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R2 AVPCC;AVP Control Centre Service;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe [2000-10-10 11:31]
R2 F-SECURE AVP;F-SECURE AVP;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsavp.sys [2000-09-04 13:47]
R3 F-SECURE Filter;F-SECURE Filter;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsfilter.sys [2000-05-22 12:18]
R3 F-SECURE Gatekeeper;F-SECURE Gatekeeper;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsgk.sys [2000-08-18 16:44]
R3 F-SECURE Recognizer;F-SECURE Recognizer;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsrec.sys [2000-05-22 12:18]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-03-05 09:54]
S2 SSPORT;SSPORT;C:\WINDOWS\System32\Drivers\SSPORT.sys []
S3 s3chipid;s3chipid;C:\DOCUME~1\MIRZA~1.BAC\LOCALS~1\Temp\s3chipid.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\Mozilla\Firefox\Profiles\1yx0id6d.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-18 15:01:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-18 15:03:06
ComboFix-quarantined-files.txt 2008-08-18 13:03:00

Pre-Run: 7,944,081,408 bytes free
Post-Run: 8,000,827,392 bytes free

169

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Log cu pogledati kasnije. Sad imam neke druge obaveze. Citamo se....

Dopuna: 18 Avg 2008 21:59

Jel mozes da mi napises koju verziju Kaspersky antivirusa koristis?

offline
  • Pridružio: 18 Avg 2008
  • Poruke: 9
  • Gde živiš: kosmos, planeta Zemlja

kasperski,neka starija verzija

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Pa koja starija verzija? I ja vidim da je kaspersky:

O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe /wait

Ko je trenutno na forumu
 

Ukupno su 1056 korisnika na forumu :: 36 registrovanih, 6 sakrivenih i 1014 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, Belac91, bokisha253, BORUTUS, dragoljub11987, dule10savic, Excalibur13, goxin, jaeger, Još malo pa deda, Kibice, Koridor, Krusarac, laurusri, Lošmi, Mcdado, mercedesamg, Mi lao shu, milutin134, minmatar34957, Mitraljeta, ObelixSRB, pedja.st, Polemarchoi, radionica1, raketaš, ruger357, ruma, stegonosa, Trpe Grozni, vargas, vathra, Vlada78, vladetije, Žoržo, 79693