MyCity » Ambulanta -> Arhiva Ambulante » avast nece ili ne moze da obrise virus. molim za pomoc.

avast nece ili ne moze da obrise virus. molim za pomoc.

Napisano na dan: 28.7.2009

Strana:
1
2
3

avast nece ili ne moze da obrise virus. molim za pomoc.

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

bibendum Poslao: 31 Jul 2009 20:44 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 31 Jul 2009 20:42 ComboFix 09-07-29.04 - korisnik 31.07.2009 20:25.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.254 [GMT 2:00] Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\korisnik\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090730-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\cmptes.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\korisnik\LOCALS~1\Temp\svchost.exe c:\program files\Internet Explorer\IETimber c:\program files\Internet Explorer\IETimber\IETimber.dll c:\program files\Internet Explorer\IETimber\IP.dat c:\program files\Internet Explorer\IETimber\uISGRLFile.dat c:\program files\Internet Explorer\IETimber\Uninstall.exe c:\windows\AMD c:\windows\AMD\google.dll c:\windows\Fonts\292E5C84.DLL c:\windows\system32\1FMZ2NEBD5 c:\windows\system32\1FMZ2NEBD5\A3121.exe c:\windows\system32\81FR0MLUJV c:\windows\system32\A64JU1WW2Z c:\windows\system32\A64JU1WW2Z\A3121.exe c:\windows\system32\aspx.exe c:\windows\system32\capisrv.dll c:\windows\system32\cmptes.dll c:\windows\system32\JV33PKTIZY c:\windows\system32\KE571CDGC2 c:\windows\system32\KE571CDGC2\A3121.exe c:\windows\system32\KE571CDGC2\E001.exe c:\windows\system32\KE571CDGC2\H001.exe c:\windows\system32\KE571CDGC2\J001.exe c:\windows\system32\N8R5GQWFEY c:\windows\system32\urlmor.dll c:\windows\system32\winhelp32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AEXPSRV -------\Legacy_ASPX -------\Legacy_EFRGT -------\Legacy_WINHELP32 -------\Service_AExpSrv -------\Service_ASPX -------\Service_efrgt -------\Service_WinHelp32 ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 ))))))))))))))))))))))))))))))) . 2009-07-31 18:31 . 2009-07-31 18:31 34304 ----a-w- c:\windows\system32\DNXgrz.exe 2009-07-31 18:21 . 2009-07-31 18:20 94720 ----a-w- c:\windows\system32\CMWfoy.exe 2009-07-31 18:19 . 2009-07-31 18:19 102 ----a-w- c:\windows\system32\sdsk88sdddf.dat 2009-07-31 18:09 . 2009-07-31 18:19 -------- d-----w- c:\windows\system32\XOXVTM8Z9G 2009-07-31 17:17 . 2009-07-31 17:27 -------- d-----w- c:\windows\system32\MCGVXAQS23 2009-07-31 05:09 . 2009-07-31 05:13 -------- d-----w- c:\windows\system32\9JKB9Q9IJP 2009-07-31 05:01 . 2009-07-31 05:03 -------- d-----w- c:\windows\system32\8QLHQT4Y7T 2009-07-31 04:59 . 2009-07-31 18:08 873984 ----a-w- c:\windows\system32\libmysql.dll 2009-07-31 04:34 . 2009-07-31 04:34 431616 --sh--r- c:\program files\Common Files\Svc.exe 2009-07-31 04:34 . 2009-07-31 04:36 -------- d-----w- c:\windows\system32\2C21Q1JEE7 2009-07-30 21:50 . 2009-07-30 21:51 -------- d-----w- c:\windows\system32\NSN6T0BSLW 2009-07-30 05:41 . 2009-07-30 05:41 -------- d--h--w- c:\windows\PIF 2009-07-28 08:14 . 2009-07-30 13:13 12136 ----a-w- c:\windows\system32\drivers\tcpz-x86d.sys 2009-07-28 08:14 . 2009-07-28 08:14 101888 --sh--w- c:\windows\system32\comptres.dll 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-07-27 17:35 . 2009-07-27 17:35 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\AnswerWorks 4.0 2009-07-27 17:34 . 2009-07-27 17:39 -------- d-----w- c:\documents and settings\korisnik\Application Data\Autodesk 2009-07-27 17:34 . 2009-07-27 17:36 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- C:\Programme 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-07-27 17:30 . 2009-07-27 17:30 -------- d-----w- c:\program files\AutoCad2004 2009-07-20 17:26 . 2009-07-31 18:32 -------- d-----w- c:\documents and settings\korisnik\Tracing 2009-07-20 17:11 . 2009-07-20 17:11 -------- d-----w- c:\program files\Microsoft 2009-07-20 17:10 . 2009-07-20 17:10 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-20 17:10 . 2009-07-20 17:11 -------- d-----w- c:\program files\Windows Live 2009-07-20 16:34 . 2009-07-20 16:34 -------- d-----w- c:\program files\Common Files\Windows Live 2009-07-20 14:43 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\korisnik\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-07-20 14:39 . 2009-07-20 14:39 -------- d-----w- c:\program files\YouTube Downloader 2009-07-18 07:24 . 2009-07-18 07:24 0 ----a-w- c:\documents and settings\korisnik\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-07-18 07:10 . 2009-07-30 16:46 -------- d-----w- c:\documents and settings\korisnik\Application Data\FrostWire 2009-07-15 14:52 . 2009-07-15 14:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Participatory Culture Foundation 2009-07-15 14:51 . 2009-07-15 14:51 -------- d-----w- c:\program files\Participatory Culture Foundation 2009-07-13 14:36 . 2009-07-13 14:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple 2009-07-08 21:08 . 2009-07-08 21:08 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Identities 2009-07-06 14:36 . 2009-07-06 14:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-06 04:47 . 2009-07-06 04:47 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Ahead 2009-07-03 20:37 . 2009-07-29 19:18 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-01 21:35 . 2009-07-01 21:35 -------- d-----w- c:\program files\City Interactive . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-31 18:18 . 2009-07-31 18:18 30 ----a-w- c:\windows\Fonts\s3sds212.dat 2009-07-31 18:18 . 2009-07-31 18:18 176182 ----a-w- c:\windows\Fonts\AB289FA0.EXE 2009-07-31 04:23 . 2009-06-24 10:15 47784 ----a-w- c:\documents and settings\korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-26 19:21 . 2009-06-24 12:52 -------- d-----w- c:\program files\Winamp 2009-07-26 07:57 . 2009-06-24 12:49 -------- d-----w- c:\program files\Mv2Player 2009-07-15 14:00 . 2009-06-24 12:49 -------- d-----w- c:\program files\CyberLink 2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\korisnik\Application Data\DivX 2009-06-28 22:28 . 2009-06-24 12:52 -------- d-----w- c:\program files\QuickTime Alternative 2009-06-28 22:27 . 2009-06-24 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\program files\Apple Software Update 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\korisnik\Application Data\GRETECH 2009-06-27 17:31 . 2009-06-27 17:31 -------- d-----w- c:\program files\GRETECH 2009-06-27 17:28 . 2009-06-24 12:49 -------- d-----w- c:\program files\DivX 2009-06-27 17:22 . 2009-06-27 17:22 -------- d-----w- c:\documents and settings\korisnik\Application Data\Media Player Classic 2009-06-27 17:20 . 2009-06-24 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-27 17:19 . 2009-06-27 17:19 -------- d-----w- c:\program files\Real Alternative 2009-06-26 05:02 . 2009-06-26 05:02 -------- d-----w- c:\documents and settings\korisnik\Application Data\CyberLink 2009-06-25 22:29 . 2009-06-25 22:29 -------- d-----w- c:\documents and settings\korisnik\Application Data\AdobeUM 2009-06-25 22:28 . 2009-06-24 18:06 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-25 22:00 . 2009-06-25 22:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-25 22:00 . 2009-06-25 22:00 -------- d-----w- c:\program files\Java 2009-06-25 22:00 . 2009-06-25 22:00 152576 ----a-w- c:\documents and settings\korisnik\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-25 17:49 . 2009-06-25 17:49 -------- d-----w- c:\program files\Alwil Software 2009-06-25 16:37 . 2009-06-25 16:37 0 ----a-w- c:\windows\nsreg.dat 2009-06-24 18:45 . 2009-06-24 18:45 1915520 ----a-w- c:\documents and settings\korisnik\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-06-24 18:33 . 2009-06-24 18:33 -------- d-----w- c:\documents and settings\korisnik\Application Data\Samsung 2009-06-24 18:28 . 2009-06-24 18:07 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-06-24 18:07 . 2009-06-24 18:07 -------- d-----w- c:\program files\Samsung 2009-06-24 12:52 . 2009-06-24 12:52 -------- d-----w- c:\program files\Media Player Classic 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\XviD 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\ffdshow 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivXCodec 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivX_311alpha 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\AC3Filter 2009-06-24 12:49 . 2009-06-24 12:49 -------- d-----w- c:\program files\ASUSTek 2009-06-24 12:48 . 2009-06-24 12:48 -------- d-----w- c:\program files\IrfanView 2009-06-24 10:55 . 2009-06-24 10:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat 2009-06-24 10:52 . 2009-06-24 10:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Microsoft Web Folders 2009-06-24 10:52 . 2009-06-24 10:09 -------- d-----w- c:\program files\microsoft frontpage 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\ANI 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\D-Link 2009-06-24 10:44 . 2009-06-24 10:35 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-24 10:40 . 2009-06-24 10:40 -------- d-----w- c:\program files\C-Media 3D Audio 2009-06-24 10:37 . 2009-06-24 10:36 -------- d-----w- c:\program files\ATI Technologies 2009-06-24 10:33 . 2009-06-24 10:08 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-24 10:05 . 2009-06-24 10:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-23 08:04 . 2009-06-25 16:37 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-31 18:32 . 2009-07-31 18:32 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat + 2009-07-31 18:32 . 2009-07-31 18:32 16384 c:\windows\Temp\Perflib_Perfdata_580.dat + 2009-07-31 18:16 . 2009-07-31 18:17 65536 c:\windows\system32\XOXVTM8Z9G\K001.exe + 2009-07-31 18:15 . 2009-07-31 18:16 65536 c:\windows\system32\XOXVTM8Z9G\J002.exe + 2009-07-31 18:14 . 2009-07-31 18:15 65536 c:\windows\system32\XOXVTM8Z9G\J001.exe + 2009-07-31 18:13 . 2009-07-31 18:14 65536 c:\windows\system32\XOXVTM8Z9G\I001.exe + 2009-07-31 18:12 . 2009-07-31 18:13 57856 c:\windows\system32\XOXVTM8Z9G\E001.exe + 2009-07-31 17:24 . 2009-07-31 17:27 65536 c:\windows\system32\MCGVXAQS23\J002.exe + 2009-07-31 17:24 . 2009-07-31 17:24 65536 c:\windows\system32\MCGVXAQS23\J001.exe + 2009-07-31 17:20 . 2009-07-31 17:24 65536 c:\windows\system32\MCGVXAQS23\I001.exe + 2009-07-31 04:35 . 2009-07-31 04:35 65536 c:\windows\system32\2C21Q1JEE7\J002.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-05-26 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.6.2009 19:49 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.6.2009 19:49 20560] R2 csgv;afv;c:\windows\system32\MCGVXAQS23\J002.exe [31.7.2009 19:24 65536] R2 fdcd;sfdf;c:\windows\system32\XOXVTM8Z9G\K001.exe [31.7.2009 20:16 65536] R2 fdgf;dvf;c:\windows\system32\MCGVXAQS23\I001.exe [31.7.2009 19:20 65536] R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\drivers\tcpz-x86d.sys [28.7.2009 10:14 12136] R2 vrgv;srftr;c:\windows\system32\2C21Q1JEE7\J002.exe [31.7.2009 6:35 65536] S2 server this;server this;c:\windows\system32\XOXVTM8Z9G\E001.exe [31.7.2009 20:12 57856] S2 WcsSrv;Windows Color Service;c:\program files\Common Files\Svc.exe [31.7.2009 6:34 431616] --- Other Services/Drivers In Memory --- Deregistered - FD98F862 . Contents of the 'Scheduled Tasks' folder 2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . - - - - ORPHANS REMOVED - - - - BHO-{296AB1C6-FB22-4D17-8834-064E2BA0A6F0} - c:\windows\AMD\google.dll BHO-{489873CE-F3E1-44A3-8E89-04BE26BE4446} - c:\program files\Internet Explorer\IETimber\IETimber.dll . ------- Supplementary Scan ------- . uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] TCP: {40F181AC-C3C4-4442-91F0-90AD4836D0AC} = 87.250.98.250 208.67.222.222 FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\coy493u0.default\ FF - prefs.js: browser.search.selectedEngine - Google . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-07-31 20:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3044) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-07-31 20:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-31 18:37 ComboFix2.txt 2009-07-30 21:21 Pre-Run: 16.310.788.096 bytes free Post-Run: 16.207.941.632 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 252 Dopuna: 31 Jul 2009 20:44 ne koristim TCP-Z

Profil

dr_Bora Poslao: 31 Jul 2009 21:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\DNXgrz.exe c:\windows\system32\CMWfoy.exe c:\windows\system32\sdsk88sdddf.dat c:\program files\Common Files\Svc.exe c:\windows\system32\drivers\tcpz-x86d.sys c:\windows\system32\comptres.dll c:\windows\Fonts\s3sds212.dat c:\windows\Fonts\AB289FA0.EXE Folder:: c:\windows\system32\XOXVTM8Z9G c:\windows\system32\MCGVXAQS23 c:\windows\system32\9JKB9Q9IJP c:\windows\system32\8QLHQT4Y7T c:\windows\system32\2C21Q1JEE7 c:\windows\system32\NSN6T0BSLW Driver:: csgv fdcd fdgf TCPZ vrgv server this WcsSrv DDS:: uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bibendum Poslao: 31 Jul 2009 23:26 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-31.02 - korisnik 31.07.2009 23:18.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.198 [GMT 2:00] Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\korisnik\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090731-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\program files\Common Files\Svc.exe" "c:\windows\Fonts\AB289FA0.EXE" "c:\windows\Fonts\s3sds212.dat" "c:\windows\system32\CMWfoy.exe" "c:\windows\system32\comptres.dll" "c:\windows\system32\DNXgrz.exe" "c:\windows\system32\drivers\tcpz-x86d.sys" "c:\windows\system32\sdsk88sdddf.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\Svc.exe c:\windows\Fonts\AB289FA0.EXE c:\windows\Fonts\s3sds212.dat c:\windows\system\sm4fe1090726.exe c:\windows\system32\2C21Q1JEE7 c:\windows\system32\2C21Q1JEE7\J002.exe c:\windows\system32\8QLHQT4Y7T c:\windows\system32\9JKB9Q9IJP c:\windows\system32\CMWfoy.exe c:\windows\system32\comptres.dll c:\windows\system32\DNXgrz.exe c:\windows\system32\drivers\tcpz-x86d.sys c:\windows\system32\MCGVXAQS23 c:\windows\system32\MCGVXAQS23\I001.exe c:\windows\system32\MCGVXAQS23\J001.exe c:\windows\system32\MCGVXAQS23\J002.exe c:\windows\system32\NSN6T0BSLW c:\windows\system32\sdsk88sdddf.dat c:\windows\system32\XOXVTM8Z9G c:\windows\system32\XOXVTM8Z9G\E001.exe c:\windows\system32\XOXVTM8Z9G\I001.exe c:\windows\system32\XOXVTM8Z9G\J001.exe c:\windows\system32\XOXVTM8Z9G\J002.exe c:\windows\system32\XOXVTM8Z9G\K001.exe c:\windows\Temp\15724.exe c:\windows\Temp\18467.exe c:\windows\Temp\19169.exe c:\windows\Temp\24464.exe c:\windows\Temp\26962.exe c:\windows\Temp\28145.exe c:\windows\Temp\29358.exe c:\windows\Temp\5705.exe c:\windows\Temp\6334.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CSGV -------\Legacy_FDCD -------\Legacy_FDGF -------\Legacy_SERVER_THIS -------\Legacy_TCPZ -------\Legacy_VRGV -------\Legacy_WCSSRV -------\Service_csgv -------\Service_fdcd -------\Service_fdgf -------\Service_server this -------\Service_TCPZ -------\Service_vrgv -------\Service_WcsSrv -------\Legacy_FD98F862 -------\Service_FD98F862 ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 ))))))))))))))))))))))))))))))) . 2009-07-31 21:06 . 2009-07-31 21:06 74760 ----a-w- c:\windows\system\csurxkbajs.dll 2009-07-31 18:55 . 2009-07-31 18:55 693760 --sh--w- c:\program files\_rejoice2009.exe 2009-07-31 18:48 . 2009-07-31 18:48 693760 --sh--w- c:\program files\_rejoice200.exe 2009-07-31 04:59 . 2009-07-31 18:08 873984 ----a-w- c:\windows\system32\libmysql.dll 2009-07-30 05:41 . 2009-07-30 05:41 -------- d--h--w- c:\windows\PIF 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-07-27 17:35 . 2009-07-27 17:35 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\AnswerWorks 4.0 2009-07-27 17:34 . 2009-07-27 17:39 -------- d-----w- c:\documents and settings\korisnik\Application Data\Autodesk 2009-07-27 17:34 . 2009-07-27 17:36 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- C:\Programme 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-07-27 17:30 . 2009-07-27 17:30 -------- d-----w- c:\program files\AutoCad2004 2009-07-20 17:26 . 2009-07-31 21:23 -------- d-----w- c:\documents and settings\korisnik\Tracing 2009-07-20 17:11 . 2009-07-20 17:11 -------- d-----w- c:\program files\Microsoft 2009-07-20 17:10 . 2009-07-20 17:10 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-20 17:10 . 2009-07-20 17:11 -------- d-----w- c:\program files\Windows Live 2009-07-20 16:34 . 2009-07-20 16:34 -------- d-----w- c:\program files\Common Files\Windows Live 2009-07-20 14:43 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\korisnik\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-07-20 14:39 . 2009-07-20 14:39 -------- d-----w- c:\program files\YouTube Downloader 2009-07-18 07:24 . 2009-07-18 07:24 0 ----a-w- c:\documents and settings\korisnik\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-07-18 07:10 . 2009-07-30 16:46 -------- d-----w- c:\documents and settings\korisnik\Application Data\FrostWire 2009-07-15 14:52 . 2009-07-15 14:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Participatory Culture Foundation 2009-07-15 14:51 . 2009-07-15 14:51 -------- d-----w- c:\program files\Participatory Culture Foundation 2009-07-13 14:36 . 2009-07-13 14:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple 2009-07-08 21:08 . 2009-07-08 21:08 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Identities 2009-07-06 14:36 . 2009-07-06 14:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-06 04:47 . 2009-07-06 04:47 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Ahead 2009-07-03 20:37 . 2009-07-29 19:18 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-01 21:35 . 2009-07-01 21:35 -------- d-----w- c:\program files\City Interactive . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-31 04:23 . 2009-06-24 10:15 47784 ----a-w- c:\documents and settings\korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-26 19:21 . 2009-06-24 12:52 -------- d-----w- c:\program files\Winamp 2009-07-26 07:57 . 2009-06-24 12:49 -------- d-----w- c:\program files\Mv2Player 2009-07-15 14:00 . 2009-06-24 12:49 -------- d-----w- c:\program files\CyberLink 2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\korisnik\Application Data\DivX 2009-06-28 22:28 . 2009-06-24 12:52 -------- d-----w- c:\program files\QuickTime Alternative 2009-06-28 22:27 . 2009-06-24 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\program files\Apple Software Update 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\korisnik\Application Data\GRETECH 2009-06-27 17:31 . 2009-06-27 17:31 -------- d-----w- c:\program files\GRETECH 2009-06-27 17:28 . 2009-06-24 12:49 -------- d-----w- c:\program files\DivX 2009-06-27 17:22 . 2009-06-27 17:22 -------- d-----w- c:\documents and settings\korisnik\Application Data\Media Player Classic 2009-06-27 17:20 . 2009-06-24 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-27 17:19 . 2009-06-27 17:19 -------- d-----w- c:\program files\Real Alternative 2009-06-26 05:02 . 2009-06-26 05:02 -------- d-----w- c:\documents and settings\korisnik\Application Data\CyberLink 2009-06-25 22:29 . 2009-06-25 22:29 -------- d-----w- c:\documents and settings\korisnik\Application Data\AdobeUM 2009-06-25 22:28 . 2009-06-24 18:06 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-25 22:00 . 2009-06-25 22:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-25 22:00 . 2009-06-25 22:00 -------- d-----w- c:\program files\Java 2009-06-25 22:00 . 2009-06-25 22:00 152576 ----a-w- c:\documents and settings\korisnik\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-25 17:49 . 2009-06-25 17:49 -------- d-----w- c:\program files\Alwil Software 2009-06-25 16:37 . 2009-06-25 16:37 0 ----a-w- c:\windows\nsreg.dat 2009-06-24 18:45 . 2009-06-24 18:45 1915520 ----a-w- c:\documents and settings\korisnik\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-06-24 18:33 . 2009-06-24 18:33 -------- d-----w- c:\documents and settings\korisnik\Application Data\Samsung 2009-06-24 18:28 . 2009-06-24 18:07 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-06-24 18:07 . 2009-06-24 18:07 -------- d-----w- c:\program files\Samsung 2009-06-24 12:52 . 2009-06-24 12:52 -------- d-----w- c:\program files\Media Player Classic 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\XviD 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\ffdshow 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivXCodec 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivX_311alpha 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\AC3Filter 2009-06-24 12:49 . 2009-06-24 12:49 -------- d-----w- c:\program files\ASUSTek 2009-06-24 12:48 . 2009-06-24 12:48 -------- d-----w- c:\program files\IrfanView 2009-06-24 10:55 . 2009-06-24 10:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat 2009-06-24 10:52 . 2009-06-24 10:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Microsoft Web Folders 2009-06-24 10:52 . 2009-06-24 10:09 -------- d-----w- c:\program files\microsoft frontpage 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\ANI 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\D-Link 2009-06-24 10:44 . 2009-06-24 10:35 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-24 10:40 . 2009-06-24 10:40 -------- d-----w- c:\program files\C-Media 3D Audio 2009-06-24 10:37 . 2009-06-24 10:36 -------- d-----w- c:\program files\ATI Technologies 2009-06-24 10:33 . 2009-06-24 10:08 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-24 10:05 . 2009-06-24 10:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-23 08:04 . 2009-06-25 16:37 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-31 21:22 . 2009-07-31 21:22 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat + 2009-07-31 21:23 . 2009-07-31 21:23 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-05-26 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogOff"= 1 (0x1) SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.6.2009 19:49 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.6.2009 19:49 20560] S2 Windows_rejoce2009;2222;c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice2009.exe [31.7.2009 20:55 693760] S2 Windows_rejoice2009;Windows_rejoice2009;c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice200.exe [31.7.2009 20:48 693760] --- Other Services/Drivers In Memory --- NewlyCreated - WINDOWS_REJOCE2009 NewlyCreated - WINDOWS_REJOICE2009 . Contents of the 'Scheduled Tasks' folder 2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . - - - - ORPHANS REMOVED - - - - HKLM-Explorer_Run-softwheres - c:\windows\system\sm4fe1090726.exe . ------- Supplementary Scan ------- . uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] TCP: {40F181AC-C3C4-4442-91F0-90AD4836D0AC} = 87.250.98.250 208.67.222.222 FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\coy493u0.default\ FF - prefs.js: browser.search.selectedEngine - Google . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-07-31 23:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3168-) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\windows\system32\calc.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-07-31 23:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-31 21:25 ComboFix2.txt 2009-07-31 18:37 ComboFix3.txt 2009-07-30 21:21 Pre-Run: 16.198.578.176 bytes free Post-Run: 16.159.596.544 bytes free 265

Profil

dr_Bora Poslao: 31 Jul 2009 23:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system\csurxkbajs.dll c:\program files\_rejoice2009.exe c:\program files\_rejoice200.exe c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice2009.exe c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice200.exe DDS:: uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s Driver:: Windows_rejoce2009 Windows_rejoice2009 DirLook:: c:\program files\Common Files\Microsoft Shared\MSInfo` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bibendum Poslao: 01 Avg 2009 01:20 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-31.02 - korisnik 01.08.2009 1:09.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.282 [GMT 2:00] Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\korisnik\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090731-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\program files\_rejoice200.exe" "c:\program files\_rejoice2009.exe" "c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice200.exe" "c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice2009.exe" "c:\windows\system\csurxkbajs.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\_rejoice200.exe c:\program files\_rejoice2009.exe c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice200.exe c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice2009.exe c:\windows\system\csurxkbajs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINDOWS_REJOCE2009 -------\Legacy_WINDOWS_REJOICE2009 -------\Service_Windows_rejoce2009 -------\Service_Windows_rejoice2009 ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 ))))))))))))))))))))))))))))))) . 2009-07-31 04:59 . 2009-07-31 18:08 873984 ----a-w- c:\windows\system32\libmysql.dll 2009-07-30 05:41 . 2009-07-30 05:41 -------- d--h--w- c:\windows\PIF 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-07-27 17:35 . 2009-07-27 17:35 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\AnswerWorks 4.0 2009-07-27 17:34 . 2009-07-27 17:39 -------- d-----w- c:\documents and settings\korisnik\Application Data\Autodesk 2009-07-27 17:34 . 2009-07-27 17:36 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- C:\Programme 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-07-27 17:30 . 2009-07-27 17:30 -------- d-----w- c:\program files\AutoCad2004 2009-07-20 17:26 . 2009-07-31 23:14 -------- d-----w- c:\documents and settings\korisnik\Tracing 2009-07-20 17:11 . 2009-07-20 17:11 -------- d-----w- c:\program files\Microsoft 2009-07-20 17:10 . 2009-07-20 17:10 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-20 17:10 . 2009-07-20 17:11 -------- d-----w- c:\program files\Windows Live 2009-07-20 16:34 . 2009-07-20 16:34 -------- d-----w- c:\program files\Common Files\Windows Live 2009-07-20 14:43 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\korisnik\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-07-20 14:39 . 2009-07-20 14:39 -------- d-----w- c:\program files\YouTube Downloader 2009-07-18 07:24 . 2009-07-18 07:24 0 ----a-w- c:\documents and settings\korisnik\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-07-18 07:10 . 2009-07-30 16:46 -------- d-----w- c:\documents and settings\korisnik\Application Data\FrostWire 2009-07-15 14:52 . 2009-07-15 14:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Participatory Culture Foundation 2009-07-15 14:51 . 2009-07-15 14:51 -------- d-----w- c:\program files\Participatory Culture Foundation 2009-07-13 14:36 . 2009-07-13 14:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple 2009-07-08 21:08 . 2009-07-08 21:08 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Identities 2009-07-06 14:36 . 2009-07-06 14:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-06 04:47 . 2009-07-06 04:47 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Ahead 2009-07-03 20:37 . 2009-07-29 19:18 664 ----a-w- c:\windows\system32\d3d9caps.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-31 04:23 . 2009-06-24 10:15 47784 ----a-w- c:\documents and settings\korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-26 19:21 . 2009-06-24 12:52 -------- d-----w- c:\program files\Winamp 2009-07-26 07:57 . 2009-06-24 12:49 -------- d-----w- c:\program files\Mv2Player 2009-07-15 14:00 . 2009-06-24 12:49 -------- d-----w- c:\program files\CyberLink 2009-07-01 21:35 . 2009-07-01 21:35 -------- d-----w- c:\program files\City Interactive 2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\korisnik\Application Data\DivX 2009-06-28 22:28 . 2009-06-24 12:52 -------- d-----w- c:\program files\QuickTime Alternative 2009-06-28 22:27 . 2009-06-24 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\program files\Apple Software Update 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\korisnik\Application Data\GRETECH 2009-06-27 17:31 . 2009-06-27 17:31 -------- d-----w- c:\program files\GRETECH 2009-06-27 17:28 . 2009-06-24 12:49 -------- d-----w- c:\program files\DivX 2009-06-27 17:22 . 2009-06-27 17:22 -------- d-----w- c:\documents and settings\korisnik\Application Data\Media Player Classic 2009-06-27 17:20 . 2009-06-24 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-27 17:19 . 2009-06-27 17:19 -------- d-----w- c:\program files\Real Alternative 2009-06-26 05:02 . 2009-06-26 05:02 -------- d-----w- c:\documents and settings\korisnik\Application Data\CyberLink 2009-06-25 22:29 . 2009-06-25 22:29 -------- d-----w- c:\documents and settings\korisnik\Application Data\AdobeUM 2009-06-25 22:28 . 2009-06-24 18:06 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-25 22:00 . 2009-06-25 22:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-25 22:00 . 2009-06-25 22:00 -------- d-----w- c:\program files\Java 2009-06-25 22:00 . 2009-06-25 22:00 152576 ----a-w- c:\documents and settings\korisnik\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-25 17:49 . 2009-06-25 17:49 -------- d-----w- c:\program files\Alwil Software 2009-06-25 16:37 . 2009-06-25 16:37 0 ----a-w- c:\windows\nsreg.dat 2009-06-24 18:45 . 2009-06-24 18:45 1915520 ----a-w- c:\documents and settings\korisnik\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-06-24 18:33 . 2009-06-24 18:33 -------- d-----w- c:\documents and settings\korisnik\Application Data\Samsung 2009-06-24 18:28 . 2009-06-24 18:07 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-06-24 18:07 . 2009-06-24 18:07 -------- d-----w- c:\program files\Samsung 2009-06-24 12:52 . 2009-06-24 12:52 -------- d-----w- c:\program files\Media Player Classic 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\XviD 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\ffdshow 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivXCodec 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivX_311alpha 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\AC3Filter 2009-06-24 12:49 . 2009-06-24 12:49 -------- d-----w- c:\program files\ASUSTek 2009-06-24 12:48 . 2009-06-24 12:48 -------- d-----w- c:\program files\IrfanView 2009-06-24 10:55 . 2009-06-24 10:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat 2009-06-24 10:52 . 2009-06-24 10:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Microsoft Web Folders 2009-06-24 10:52 . 2009-06-24 10:09 -------- d-----w- c:\program files\microsoft frontpage 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\ANI 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\D-Link 2009-06-24 10:44 . 2009-06-24 10:35 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-24 10:40 . 2009-06-24 10:40 -------- d-----w- c:\program files\C-Media 3D Audio 2009-06-24 10:37 . 2009-06-24 10:36 -------- d-----w- c:\program files\ATI Technologies 2009-06-24 10:33 . 2009-06-24 10:08 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-24 10:05 . 2009-06-24 10:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-23 08:04 . 2009-06-25 16:37 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\program files\Common Files\Microsoft Shared\MSInfo ---- 2009-07-31 18:55 . 2009-07-31 23:09 693760 --s-a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice2009.exe 2009-07-31 18:48 . 2009-07-31 23:09 693760 --s-a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice200.exe 2009-06-24 10:07 . 2001-08-23 12:00 39936 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe 2009-06-24 10:06 . 2001-08-23 12:00 617 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\IEFILES5.INF 2009-06-24 10:06 . 2001-08-23 12:00 93184 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\IEINFO5.OCX 1999-01-28 09:31 . 1999-01-28 09:31 380928 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\MSIOFF9.OCX 1999-01-21 14:30 . 1999-01-21 14:30 5120 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\OFFPRVPS.DLL 1999-01-21 14:29 . 1999-01-21 14:29 44032 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\OFFPROV.EXE 1998-11-16 11:44 . 1998-11-16 11:44 39167 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\MSIOFF9.MOF ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-31 23:14 . 2009-07-31 23:14 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat + 2009-07-31 23:14 . 2009-07-31 23:14 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-05-26 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogOff"= 1 (0x1) SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.6.2009 19:49 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.6.2009 19:49 20560] . Contents of the 'Scheduled Tasks' folder 2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] TCP: {40F181AC-C3C4-4442-91F0-90AD4836D0AC} = 87.250.98.250 208.67.222.222 FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\coy493u0.default\ FF - prefs.js: browser.search.selectedEngine - Google . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-08-01 01:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3736) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-07-31 1:17 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-31 23:17 ComboFix2.txt 2009-07-31 21:25 ComboFix3.txt 2009-07-31 18:37 ComboFix4.txt 2009-07-30 21:21 Pre-Run: 16.180.731.904 bytes free Post-Run: 16.130.072.576 bytes free 222

Profil

dr_Bora Poslao: 01 Avg 2009 01:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Još samo malo... Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice2009.exe c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice200.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bibendum Poslao: 01 Avg 2009 07:11 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-31.04 - korisnik 01.08.2009 7:00.5.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.183 [GMT 2:00] Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\korisnik\Desktop\CFScript.tht.txt AV: avast! antivirus 4.8.1335 [VPS 090731-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice200.exe" "c:\program files\Common Files\Microsoft Shared\MSInfo\rejoice2009.exe" . ((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 ))))))))))))))))))))))))))))))) . 2009-07-31 04:59 . 2009-07-31 18:08 873984 ----a-w- c:\windows\system32\libmysql.dll 2009-07-30 05:41 . 2009-07-30 05:41 -------- d--h--w- c:\windows\PIF 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-07-27 17:35 . 2009-07-27 17:35 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\AnswerWorks 4.0 2009-07-27 17:34 . 2009-07-27 17:39 -------- d-----w- c:\documents and settings\korisnik\Application Data\Autodesk 2009-07-27 17:34 . 2009-07-27 17:36 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- C:\Programme 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-07-27 17:30 . 2009-07-27 17:30 -------- d-----w- c:\program files\AutoCad2004 2009-07-20 17:26 . 2009-08-01 04:50 -------- d-----w- c:\documents and settings\korisnik\Tracing 2009-07-20 17:11 . 2009-07-20 17:11 -------- d-----w- c:\program files\Microsoft 2009-07-20 17:10 . 2009-07-20 17:10 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-20 17:10 . 2009-07-20 17:11 -------- d-----w- c:\program files\Windows Live 2009-07-20 16:34 . 2009-07-20 16:34 -------- d-----w- c:\program files\Common Files\Windows Live 2009-07-20 14:43 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\korisnik\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-07-20 14:39 . 2009-07-20 14:39 -------- d-----w- c:\program files\YouTube Downloader 2009-07-18 07:24 . 2009-07-18 07:24 0 ----a-w- c:\documents and settings\korisnik\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-07-18 07:10 . 2009-07-30 16:46 -------- d-----w- c:\documents and settings\korisnik\Application Data\FrostWire 2009-07-15 14:52 . 2009-07-15 14:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Participatory Culture Foundation 2009-07-15 14:51 . 2009-07-15 14:51 -------- d-----w- c:\program files\Participatory Culture Foundation 2009-07-13 14:36 . 2009-07-13 14:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple 2009-07-08 21:08 . 2009-07-08 21:08 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Identities 2009-07-06 14:36 . 2009-07-06 14:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-06 04:47 . 2009-07-06 04:47 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Ahead 2009-07-03 20:37 . 2009-07-29 19:18 664 ----a-w- c:\windows\system32\d3d9caps.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-31 04:23 . 2009-06-24 10:15 47784 ----a-w- c:\documents and settings\korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-26 19:21 . 2009-06-24 12:52 -------- d-----w- c:\program files\Winamp 2009-07-26 07:57 . 2009-06-24 12:49 -------- d-----w- c:\program files\Mv2Player 2009-07-15 14:00 . 2009-06-24 12:49 -------- d-----w- c:\program files\CyberLink 2009-07-01 21:35 . 2009-07-01 21:35 -------- d-----w- c:\program files\City Interactive 2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\korisnik\Application Data\DivX 2009-06-28 22:28 . 2009-06-24 12:52 -------- d-----w- c:\program files\QuickTime Alternative 2009-06-28 22:27 . 2009-06-24 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\program files\Apple Software Update 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\korisnik\Application Data\GRETECH 2009-06-27 17:31 . 2009-06-27 17:31 -------- d-----w- c:\program files\GRETECH 2009-06-27 17:28 . 2009-06-24 12:49 -------- d-----w- c:\program files\DivX 2009-06-27 17:22 . 2009-06-27 17:22 -------- d-----w- c:\documents and settings\korisnik\Application Data\Media Player Classic 2009-06-27 17:20 . 2009-06-24 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-27 17:19 . 2009-06-27 17:19 -------- d-----w- c:\program files\Real Alternative 2009-06-26 05:02 . 2009-06-26 05:02 -------- d-----w- c:\documents and settings\korisnik\Application Data\CyberLink 2009-06-25 22:29 . 2009-06-25 22:29 -------- d-----w- c:\documents and settings\korisnik\Application Data\AdobeUM 2009-06-25 22:28 . 2009-06-24 18:06 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-25 22:00 . 2009-06-25 22:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-25 22:00 . 2009-06-25 22:00 -------- d-----w- c:\program files\Java 2009-06-25 22:00 . 2009-06-25 22:00 152576 ----a-w- c:\documents and settings\korisnik\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-25 17:49 . 2009-06-25 17:49 -------- d-----w- c:\program files\Alwil Software 2009-06-25 16:37 . 2009-06-25 16:37 0 ----a-w- c:\windows\nsreg.dat 2009-06-24 18:45 . 2009-06-24 18:45 1915520 ----a-w- c:\documents and settings\korisnik\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-06-24 18:33 . 2009-06-24 18:33 -------- d-----w- c:\documents and settings\korisnik\Application Data\Samsung 2009-06-24 18:28 . 2009-06-24 18:07 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-06-24 18:07 . 2009-06-24 18:07 -------- d-----w- c:\program files\Samsung 2009-06-24 12:52 . 2009-06-24 12:52 -------- d-----w- c:\program files\Media Player Classic 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\XviD 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\ffdshow 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivXCodec 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivX_311alpha 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\AC3Filter 2009-06-24 12:49 . 2009-06-24 12:49 -------- d-----w- c:\program files\ASUSTek 2009-06-24 12:48 . 2009-06-24 12:48 -------- d-----w- c:\program files\IrfanView 2009-06-24 10:55 . 2009-06-24 10:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat 2009-06-24 10:52 . 2009-06-24 10:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Microsoft Web Folders 2009-06-24 10:52 . 2009-06-24 10:09 -------- d-----w- c:\program files\microsoft frontpage 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\ANI 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\D-Link 2009-06-24 10:44 . 2009-06-24 10:35 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-24 10:40 . 2009-06-24 10:40 -------- d-----w- c:\program files\C-Media 3D Audio 2009-06-24 10:37 . 2009-06-24 10:36 -------- d-----w- c:\program files\ATI Technologies 2009-06-24 10:33 . 2009-06-24 10:08 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-24 10:05 . 2009-06-24 10:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-23 08:04 . 2009-06-25 16:37 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-01 04:49 . 2009-08-01 04:49 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat + 2009-08-01 04:49 . 2009-08-01 04:49 16384 c:\windows\Temp\Perflib_Perfdata_1d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-05-26 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogOff"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.6.2009 19:49 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.6.2009 19:49 20560] . Contents of the 'Scheduled Tasks' folder 2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] TCP: {40F181AC-C3C4-4442-91F0-90AD4836D0AC} = 87.250.98.250 208.67.222.222 FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\coy493u0.default\ FF - prefs.js: browser.search.selectedEngine - Google . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-08-01 07:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3464) c:\windows\system32\msi.dll . Completion time: 2009-08-01 7:05 ComboFix-quarantined-files.txt 2009-08-01 05:05 ComboFix2.txt 2009-07-31 23:17 ComboFix3.txt 2009-07-31 21:25 ComboFix4.txt 2009-07-31 18:37 ComboFix5.txt 2009-08-01 04:59 Pre-Run: 16.141.672.448 bytes free Post-Run: 16.100.839.424 bytes free 165

Profil

dr_Bora Poslao: 01 Avg 2009 10:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HijackThis, skeniraj i čekiraj sledeću liniju: R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] Klikni Fix checked. Kakvo je sada stanje?

Profil

bibendum Poslao: 01 Avg 2009 17:55 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sad je sve ok. izgleda da nema vise virusa i nadam se da vise nece biti problema. HVALA

Profil

dr_Bora Poslao: 01 Avg 2009 20:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. To je sve...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » avast nece ili ne moze da obrise virus. molim za pomoc.

Ko je trenutno na forumu

Ukupno su 1359 korisnika na forumu :: 158 registrovanih, 19 sakrivenih i 1182 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -Max-, 33 bren, 357magnum, A.R.Chafee.Jr., Abebe Bikila, arezina, armor, Asparagus, babaroga, Bbbggg1979, Bobrock1, bojank, bokicacar, Borac1983, BOXRR, bpop, BZ, C-Gun, Carl Gustaf, CCCP, CHARLIE JA., cifra, Ciri1994, cole77, comi_pfc, cyprus, DavidA, Denaya, deri3891, Despot1, Dexlex, djonsule, dnr, dok80, dragan_mig31, draganl, DS01, dskrlec33, Dungorth, elenemste, fijufijukrozkapiju55, filiphr, Futog 74, galerija, GeoM, Geran136, gradimirb, grokek, halkin gol, iceburn, Igritelj, Insan, IQ116, Istman, Ivan001, ivan_8282, Jakonjveliki, Jan, Jonbonjovi, Jose, Jozo74, K-1A, kaisarevic1, Kajzer Soze, Kenanjoz, kenny74, Kole1975, koom0001, Koča, Kruger, Krusarac, Kubovac, laganini123, Lazur_01, Limeni91, LostInSpaceandTime, louderik, luka35, m94j, Magarac, mainstream, Marko Marković, mat, MB120mm, mercedesamg, Mercury, Michellefromrezistance, Mig 29, MiG-21-93, Miki 24pbr, Milan A. Nikolic, milenko crazy north, Miletić Zoran, MiljanXD, Milometer, Milos1389, milos97, Milovan Dinic, milutin134, Misirac, Mićko, mkukoleca, moldway, monomah, museum, Naj-Turs, nekdo, nemkea71, Nomica, pacika, Pale2025, Panter, pisac12, PITT, Player035, Povratak1912, procesor, Promising0, R_038, rachmoff, RajkoB, rodoljub, Sančo, savaskytec, SD izvidjac, Sevatar, Sir Budimir, skylab1111, slowhand, spalev, sportyesorno, srđan, Stanlio, starlights, Steeeefan, TheDictator, tomo2, Topaz9, trajkoni018, troki1971, TRZH92, vathra, VBoss, Veless, Velizar Laro, vensla, vidra boy, vuksa72, W123, wizzardone, Wrangler, yorov, zeo, zil10, Zorge, Zvone, zzapNDjuric99, Šraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by