MyCity » Ambulanta -> Arhiva Ambulante » hitna pomoc :(

hitna pomoc :(

Napisano na dan: 25.2.2008

hitna pomoc :(

Sledeća strana

Pagination

Odgovori

drbozovic Poslao: 25 Feb 2008 11:59 Idi na vrh
offline drbozovic Novi MyCity građanin Pridružio: 25 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije lijepo shto prvi post otvaram da bi mi neko pomogao, ali sam naletio na forum trazeci reshenje za moj problem , tako da se nadam da ce mi neko i pomoci Ovo je log od racunara, na sve nacine sam pokushavao ali posle restarta ostaje , znaci negdje je integrisan mali gad. Logfile of HijackThis v1.99.1 Scan saved at 11:48:50, on 25.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\M\Desktop\Proba\tr3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = divx.com/divx/drdivx/forgot.php O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Raketa Krstarice\components\NOWImaging.dll (file missing) O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\M\Local Settings\Temporary Internet Files\Content.IE5\KGIOK1WV\install_sbd_en[2].exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk133YYYU O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - gamehouse.com/ghdlctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....1928786312 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: alofkmn - {8F4D58C3-72EE-4E7F-A46A-160DF2C9B90E} - C:\WINDOWS\alofkmn.dll O21 - SSODL: bxlrvps - {61DA2C3E-2639-41B0-AB65-A4BE0067EEF3} - C:\WINDOWS\bxlrvps.dll O21 - SSODL: UnknownComponent - {7dded012-be18-4a5a-a9f8-1c30ac0b5daa} - C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll O21 - SSODL: DrvRom - {0452bde8-1acb-4573-ab4d-66cd44e467b5} - C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BOCore - Unknown owner - C:\Program Files\Comodo\CBOClean\BOCORE.exe (file missing) Dopuna: 25 Feb 2008 11:59 I zaboravih , manifestuje se tako shto izbacuje alerte konstantno >> windows security alert << windows has detected ..... posle odredjenog vremena se napravi ikonica u taskbaru pored sata crvena prekrizena koja isto javlja

Profil

milan27 Poslao: 25 Feb 2008 12:15 Idi na vrh
offline milan27 Super građanin Pridružio: 07 Avg 2006 Poruke: 1182 Gde živiš: Fili Davydkovo, Moscow, Russia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! imas insalirane sumnjive programe na racunaru... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. takodje postavi i nov hijack log...

Profil

drbozovic Poslao: 25 Feb 2008 12:17 Idi na vrh
offline drbozovic Novi MyCity građanin Pridružio: 25 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da sam rijeshio problem sa nekim od postova na forumu u pitanju je program ComboFix ne pojavljuje se vishe Dopuna: 25 Feb 2008 12:17 Evo sad cu postaviti log ponovo Logfile of HijackThis v1.99.1 Scan saved at 12:13:38, on 25.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\M\Desktop\Proba\tr3.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = divx.com/divx/drdivx/forgot.php O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Raketa Krstarice\components\NOWImaging.dll (file missing) O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\M\Local Settings\Temporary Internet Files\Content.IE5\KGIOK1WV\install_sbd_en[2].exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk133YYYU O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - gamehouse.com/ghdlctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....1928786312 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: alofkmn - {8F4D58C3-72EE-4E7F-A46A-160DF2C9B90E} - C:\WINDOWS\alofkmn.dll O21 - SSODL: bxlrvps - {61DA2C3E-2639-41B0-AB65-A4BE0067EEF3} - C:\WINDOWS\bxlrvps.dll O21 - SSODL: UnknownComponent - {7dded012-be18-4a5a-a9f8-1c30ac0b5daa} - C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll O21 - SSODL: DrvRom - {0452bde8-1acb-4573-ab4d-66cd44e467b5} - C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BOCore - Unknown owner - C:\Program Files\Comodo\CBOClean\BOCORE.exe (file missing)

Profil

milan27 Poslao: 25 Feb 2008 12:18 Idi na vrh
offline milan27 Super građanin Pridružio: 07 Avg 2006 Poruke: 1182 Gde živiš: Fili Davydkovo, Moscow, Russia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! postavi ti ipak logove za svaki slucaj....i log combofixa, trebalo bi da je na C:\ComboFix.txt

Profil

drbozovic Poslao: 25 Feb 2008 18:18 Idi na vrh
offline drbozovic Novi MyCity građanin Pridružio: 25 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Milane potpuno ste bili u pravu ! Poshto se radi o istom racunaru sa pocetka teme ne bih otvarao novi topic da ne bih spamovao forum. Naime, isti simptomi kao u pocetku Windows Security Alert : ..... Ikonica u taskbaru pored sata crvena blinkajuca sa istim alertom.... Posle odredjenog vremena upitnik da li zelim da "donaldujem" neki antivirus i u slucaju pozitivnog odgovora redirekt na neku stranicu uglavnom nepostojecu. Hijacker log : Logfile of HijackThis v1.99.1 Scan saved at 17:40:27, on 25.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\M\Desktop\Proba\tr3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = divx.com/divx/drdivx/forgot.php O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Raketa Krstarice\components\NOWImaging.dll (file missing) O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\M\Local Settings\Temporary Internet Files\Content.IE5\KGIOK1WV\install_sbd_en[2].exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk133YYYU O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - gamehouse.com/ghdlctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....1928786312 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: alofkmn - {8F4D58C3-72EE-4E7F-A46A-160DF2C9B90E} - C:\WINDOWS\alofkmn.dll O21 - SSODL: bxlrvps - {61DA2C3E-2639-41B0-AB65-A4BE0067EEF3} - C:\WINDOWS\bxlrvps.dll O21 - SSODL: UnknownComponent - {7dded012-be18-4a5a-a9f8-1c30ac0b5daa} - C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll O21 - SSODL: DrvRom - {0452bde8-1acb-4573-ab4d-66cd44e467b5} - C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BOCore - Unknown owner - C:\Program Files\Comodo\CBOClean\BOCORE.exe (file missing) Combo Fix Log: ComboFix 08-02-25.2 - M 2008-02-25 17:41:49.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.183 [GMT 1:00] Running from: C:\Documents and Settings\M\Desktop\Proba\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\M\Desktop\Error Cleaner.url C:\Documents and Settings\M\Desktop\Privacy Protector.url C:\Documents and Settings\M\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\M\Favorites\Error Cleaner.url C:\Documents and Settings\M\Favorites\Privacy Protector.url C:\Documents and Settings\M\Favorites\Spyware&Malware Protection.url . ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-25 17:25 . 2008-02-25 17:25 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-25 11:14 . 2008-02-25 11:17 675 --a------ C:\WINDOWS\wininit.ini 2008-02-25 10:19 . 2008-02-25 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 02:13 . 2008-02-25 02:13 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-25 01:46 . 2008-02-25 02:38 <DIR> d-------- C:\Program Files\Remove-it 2008-02-25 00:27 . 2008-02-25 00:27 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-25 00:07 . 2008-02-25 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-25 00:06 . 2008-02-25 02:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-25 00:06 . 2008-02-25 02:16 <DIR> d-------- C:\Documents and Settings\M\Application Data\SUPERAntiSpyware.com 2008-02-24 23:01 . 2008-02-24 23:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:59 . 2008-02-24 21:59 <DIR> d-------- C:\Documents and Settings\M\Application Data\Uniblue 2008-02-24 21:59 . 2008-02-24 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-24 19:54 . 2008-02-24 19:53 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-02-24 19:53 . 2008-02-24 20:55 <DIR> d-------- C:\Documents and Settings\M\.housecall6.6 2008-02-24 19:08 . 2008-02-24 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-02-24 18:30 . 2008-02-24 18:30 <DIR> d--hs---- C:\found.000 2008-02-24 15:54 . 2008-02-24 15:54 <DIR> d-------- C:\Program Files\Softwin 2008-02-23 22:28 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-02-23 22:28 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-02-23 15:54 . 2008-02-23 13:00 229,376 --a------ C:\WINDOWS\bxlrvps.dll 2008-02-23 15:54 . 2008-02-23 13:00 180,224 --a------ C:\WINDOWS\alofkmn.dll 2008-02-23 15:54 . 2008-02-23 13:00 81,920 --a------ C:\WINDOWS\fkxvkns.exe 2008-02-23 15:52 . 2008-02-23 15:53 <DIR> d-------- C:\Program Files\MediaEldoradoCodec 2008-02-23 15:26 . 2008-02-23 15:26 <DIR> d-------- C:\Program Files\Winamp Remote 2008-02-23 15:26 . 2008-02-23 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-02-16 21:59 . 2008-02-16 22:03 <DIR> dr------- C:\milicin folder NE DIRATI 2008-02-11 01:06 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-02-11 01:06 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-02-11 01:05 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-02-11 01:04 . 2008-02-24 02:32 <DIR> d-------- C:\Program Files\Winamp 2008-02-11 01:04 . 2008-02-11 01:18 <DIR> d-------- C:\Documents and Settings\M\Application Data\Winamp 2008-02-10 12:36 . 2008-02-10 12:36 3,652 --a------ C:\WINDOWS\desctemp.dat 2008-02-06 20:19 . 2008-02-06 20:19 <DIR> d-------- C:\Program Files\Microsoft VM 2008-02-03 22:48 . 2008-02-24 21:37 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-02-03 22:41 . 2008-02-24 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-02-03 22:39 . 2008-02-24 19:34 <DIR> d-------- C:\Program Files\Common Files\Softwin 2008-02-03 16:46 . 2008-02-03 16:46 <DIR> d-------- C:\Documents and Settings\M\Application Data\Home Sweet Home . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-25 01:21 --------- d-----w C:\Program Files\Macrogaming 2008-02-24 23:40 --------- d-----w C:\Program Files\Opera 2008-02-24 23:06 --------- d-----w C:\Documents and Settings\M\Application Data\Skype 2008-02-24 22:59 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-02-24 21:05 --------- d-----w C:\Documents and Settings\M\Application Data\mIRC 2008-02-24 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-24 18:47 --------- d-----w C:\Program Files\Yahoo! 2008-02-24 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-24 18:10 --------- d-----w C:\Program Files\Google 2008-02-24 18:09 --------- d-----w C:\Documents and Settings\M\Application Data\Yahoo! 2008-02-24 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-24 13:04 --------- d-----w C:\Program Files\lx_cats 2008-02-17 20:39 --------- d-----w C:\Documents and Settings\M\Application Data\AdobeUM 2008-02-10 22:57 --------- d-----w C:\Program Files\Common Files\Real 2008-02-03 22:21 --------- d-----w C:\Program Files\MSN Messenger 2008-02-03 16:26 --------- d-----w C:\Program Files\Yahoo! Games 2008-01-25 14:43 --------- d-----w C:\Program Files\Comodo 2008-01-25 12:41 --------- d-----w C:\Program Files\BearShare Applications 2008-01-25 02:04 230,432 ----a-w C:\StiImg.dat 2008-01-16 22:31 --------- d-----w C:\Program Files\Java 2008-01-16 19:16 --------- d-----w C:\Program Files\Avant Browser 2008-01-16 18:11 --------- d-----w C:\Program Files\Battle Engine Aquila 2008-01-16 17:33 --------- d-----w C:\Program Files\GameHouse 2008-01-15 15:46 --------- d-----w C:\Program Files\QuickTime 2008-01-09 15:00 --------- d-----w C:\Program Files\Unipong 2007-12-29 17:05 --------- d-----w C:\Documents and Settings\M\Application Data\Flood Light Games 2007-12-29 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2007-12-29 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-29 14:51 --------- d-----w C:\Documents and Settings\M\Application Data\PlayFirst 2007-12-29 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-09-06 21:55 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-04-02 20:28 56 --sh--r C:\WINDOWS\system32\6F75E99ED2.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl] "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 17:02 286720] "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 06:10 98304] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 09:11 290816] "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536] "SBI"="C:\Documents and Settings\M\Local Settings\Temporary Internet Files\Content.IE5\KGIOK1WV\install_sbd_en[2].exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 16:33:36 626176] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-04-02 20:01:46 266240] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableRegistryTools"= 0 (0x0) "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "alofkmn"= {8F4D58C3-72EE-4E7F-A46A-160DF2C9B90E} - C:\WINDOWS\alofkmn.dll [2008-02-23 13:00 180224] "bxlrvps"= {61DA2C3E-2639-41B0-AB65-A4BE0067EEF3} - C:\WINDOWS\bxlrvps.dll [2008-02-23 13:00 229376] "UnknownComponent"= {7dded012-be18-4a5a-a9f8-1c30ac0b5daa} - C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll [2008-02-23 15:54 17958] "DrvRom"= {0452bde8-1acb-4573-ab4d-66cd44e467b5} - C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll [2008-02-23 15:56 17958] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"=" " [HKLM\~\startupfolder\C:^Documents and Settings^M^Start Menu^Programs^Startup^Registration Driver Parallel Lines.LNK] path=C:\Documents and Settings\M\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK backup=C:\WINDOWS\pss\Registration Driver Parallel Lines.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotkey] --a------ 2004-04-03 17:38 36864 C:\Program Files\Hotkey\Hotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] ~C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV] C:\WINDOWS\RavMonE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] -ra------ 2005-05-26 04:01 49152 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream] C:\Program Files\Raketa Krstarice\raketa-core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-09-23 11:41 860160 C:\Program Files\Analog Devices\SoundMAX\smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2007-08-12 10:02 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "lxcy_device"=3 (0x3) "wuauserv"=2 (0x2) "usnjsvc"=3 (0x3) "STI Simulator"=2 (0x2) "SoundMAX Agent Service (default)"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Documents and Settings\\M\\My Documents\\mIRC\\mirc.exe"= "C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe"= "C:\\Program Files\\Unipong\\unipong.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\GameHouse\\Collapse II\\Relapse.exe"= "C:\\Program Files\\GameHouse\\WHATword\\WhatWord.exe"= "C:\\Program Files\\Avant Browser\\avant.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13436:TCP"= 13436:TCP:NortonAV "15811:TCP"= 15811:TCP:NortonAV R3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 09:46] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 09:43] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S4 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23] S4 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54] . Contents of the 'Scheduled Tasks' folder "2008-02-24 21:11:46 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-02-24 21:03:11 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-25 17:45:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run SBI = C:\Documents and Settings\M\Local Settings\Temporary Internet Files\Content.IE5\KGIOK1WV\install_sbd_en[2].exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\bxlrvps.dll -> C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll -> C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll . Completion time: 2008-02-25 17:47:10 ComboFix-quarantined-files.txt 2008-02-25 16:46:15 ComboFix2.txt 2008-02-25 11:04:50

Profil

milan27 Poslao: 26 Feb 2008 18:28 Idi na vrh
offline milan27 Super građanin Pridružio: 07 Avg 2006 Poruke: 1182 Gde živiš: Fili Davydkovo, Moscow, Russia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\bxlrvps.dll C:\WINDOWS\alofkmn.dll C:\WINDOWS\fkxvkns.exe C:\WINDOWS\RavMonE.exe C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll Folder:: C:\Program Files\MediaEldoradoCodec Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBI"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "alofkmn"=- "bxlrvps"=- "UnknownComponent"=- "DrvRom"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

drbozovic Poslao: 27 Feb 2008 21:42 Idi na vrh
offline drbozovic Novi MyCity građanin Pridružio: 25 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-02-25.2 - M 2008-02-27 21:28:33.3 - NTFSx86 Running from: C:\Documents and Settings\M\Desktop\Proba\ComboFix.exe Command switches used :: C:\Documents and Settings\M\Desktop\Proba\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\alofkmn.dll C:\WINDOWS\bxlrvps.dll C:\WINDOWS\fkxvkns.exe C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll C:\WINDOWS\RavMonE.exe . The following files were disabled during the run: C:\WINDOWS\system32\sockspy.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\M\Desktop\Error Cleaner.url C:\Documents and Settings\M\Desktop\Privacy Protector.url C:\Documents and Settings\M\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\M\Favorites\Error Cleaner.url C:\Documents and Settings\M\Favorites\Privacy Protector.url C:\Documents and Settings\M\Favorites\Spyware&Malware Protection.url C:\Program Files\MediaEldoradoCodec C:\Program Files\MediaEldoradoCodec\install.ico C:\Program Files\MediaEldoradoCodec\MediaEldoradoCodec.ocx C:\Program Files\MediaEldoradoCodec\Uninstall.exe C:\WINDOWS\alofkmn.dll C:\WINDOWS\bxlrvps.dll C:\WINDOWS\fkxvkns.exe C:\WINDOWS\Installer\{0452bde8-1acb-4573-ab4d-66cd44e467b5}\DrvRom.dll C:\WINDOWS\Installer\{7dded012-be18-4a5a-a9f8-1c30ac0b5daa}\UnknownComponent.dll . ((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))) . 2008-02-26 20:12 . 2008-02-26 20:12 <DIR> d-------- C:\Documents and Settings\M\Application Data\Bitdefender 2008-02-25 17:25 . 2008-02-25 17:25 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-25 11:14 . 2008-02-25 11:17 675 --a------ C:\WINDOWS\wininit.ini 2008-02-25 10:19 . 2008-02-25 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 02:13 . 2008-02-25 02:13 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-25 01:46 . 2008-02-25 02:38 <DIR> d-------- C:\Program Files\Remove-it 2008-02-25 00:27 . 2008-02-25 00:27 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-25 00:07 . 2008-02-25 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-25 00:06 . 2008-02-26 21:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-25 00:06 . 2008-02-25 02:16 <DIR> d-------- C:\Documents and Settings\M\Application Data\SUPERAntiSpyware.com 2008-02-24 23:01 . 2008-02-24 23:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:59 . 2008-02-24 21:59 <DIR> d-------- C:\Documents and Settings\M\Application Data\Uniblue 2008-02-24 21:59 . 2008-02-24 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-24 19:54 . 2008-02-24 19:53 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-02-24 19:53 . 2008-02-24 20:55 <DIR> d-------- C:\Documents and Settings\M\.housecall6.6 2008-02-24 19:08 . 2008-02-24 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-02-24 18:30 . 2008-02-24 18:30 <DIR> d--hs---- C:\found.000 2008-02-24 15:54 . 2008-02-24 15:54 <DIR> d-------- C:\Program Files\Softwin 2008-02-23 22:28 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-02-23 22:28 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-02-23 15:26 . 2008-02-23 15:26 <DIR> d-------- C:\Program Files\Winamp Remote 2008-02-23 15:26 . 2008-02-23 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-02-16 21:59 . 2008-02-16 22:03 <DIR> dr------- C:\milicin folder NE DIRATI 2008-02-11 01:06 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-02-11 01:06 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-02-11 01:05 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-02-11 01:04 . 2008-02-24 02:32 <DIR> d-------- C:\Program Files\Winamp 2008-02-11 01:04 . 2008-02-11 01:18 <DIR> d-------- C:\Documents and Settings\M\Application Data\Winamp 2008-02-10 12:36 . 2008-02-10 12:36 3,652 --a------ C:\WINDOWS\desctemp.dat 2008-02-06 20:19 . 2008-02-06 20:19 <DIR> d-------- C:\Program Files\Microsoft VM 2008-02-03 22:48 . 2008-02-27 21:36 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-02-03 22:41 . 2008-02-26 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-02-03 22:39 . 2008-02-26 20:10 <DIR> d-------- C:\Program Files\Common Files\Softwin 2008-02-03 16:46 . 2008-02-03 16:46 <DIR> d-------- C:\Documents and Settings\M\Application Data\Home Sweet Home . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 00:13 --------- d-----w C:\Program Files\lx_cats 2008-02-26 23:12 --------- d-----w C:\Documents and Settings\M\Application Data\mIRC 2008-02-25 01:21 --------- d-----w C:\Program Files\Macrogaming 2008-02-24 23:40 --------- d-----w C:\Program Files\Opera 2008-02-24 23:06 --------- d-----w C:\Documents and Settings\M\Application Data\Skype 2008-02-24 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-24 18:47 --------- d-----w C:\Program Files\Yahoo! 2008-02-24 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-24 18:10 --------- d-----w C:\Program Files\Google 2008-02-24 18:09 --------- d-----w C:\Documents and Settings\M\Application Data\Yahoo! 2008-02-24 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-17 20:39 --------- d-----w C:\Documents and Settings\M\Application Data\AdobeUM 2008-02-10 22:57 --------- d-----w C:\Program Files\Common Files\Real 2008-02-03 22:21 --------- d-----w C:\Program Files\MSN Messenger 2008-02-03 16:26 --------- d-----w C:\Program Files\Yahoo! Games 2008-01-25 14:43 --------- d-----w C:\Program Files\Comodo 2008-01-25 12:41 --------- d-----w C:\Program Files\BearShare Applications 2008-01-25 02:04 230,432 ----a-w C:\StiImg.dat 2008-01-16 22:31 --------- d-----w C:\Program Files\Java 2008-01-16 19:16 --------- d-----w C:\Program Files\Avant Browser 2008-01-16 18:11 --------- d-----w C:\Program Files\Battle Engine Aquila 2008-01-16 17:33 --------- d-----w C:\Program Files\GameHouse 2008-01-15 15:46 --------- d-----w C:\Program Files\QuickTime 2008-01-09 15:00 --------- d-----w C:\Program Files\Unipong 2007-12-29 17:05 --------- d-----w C:\Documents and Settings\M\Application Data\Flood Light Games 2007-12-29 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2007-12-29 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-29 14:51 --------- d-----w C:\Documents and Settings\M\Application Data\PlayFirst 2007-12-29 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-09-06 21:55 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-04-02 20:28 56 --sh--r C:\WINDOWS\system32\6F75E99ED2.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl] "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 17:02 286720] "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 06:10 98304] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 09:11 290816] "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 16:33:36 626176] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-04-02 20:01:46 266240] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableRegistryTools"= 0 (0x0) "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"=" " [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\startupfolder\C:^Documents and Settings^M^Start Menu^Programs^Startup^Registration Driver Parallel Lines.LNK] path=C:\Documents and Settings\M\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK backup=C:\WINDOWS\pss\Registration Driver Parallel Lines.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotkey] --a------ 2004-04-03 17:38 36864 C:\Program Files\Hotkey\Hotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] ~C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] -ra------ 2005-05-26 04:01 49152 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream] C:\Program Files\Raketa Krstarice\raketa-core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-09-23 11:41 860160 C:\Program Files\Analog Devices\SoundMAX\smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2007-08-12 10:02 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "lxcy_device"=3 (0x3) "wuauserv"=2 (0x2) "usnjsvc"=3 (0x3) "STI Simulator"=2 (0x2) "SoundMAX Agent Service (default)"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe"= "C:\\Program Files\\Unipong\\unipong.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\GameHouse\\Collapse II\\Relapse.exe"= "C:\\Program Files\\GameHouse\\WHATword\\WhatWord.exe"= "C:\\Program Files\\Avant Browser\\avant.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13436:TCP"= 13436:TCP:NortonAV "15811:TCP"= 15811:TCP:NortonAV . Contents of the 'Scheduled Tasks' folder "2008-02-24 21:11:46 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-02-24 21:03:11 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-27 21:36:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-27 21:39:52 ComboFix-quarantined-files.txt 2008-02-27 20:39:26 ComboFix2.txt 2008-02-25 16:47:11 ComboFix3.txt 2008-02-25 11:04:50 . 2008-02-13 03:21:03 --- E O F ---

Profil

milan27 Poslao: 03 Mar 2008 23:10 Idi na vrh
offline milan27 Super građanin Pridružio: 07 Avg 2006 Poruke: 1182 Gde živiš: Fili Davydkovo, Moscow, Russia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » hitna pomoc :(

Ko je trenutno na forumu

Ukupno su 936 korisnika na forumu :: 14 registrovanih, 3 sakrivenih i 919 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bobomicek, Bubimir, galijot, hyla, ILGromovnik, indja, jukeboxer, ladro, Lazarus, panzerwaffe, procesor, suton, Tvrtko I, voja64

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by