MyCity » Ambulanta -> Arhiva Ambulante » Kako se osloboditi trojnaca

Kako se osloboditi trojnaca

Napisano na dan: 15.2.2008

Kako se osloboditi trojnaca

Sledeća strana

Pagination

Odgovori

mkmiki Poslao: 15 Feb 2008 14:45 Idi na vrh
offline mkmiki Novi MyCity građanin Pridružio: 15 Feb 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pomoc , Antivirusni program ClamWin je registrovao trojanca prema dole navedenom izvestaju MDM.EXE je antivirusni program smestio u quarantine dok ostale ne vidim tamo. Izvrsio sam formatiranje hard diska ali samo C particije, instalirao ponovo operativni sistem no trojanci iz izvestaja antivirusnog programa ponovo su bili tu. Ispod izvestaja saljem vam log fajl prema uputstvu sa vaseg sajta Kako da se oslobodim trojanaca . U napred hvala za pomoc.Pozdrav Izvestaj Scan Started Fri Feb 15 00:21:27 2008 ------------------------------------------------------------------------------- WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied C:\RavMon.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.RavMon.exe' C:\WINDOWS\MDM.EXE: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.MDM.EXE' C:\WINDOWS\SVCHOST.EXE: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.SVCHOST.EXE' D:\RavMon.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.RavMon.exe.000' F:\RavMon.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.RavMon.exe.001' C:\RavMon.exe: Trojan.Agent-1914 FOUND C:\WINDOWS\: Trojan.Agent-1915 FOUND C:\WINDOWS\SVCHOST.EXE: Trojan.Agent-1914 FOUND D:\RavMon.exe: Trojan.Agent-1914 FOUND F:\RavMon.exe: Trojan.Agent-1914 FOUND F je USB disk ----------- SCAN SUMMARY ----------- Known viruses: 210466 Engine version: 0.92 Scanned directories: 3072 Scanned files: 36446 Skipped non-executable files: 1725 Infected files: 5 Data scanned: 21577.19 MB Time: 16582.297 sec (276 m 22 s) -------------------------------------- Completed -------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:09:22, on 15.02.08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe F:\PortableApps\Any Password\AnyPass.exe C:\Documents and Settings\miki\Desktop\Trojanci\TR3.exe.exe O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{40444292-17F2-42E9-8940-B36F8B658A4B}: NameServer = 212.200.191.166 212.200.190.166 O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe I

Profil

DEMIAN Poslao: 15 Feb 2008 15:00 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

mkmiki Poslao: 15 Feb 2008 16:15 Idi na vrh
offline mkmiki Novi MyCity građanin Pridružio: 15 Feb 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam siguran da je moj odgovor otisao posto mi je pukla veza te ga saljem ponovo Pozdrav Miroslav ComboFix 08-02-15.2 - miki 2008-02-15 15:22:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.237 [GMT 1:00] Running from: C:\Documents and Settings\miki\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\svchost.ini C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))) . 2008-02-15 13:14 . 2006-05-25 10:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-02-15 13:13 . 2008-02-15 13:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-02-15 10:09 . 2008-02-15 10:09 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-15 00:14 . 2008-02-15 00:14 <DIR> d-------- C:\Documents and Settings\miki\Application Data\FaxCtr 2008-02-15 00:04 . 2008-02-15 00:04 <DIR> d-------- C:\Program Files\ClamWin 2008-02-15 00:04 . 2008-02-15 00:05 <DIR> d-------- C:\Documents and Settings\miki\Application Data\.clamwin 2008-02-15 00:04 . 2008-02-15 00:04 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2008-02-14 23:36 . 2008-02-14 23:37 <DIR> d-------- C:\Documents and Settings\natasa\Application Data\Winamp 2008-02-14 23:28 . 2008-02-14 23:28 <DIR> d-------- C:\Documents and Settings\natasa\Application Data\FaxCtr 2008-02-14 23:19 . 2008-02-14 23:19 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-02-14 23:11 . 2008-02-14 23:13 <DIR> d-------- C:\Program Files\Winamp 2008-02-14 23:11 . 2008-02-14 23:16 <DIR> d-------- C:\Documents and Settings\miki\Application Data\Winamp 2008-02-14 22:56 . 2008-02-14 22:56 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-14 22:42 . 2008-02-14 22:42 <DIR> d-------- C:\Documents and Settings\miki\Application Data\Lexmark Imaging Studio 2008-02-14 22:16 . 2008-02-14 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-02-14 22:05 . 2008-02-15 15:16 <DIR> d-------- C:\Program Files\lx_cats 2008-02-14 22:05 . 2008-02-14 22:05 <DIR> d-------- C:\logs 2008-02-14 22:05 . 2007-01-10 06:13 692,224 --a------ C:\WINDOWS\system32\lxdddrs.dll 2008-02-14 22:05 . 2007-01-19 02:00 331,776 --a------ C:\WINDOWS\system32\lxddcoin.dll 2008-02-14 22:05 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-02-14 22:05 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-02-14 22:05 . 2006-10-07 06:08 69,632 --a------ C:\WINDOWS\system32\lxddcnv4.dll 2008-02-14 22:05 . 2007-01-24 08:40 65,536 --a------ C:\WINDOWS\system32\lxddcaps.dll 2008-02-14 22:05 . 2006-05-18 15:47 40,960 --a------ C:\WINDOWS\system32\lxddvs.dll 2008-02-14 22:05 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-02-14 22:05 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-02-14 22:04 . 2008-02-14 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-02-14 22:04 . 2006-06-01 04:51 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2008-02-14 22:04 . 2006-06-01 04:51 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2008-02-14 22:04 . 2006-06-01 04:51 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL 2008-02-14 22:04 . 2006-06-01 04:51 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL 2008-02-14 22:04 . 2006-06-01 04:51 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL 2008-02-14 22:04 . 2007-02-02 10:16 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL 2008-02-14 22:04 . 2006-11-08 00:02 36,864 --a------ C:\WINDOWS\system32\lxf3oem.dll 2008-02-14 22:04 . 2007-02-02 10:15 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL 2008-02-14 22:04 . 2007-02-02 10:19 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-14 23:05 --------- d-----w C:\Documents and Settings\miki\Application Data\.clamwin 2008-02-14 21:10 --------- d-----w C:\Program Files\Lexmark Toolbar 2008-02-14 21:05 --------- d-----w C:\Program Files\Lexmark 2500 Series 2008-02-14 21:04 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2008-02-14 20:58 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-02-14 20:45 --------- d-----w C:\Program Files\MT882 2008-02-14 20:38 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-02-14 20:38 --------- d-----w C:\Program Files\Mv2Player 2008-02-14 20:38 --------- d-----w C:\Program Files\Audio3v2 2008-02-14 20:37 --------- d-----w C:\Program Files\Webteh 2008-02-14 20:35 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-14 20:35 --------- d-----w C:\Program Files\Ahead 2008-02-14 20:32 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-14 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 20:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-14 20:17 --------- d-----w C:\Program Files\Analog Devices 2008-02-14 20:08 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll 2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 15:50 98304] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-13 00:58 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-06 00:32 20480] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 01:00 312240] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 23:05 102400] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376] "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-20 22:08 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 00:59] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-02-15 15:23:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-15 15:23:42 ComboFix-quarantined-files.txt 2008-02-15 14:23:28

Profil

DEMIAN Poslao: 15 Feb 2008 17:20 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Miroslave i izvini što si čekao toliko. Trebalo mi je neko dodatno vreme za analizu. Uradi sledeće: Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

mkmiki Poslao: 15 Feb 2008 18:02 Idi na vrh
offline mkmiki Novi MyCity građanin Pridružio: 15 Feb 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije problem za cekanje evo log fajla ComboFix 08-02-15.2 - miki 2008-02-15 17:44:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.230 [GMT 1:00] Running from: C:\Documents and Settings\miki\Desktop\Trojanci\ComboFix.exe Command switches used :: C:\Documents and Settings\miki\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))) . 2008-02-15 13:14 . 2006-05-25 10:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-02-15 13:13 . 2008-02-15 13:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-02-15 10:09 . 2008-02-15 10:09 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-15 00:14 . 2008-02-15 00:14 <DIR> d-------- C:\Documents and Settings\miki\Application Data\FaxCtr 2008-02-15 00:04 . 2008-02-15 00:04 <DIR> d-------- C:\Program Files\ClamWin 2008-02-15 00:04 . 2008-02-15 00:05 <DIR> d-------- C:\Documents and Settings\miki\Application Data\.clamwin 2008-02-15 00:04 . 2008-02-15 00:04 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2008-02-14 23:36 . 2008-02-14 23:37 <DIR> d-------- C:\Documents and Settings\natasa\Application Data\Winamp 2008-02-14 23:28 . 2008-02-14 23:28 <DIR> d-------- C:\Documents and Settings\natasa\Application Data\FaxCtr 2008-02-14 23:19 . 2008-02-14 23:19 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-02-14 23:11 . 2008-02-14 23:13 <DIR> d-------- C:\Program Files\Winamp 2008-02-14 23:11 . 2008-02-14 23:16 <DIR> d-------- C:\Documents and Settings\miki\Application Data\Winamp 2008-02-14 22:56 . 2008-02-14 22:56 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-14 22:42 . 2008-02-14 22:42 <DIR> d-------- C:\Documents and Settings\miki\Application Data\Lexmark Imaging Studio 2008-02-14 22:16 . 2008-02-14 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-02-14 22:05 . 2008-02-15 15:16 <DIR> d-------- C:\Program Files\lx_cats 2008-02-14 22:05 . 2008-02-14 22:05 <DIR> d-------- C:\logs 2008-02-14 22:05 . 2007-01-10 06:13 692,224 --a------ C:\WINDOWS\system32\lxdddrs.dll 2008-02-14 22:05 . 2007-01-19 02:00 331,776 --a------ C:\WINDOWS\system32\lxddcoin.dll 2008-02-14 22:05 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-02-14 22:05 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-02-14 22:05 . 2006-10-07 06:08 69,632 --a------ C:\WINDOWS\system32\lxddcnv4.dll 2008-02-14 22:05 . 2007-01-24 08:40 65,536 --a------ C:\WINDOWS\system32\lxddcaps.dll 2008-02-14 22:05 . 2006-05-18 15:47 40,960 --a------ C:\WINDOWS\system32\lxddvs.dll 2008-02-14 22:05 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-02-14 22:05 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-02-14 22:04 . 2008-02-14 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-02-14 22:04 . 2006-06-01 04:51 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2008-02-14 22:04 . 2006-06-01 04:51 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2008-02-14 22:04 . 2006-06-01 04:51 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL 2008-02-14 22:04 . 2006-06-01 04:51 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL 2008-02-14 22:04 . 2006-06-01 04:51 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL 2008-02-14 22:04 . 2007-02-02 10:16 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL 2008-02-14 22:04 . 2006-11-08 00:02 36,864 --a------ C:\WINDOWS\system32\lxf3oem.dll 2008-02-14 22:04 . 2007-02-02 10:15 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL 2008-02-14 22:04 . 2007-02-02 10:19 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-14 23:05 --------- d-----w C:\Documents and Settings\miki\Application Data\.clamwin 2008-02-14 21:10 --------- d-----w C:\Program Files\Lexmark Toolbar 2008-02-14 21:05 --------- d-----w C:\Program Files\Lexmark 2500 Series 2008-02-14 21:04 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2008-02-14 20:58 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-02-14 20:45 --------- d-----w C:\Program Files\MT882 2008-02-14 20:38 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-02-14 20:38 --------- d-----w C:\Program Files\Mv2Player 2008-02-14 20:38 --------- d-----w C:\Program Files\Audio3v2 2008-02-14 20:37 --------- d-----w C:\Program Files\Webteh 2008-02-14 20:35 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-14 20:35 --------- d-----w C:\Program Files\Ahead 2008-02-14 20:32 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-14 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 20:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-14 20:17 --------- d-----w C:\Program Files\Analog Devices 2008-02-14 20:08 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll 2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 15:50 98304] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-13 00:58 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-06 00:32 20480] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 01:00 312240] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 23:05 102400] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376] "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-20 22:08 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 00:59] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32] Newly Created Service - ISDRV120 . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-02-15 17:45:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-15 17:45:47 ComboFix-quarantined-files.txt 2008-02-15 16:45:39 ComboFix2.txt 2008-02-15 14:23:43

Profil

DEMIAN Poslao: 15 Feb 2008 18:19 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi li koristio/pokretao možda IceSword anti-rootkit u međuvremenu ?

Profil

mkmiki Poslao: 15 Feb 2008 18:25 Idi na vrh
offline mkmiki Novi MyCity građanin Pridružio: 15 Feb 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! da samo informativno pozdrav Miroslav

Profil

DEMIAN Poslao: 15 Feb 2008 18:37 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

mkmiki Poslao: 15 Feb 2008 19:09 Idi na vrh
offline mkmiki Novi MyCity građanin Pridružio: 15 Feb 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam gore navedenu proceduru i deinstaliro combofix. Nocas cu ponovo skenirati pc antivirusnim programo pa ce mo videti izvestaj. U svakom slucaju hvala na vremenu i znaju koje ste posvetili mom problemu.Obzirom da sam prvi put na forumu divim se vasem strpljenju i energiji koju ulazete da bi pomogli drugima . Pozdrav Miroslav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kako se osloboditi trojnaca

Ko je trenutno na forumu

Ukupno su 1221 korisnika na forumu :: 86 registrovanih, 10 sakrivenih i 1125 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 04bokibole, 9191vs, aleph_one, ALEXV, ArmFPGA, Arni, Banovo Brdo, Belac91, blatruc82, Bojan198527, bojcistv, branko87, Bubimir, Buzdovan, darkdruid72, Dekanovic, deLacy, dexteroza, Dioniss, Djokislav, Djuza, Draganac, dzoni19, Ezbuck, feanor, Georgius, Haris, Jakonjveliki, Josip77, Karaula, kreker, Levi, Marko Marković, Maschinekalibar, mercedesamg, milanpb, mile.ilic75, Milometer, mkukoleca, moldway, mux, Naj-Turs, nekdo, nikolapetkovic, olinadccs, Pekman, Permaldar, Podgoritza, Povratak1912, Profesor_018, proka89, RajkoB, rodoljub, Rumba King, samsung, sap, sasa87, savaskytec, Seeker, Shinobi, Sirius, Sitan_Lopov, Skakac7, skok, stegonosa, Tas011, TheBeastOfMG, theNedjeljko, tihi-posmatrac, Tihi86, Tila Painen, Tribal, Valter071, varda, Vasilije Budović, vathra, vidra boy, vidra1, Vladimir90, vladulns, wizzardone, wolf1, x9, yufighter, zdrebac, Zmaj Tolak

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by