MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Problem sa virusima

Napisano na dan: 9.11.2008

Strana:
1
2

Problem sa virusima

Sledeća strana

Pagination

Odgovori

Strana:
1
2

z.stojanovska Poslao: 09 Nov 2008 13:31 Idi na vrh
offline z.stojanovska Novi MyCity građanin Pridružio: 26 Mar 2008 Poruke: 25 Gde živiš: Skopje,Macedonia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam sina koji svasta radi po netu. Online igrice, neki hm hm sajtovi ??? Pokupio svasta na kompjuteru. Imali smo nekolliko antivirus programa. svi su poceli otkazivati pa smo instalirali drugi i nista ni su nasli. Spyware terminator je pronasaa nekoliko trojanca. Sad imamo NOD 32 i nista ne pokazuje. Drugi anti virusni su se kocili verovatno zbog infekcije. kasperski nikako nismo mogli da ga instaliramo ponovojer se pojavljivao neki prozorcic koji se palio i gasio i nesto nabrzake pokazivao windows\32 i nisam mogla da procitam sta je bas to. I tako. Kako ocistiti komp? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:20:27, on 09.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\winhost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Common Files\VideoMate\ComproRemote.exe C:\Program Files\Common Files\VideoMate\ComproScheduler.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Zaki\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [WinHosts] C:\WINDOWS\system32\winhost.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [70b4fc22] rundll32.exe "C:\WINDOWS\system32\gugqscip.dll",b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe O4 - Global Startup: ComproScheduler.lnk = C:\Program Files\Common Files\VideoMate\ComproScheduler.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: TweakYC.lnk = C:\Program Files\VideoMate\ComproPVR 2\TweakYC.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.0.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDC7B82-148E-4916-AACF-62E95DA2B0F0}: NameServer = 62.162.32.8 62.162.32.5 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: ????????P O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- End of file - 10818 bytes

Profil

dr_Bora Poslao: 09 Nov 2008 13:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom miša na Anti Trojan Elite ikonicu ( ) u donjem, desnom uglu ekrana i izaberi opciju Quit. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

z.stojanovska Poslao: 09 Nov 2008 15:22 Idi na vrh
offline z.stojanovska Novi MyCity građanin Pridružio: 26 Mar 2008 Poruke: 25 Gde živiš: Skopje,Macedonia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo log-a. Nakon restartiranja (reboot-a) NOD 32 i Anti Trojan Elite su se sami ukljucili valjda tako treba. ComboFix 08-11-07.01 - Zaki 2008-11-09 15:04:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.159 [GMT 1:00] Running from: c:\downloads\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\VirusRemover2008 c:\program files\VirusRemover2008\Viruses.bdt c:\windows\Downloaded Program Files\setup.inf c:\windows\dxtmechk c:\windows\Fonts\gjcscss.dll c:\windows\Fonts\gjcuaxw.fon c:\windows\system32\atbryvfx.dll c:\windows\system32\bihaskmk.ini c:\windows\system32\gugqscip.dll c:\windows\system32\lltcrnpn.dll c:\windows\system32\mnTwvyxx.ini c:\windows\system32\mnTwvyxx.ini2 c:\windows\system32\picsqgug.ini c:\windows\system32\qrjsaunx.dll c:\windows\system32\qtudgdbg.dll c:\windows\system32\REGKEY.hiv c:\windows\system32\vtUkjiij.dll c:\windows\system32\xxyvwTnm.dll c:\windows\system32\yebngoid.dll c:\windows\system32\yljuntpm.dll . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-09 14:41 . 2008-11-09 14:48 <DIR> d-------- c:\program files\Anti Trojan Elite 2008-11-09 11:17 . 2008-11-09 11:17 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-08 19:00 . 2008-11-08 19:00 <DIR> d-------- c:\program files\ESET 2008-11-08 14:29 . 2008-11-08 14:29 79,018 --------- c:\windows\hpfins05.dat.temp 2008-11-08 14:29 . 2005-05-24 02:19 1,395 --------- c:\windows\hpfmdl05.dat.temp 2008-11-08 13:09 . 2008-11-08 13:08 60,416 --a------ c:\windows\system32\winhost.exe 2008-11-08 13:08 . 2008-11-08 13:08 60,416 --a------ c:\documents and settings\All Users\Application Data\FreeApp.exe 2008-11-07 19:11 . 2008-11-07 19:11 0 --a------ C:\dl_run_client4.exe 2008-11-07 19:11 . 2008-11-07 19:11 0 --a------ C:\dl_run_client1.exe 2008-11-07 19:11 . 2008-11-07 19:11 0 --a------ C:\diamond_1.1652.0.exe 2008-11-02 21:45 . 2008-11-02 21:45 <DIR> d-------- c:\program files\Windows Live Favorites 2008-11-02 21:45 . 2008-11-03 09:44 <DIR> d-------- c:\documents and settings\Zaki\Contacts 2008-11-02 21:44 . 2008-11-02 21:45 <DIR> d-------- c:\program files\Windows Live Toolbar 2008-11-02 21:44 . 2008-11-02 21:44 <DIR> d-------- c:\program files\Real 2008-11-02 21:44 . 2008-11-02 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar 2008-11-02 21:43 . 2008-11-02 21:43 <DIR> d-------- c:\program files\MSN Messenger 2008-11-02 20:30 . 2008-11-02 21:32 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-11-02 20:29 . 2008-11-02 20:29 <DIR> d-------- c:\program files\Windows Live 2008-11-02 20:29 . 2008-11-02 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-02 20:16 . 2008-11-02 20:16 1,374 --a------ c:\windows\imsins.BAK 2008-11-02 18:26 . 2008-11-02 18:26 <DIR> d-------- c:\program files\KONAMI 2008-11-01 17:57 . 2008-11-01 17:57 <DIR> d-------- c:\program files\PlayFirst 2008-11-01 17:57 . 2008-11-01 17:57 <DIR> d-------- c:\program files\eGames 2008-11-01 17:55 . 2008-11-01 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(3) 2008-11-01 14:32 . 2008-11-01 17:57 <DIR> d-------- c:\program files\a-squared Anti-Malware 2008-10-30 23:00 . 2008-11-01 17:38 <DIR> d-------- c:\program files\Trojan Remover 2008-10-30 10:44 . 2008-11-01 17:37 <DIR> d-------- c:\documents and settings\Zaki\Application Data\Simply Super Software 2008-10-30 10:44 . 2008-10-30 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-10-30 10:44 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-10-30 10:44 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\unrar3.dll 2008-10-30 10:44 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-10-30 10:44 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-10-30 10:44 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-10-29 20:29 . 2008-10-29 22:49 <DIR> d-------- c:\program files\Crawler 2008-10-26 16:22 . 2008-10-26 16:22 3,596 --a------ c:\windows\system32\PerfStringBackup.TMP 2008-10-22 18:54 . 2008-10-22 18:54 189 --a------ c:\windows\?®AVSCAN-20081022-195420-3430BF31.avp 2008-10-13 13:21 . 2008-10-13 13:21 <DIR> d-------- c:\windows\Sun 2008-10-12 16:11 . 2008-11-09 15:12 <DIR> d-------- c:\documents and settings\Zaki\Application Data\OpenOffice.org2 2008-10-12 16:06 . 2008-10-12 16:06 <DIR> d-------- c:\program files\OpenOffice.org 2.4 2008-10-12 16:06 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-12 16:05 . 2008-10-28 09:19 <DIR> d-------- c:\program files\Java 2008-10-12 16:05 . 2008-10-12 16:05 <DIR> d-------- c:\program files\Common Files\Java 2008-10-12 13:27 . 2008-10-12 13:27 <DIR> d-------- c:\program files\uTorrent 2008-10-12 13:27 . 2008-11-09 14:37 <DIR> d-------- c:\documents and settings\Zaki\Application Data\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 14:04 --------- d-----w c:\documents and settings\Zaki\Application Data\Skype 2008-11-09 12:18 --------- d-----w c:\documents and settings\Zaki\Application Data\skypePM 2008-11-08 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-08 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-06 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-11-05 17:00 --------- d-----w c:\program files\Norton Security Scan 2008-11-03 19:50 --------- d-----w c:\program files\BitComet 2008-11-02 17:28 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 16:55 --------- d-----w c:\program files\Agatha Christie Peril At End House 2008-10-31 21:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-10-31 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-10-29 17:01 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-03 19:26 --------- d-----w c:\program files\VSO 2008-10-03 19:26 --------- d-----w c:\program files\D-Tools 2008-09-26 15:03 --------- d-----w c:\program files\QuickTime 2008-09-26 15:02 --------- d-----w c:\program files\Disney Interactive 2008-09-19 16:21 --------- d-----w c:\program files\MathXpert . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F233D99-B03A-4c4d-8CAB-D14ACE8671AD}] 2007-09-21 12:09 548864 --a------ c:\program files\Searchkut\Deskbar\deskbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112] "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2001-08-23 77891] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-13 1450096] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2008-04-16 863232] "WinHosts"="c:\windows\system32\winhost.exe" [2008-11-08 60416] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE] c:\documents and settings\Zaki\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-06-10 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2006-01-16 139264] ComproScheduler.lnk - c:\program files\Common Files\VideoMate\ComproScheduler.exe [2006-01-16 65536] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] TweakYC.lnk - c:\program files\VideoMate\ComproPVR 2\TweakYC.exe [2006-01-16 516096] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2003-12-19 10:53 65024 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Downloads\\utorrent.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10172:TCP"= 10172:TCP:BitComet 10172 TCP "10172:UDP"= 10172:UDP:BitComet 10172 UDP R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969] R3 Cap7134;VideoMate TV Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2005-04-14 354048] R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-04-20 19840] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-04-04 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-04-04 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2007-04-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-04-04 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2007-04-04 98952] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;c:\windows\system32\DRIVERS\USRpdA.sys [2001-08-17 113762] . Contents of the 'Scheduled Tasks' folder 2008-11-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] 2008-11-05 c:\windows\Tasks\Norton Security Scan for Zaki.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18] . - - - - ORPHANS REMOVED - - - - BHO-{020122CC-0AAA-4846-A7DB-49E7DDC75A4d} - c:\windows\system32\lltcrnpn.dll BHO-{593B25D7-AD7D-4CF5-B386-539A4ED3F77D} - c:\windows\system32\xxyvwTnm.dll WebBrowser-{10022D38-A411-4B13-A746-C2A4F4EC7344} - (no file) HKLM-Run-70b4fc22 - c:\windows\system32\gugqscip.dll ShellExecuteHooks-{b29351f1-a856-4c7e-b998-df864997d47e} - c:\windows\system32\ayDABDAB1052.dll ShellExecuteHooks-{3be976db-b807-4251-81e8-38997856f675} - c:\windows\system32\fCBDCBD1033.dll ShellExecuteHooks-{3FA10261-B890-F432-A453-69F1023513F3} - c:\windows\system32\gjcscyc.dll ShellExecuteHooks-{dc70f871-9266-4403-9938-1a4882039a26} - c:\windows\system32\ayVUFVUF1008.dll ShellExecuteHooks-{2266b6fb-9308-47b6-8c05-b5eb7d7d5d51} - c:\windows\system32\ayKAEKAE1050.dll ShellExecuteHooks-{662aac99-c7bb-407e-ba43-3f418bf51c24} - c:\windows\system32\ayQACQAC1026.dll Notify-pmnnNhiG - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/ R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie O8 -: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm O8 -: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm O8 -: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 -: Crawler Search - tbr:iemenu O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{FBDC7B82-148E-4916-AACF-62E95DA2B0F0}: NameServer = 62.162.32.8 62.162.32.5 O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx c:\windows\Downloaded Program Files\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx c:\windows\Downloaded Program Files\armhelper.ocx . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-09 15:12:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run WinHosts = c:\windows\system32\winhost.exe?????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\WgaTray.exe . ************************************************************************ . Completion time: 2008-11-09 15:16:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-09 14:16:34 Pre-Run: 53.542.342.656 bytes free Post-Run: 53,891,571,712 bytes free 252 --- E O F --- 2008-03-21 06:31:43

Profil

dr_Bora Poslao: 09 Nov 2008 15:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\winhost.exe c:\documents and settings\All Users\Application Data\FreeApp.exe C:\dl_run_client4.exe C:\dl_run_client1.exe C:\diamond_1.1652.0.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinHosts"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

z.stojanovska Poslao: 09 Nov 2008 16:00 Idi na vrh
offline z.stojanovska Novi MyCity građanin Pridružio: 26 Mar 2008 Poruke: 25 Gde živiš: Skopje,Macedonia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-07.01 - Zaki 2008-11-09 15:04:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.159 [GMT 1:00] Running from: c:\downloads\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\VirusRemover2008 c:\program files\VirusRemover2008\Viruses.bdt c:\windows\Downloaded Program Files\setup.inf c:\windows\dxtmechk c:\windows\Fonts\gjcscss.dll c:\windows\Fonts\gjcuaxw.fon c:\windows\system32\atbryvfx.dll c:\windows\system32\bihaskmk.ini c:\windows\system32\gugqscip.dll c:\windows\system32\lltcrnpn.dll c:\windows\system32\mnTwvyxx.ini c:\windows\system32\mnTwvyxx.ini2 c:\windows\system32\picsqgug.ini c:\windows\system32\qrjsaunx.dll c:\windows\system32\qtudgdbg.dll c:\windows\system32\REGKEY.hiv c:\windows\system32\vtUkjiij.dll c:\windows\system32\xxyvwTnm.dll c:\windows\system32\yebngoid.dll c:\windows\system32\yljuntpm.dll . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-09 14:41 . 2008-11-09 14:48 <DIR> d-------- c:\program files\Anti Trojan Elite 2008-11-09 11:17 . 2008-11-09 11:17 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-08 19:00 . 2008-11-08 19:00 <DIR> d-------- c:\program files\ESET 2008-11-08 14:29 . 2008-11-08 14:29 79,018 --------- c:\windows\hpfins05.dat.temp 2008-11-08 14:29 . 2005-05-24 02:19 1,395 --------- c:\windows\hpfmdl05.dat.temp 2008-11-08 13:09 . 2008-11-08 13:08 60,416 --a------ c:\windows\system32\winhost.exe 2008-11-08 13:08 . 2008-11-08 13:08 60,416 --a------ c:\documents and settings\All Users\Application Data\FreeApp.exe 2008-11-07 19:11 . 2008-11-07 19:11 0 --a------ C:\dl_run_client4.exe 2008-11-07 19:11 . 2008-11-07 19:11 0 --a------ C:\dl_run_client1.exe 2008-11-07 19:11 . 2008-11-07 19:11 0 --a------ C:\diamond_1.1652.0.exe 2008-11-02 21:45 . 2008-11-02 21:45 <DIR> d-------- c:\program files\Windows Live Favorites 2008-11-02 21:45 . 2008-11-03 09:44 <DIR> d-------- c:\documents and settings\Zaki\Contacts 2008-11-02 21:44 . 2008-11-02 21:45 <DIR> d-------- c:\program files\Windows Live Toolbar 2008-11-02 21:44 . 2008-11-02 21:44 <DIR> d-------- c:\program files\Real 2008-11-02 21:44 . 2008-11-02 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar 2008-11-02 21:43 . 2008-11-02 21:43 <DIR> d-------- c:\program files\MSN Messenger 2008-11-02 20:30 . 2008-11-02 21:32 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-11-02 20:29 . 2008-11-02 20:29 <DIR> d-------- c:\program files\Windows Live 2008-11-02 20:29 . 2008-11-02 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-02 20:16 . 2008-11-02 20:16 1,374 --a------ c:\windows\imsins.BAK 2008-11-02 18:26 . 2008-11-02 18:26 <DIR> d-------- c:\program files\KONAMI 2008-11-01 17:57 . 2008-11-01 17:57 <DIR> d-------- c:\program files\PlayFirst 2008-11-01 17:57 . 2008-11-01 17:57 <DIR> d-------- c:\program files\eGames 2008-11-01 17:55 . 2008-11-01 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(3) 2008-11-01 14:32 . 2008-11-01 17:57 <DIR> d-------- c:\program files\a-squared Anti-Malware 2008-10-30 23:00 . 2008-11-01 17:38 <DIR> d-------- c:\program files\Trojan Remover 2008-10-30 10:44 . 2008-11-01 17:37 <DIR> d-------- c:\documents and settings\Zaki\Application Data\Simply Super Software 2008-10-30 10:44 . 2008-10-30 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-10-30 10:44 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-10-30 10:44 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\unrar3.dll 2008-10-30 10:44 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-10-30 10:44 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-10-30 10:44 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-10-29 20:29 . 2008-10-29 22:49 <DIR> d-------- c:\program files\Crawler 2008-10-26 16:22 . 2008-10-26 16:22 3,596 --a------ c:\windows\system32\PerfStringBackup.TMP 2008-10-22 18:54 . 2008-10-22 18:54 189 --a------ c:\windows\?®AVSCAN-20081022-195420-3430BF31.avp 2008-10-13 13:21 . 2008-10-13 13:21 <DIR> d-------- c:\windows\Sun 2008-10-12 16:11 . 2008-11-09 15:12 <DIR> d-------- c:\documents and settings\Zaki\Application Data\OpenOffice.org2 2008-10-12 16:06 . 2008-10-12 16:06 <DIR> d-------- c:\program files\OpenOffice.org 2.4 2008-10-12 16:06 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-12 16:05 . 2008-10-28 09:19 <DIR> d-------- c:\program files\Java 2008-10-12 16:05 . 2008-10-12 16:05 <DIR> d-------- c:\program files\Common Files\Java 2008-10-12 13:27 . 2008-10-12 13:27 <DIR> d-------- c:\program files\uTorrent 2008-10-12 13:27 . 2008-11-09 14:37 <DIR> d-------- c:\documents and settings\Zaki\Application Data\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 14:04 --------- d-----w c:\documents and settings\Zaki\Application Data\Skype 2008-11-09 12:18 --------- d-----w c:\documents and settings\Zaki\Application Data\skypePM 2008-11-08 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-08 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-06 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-11-05 17:00 --------- d-----w c:\program files\Norton Security Scan 2008-11-03 19:50 --------- d-----w c:\program files\BitComet 2008-11-02 17:28 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 16:55 --------- d-----w c:\program files\Agatha Christie Peril At End House 2008-10-31 21:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-10-31 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-10-29 17:01 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-03 19:26 --------- d-----w c:\program files\VSO 2008-10-03 19:26 --------- d-----w c:\program files\D-Tools 2008-09-26 15:03 --------- d-----w c:\program files\QuickTime 2008-09-26 15:02 --------- d-----w c:\program files\Disney Interactive 2008-09-19 16:21 --------- d-----w c:\program files\MathXpert . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F233D99-B03A-4c4d-8CAB-D14ACE8671AD}] 2007-09-21 12:09 548864 --a------ c:\program files\Searchkut\Deskbar\deskbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112] "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2001-08-23 77891] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-13 1450096] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2008-04-16 863232] "WinHosts"="c:\windows\system32\winhost.exe" [2008-11-08 60416] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE] c:\documents and settings\Zaki\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-06-10 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2006-01-16 139264] ComproScheduler.lnk - c:\program files\Common Files\VideoMate\ComproScheduler.exe [2006-01-16 65536] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] TweakYC.lnk - c:\program files\VideoMate\ComproPVR 2\TweakYC.exe [2006-01-16 516096] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2003-12-19 10:53 65024 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Downloads\\utorrent.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10172:TCP"= 10172:TCP:BitComet 10172 TCP "10172:UDP"= 10172:UDP:BitComet 10172 UDP R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969] R3 Cap7134;VideoMate TV Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2005-04-14 354048] R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-04-20 19840] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-04-04 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-04-04 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2007-04-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-04-04 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2007-04-04 98952] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;c:\windows\system32\DRIVERS\USRpdA.sys [2001-08-17 113762] . Contents of the 'Scheduled Tasks' folder 2008-11-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] 2008-11-05 c:\windows\Tasks\Norton Security Scan for Zaki.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18] . - - - - ORPHANS REMOVED - - - - BHO-{020122CC-0AAA-4846-A7DB-49E7DDC75A4d} - c:\windows\system32\lltcrnpn.dll BHO-{593B25D7-AD7D-4CF5-B386-539A4ED3F77D} - c:\windows\system32\xxyvwTnm.dll WebBrowser-{10022D38-A411-4B13-A746-C2A4F4EC7344} - (no file) HKLM-Run-70b4fc22 - c:\windows\system32\gugqscip.dll ShellExecuteHooks-{b29351f1-a856-4c7e-b998-df864997d47e} - c:\windows\system32\ayDABDAB1052.dll ShellExecuteHooks-{3be976db-b807-4251-81e8-38997856f675} - c:\windows\system32\fCBDCBD1033.dll ShellExecuteHooks-{3FA10261-B890-F432-A453-69F1023513F3} - c:\windows\system32\gjcscyc.dll ShellExecuteHooks-{dc70f871-9266-4403-9938-1a4882039a26} - c:\windows\system32\ayVUFVUF1008.dll ShellExecuteHooks-{2266b6fb-9308-47b6-8c05-b5eb7d7d5d51} - c:\windows\system32\ayKAEKAE1050.dll ShellExecuteHooks-{662aac99-c7bb-407e-ba43-3f418bf51c24} - c:\windows\system32\ayQACQAC1026.dll Notify-pmnnNhiG - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/ R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie O8 -: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm O8 -: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm O8 -: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 -: Crawler Search - tbr:iemenu O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{FBDC7B82-148E-4916-AACF-62E95DA2B0F0}: NameServer = 62.162.32.8 62.162.32.5 O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx c:\windows\Downloaded Program Files\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx c:\windows\Downloaded Program Files\armhelper.ocx . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-09 15:12:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run WinHosts = c:\windows\system32\winhost.exe?????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\WgaTray.exe . ************************************************************************ . Completion time: 2008-11-09 15:16:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-09 14:16:34 Pre-Run: 53.542.342.656 bytes free Post-Run: 53,891,571,712 bytes free 252 --- E O F --- 2008-03-21 06:31:43

Profil

dr_Bora Poslao: 09 Nov 2008 16:05 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je stari logfile. Kada ispratiš gore dato uputstvo, na kraju procesa ćeš dobiti novi log koji treba ovde iskopirati.

Profil

z.stojanovska Poslao: 09 Nov 2008 17:01 Idi na vrh
offline z.stojanovska Novi MyCity građanin Pridružio: 26 Mar 2008 Poruke: 25 Gde živiš: Skopje,Macedonia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jes to mi je slucajno otislo ponovo. Nego nema mi ikonice sa desktop-a. Osatlo je na bittorrentu ali mi se nije instalirala ikonica na desktop. Sta dalje Dopuna: 09 Nov 2008 16:14 Ono sa CFScript sam odradila Dopuna: 09 Nov 2008 16:19 Eto postavila sam ikonicu . Dali treba da se izgubi CFScript kad ga prevucem kako to normalno treba da bude. Kod mene ja ga prevucem a on stoji na svoje mesto. Jel to u redu? Dopuna: 09 Nov 2008 17:01 ComboFix 08-11-07.01 - Zaki 2008-11-09 16:20:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.196 [GMT 1:00] Running from: c:\documents and settings\Zaki\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Zaki\Desktop\CFScript.txt.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\diamond_1.1652.0.exe C:\dl_run_client1.exe C:\dl_run_client4.exe c:\documents and settings\All Users\Application Data\FreeApp.exe c:\windows\system32\winhost.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\diamond_1.1652.0.exe C:\dl_run_client1.exe C:\dl_run_client4.exe c:\documents and settings\All Users\Application Data\FreeApp.exe c:\windows\system32\winhost.exe . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-09 14:41 . 2008-11-09 14:48 <DIR> d-------- c:\program files\Anti Trojan Elite 2008-11-09 11:17 . 2008-11-09 11:17 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-08 19:00 . 2008-11-08 19:00 <DIR> d-------- c:\program files\ESET 2008-11-08 14:29 . 2008-11-08 14:29 79,018 --------- c:\windows\hpfins05.dat.temp 2008-11-08 14:29 . 2005-05-24 02:19 1,395 --------- c:\windows\hpfmdl05.dat.temp 2008-11-02 21:45 . 2008-11-02 21:45 <DIR> d-------- c:\program files\Windows Live Favorites 2008-11-02 21:45 . 2008-11-03 09:44 <DIR> d-------- c:\documents and settings\Zaki\Contacts 2008-11-02 21:44 . 2008-11-02 21:45 <DIR> d-------- c:\program files\Windows Live Toolbar 2008-11-02 21:44 . 2008-11-02 21:44 <DIR> d-------- c:\program files\Real 2008-11-02 21:44 . 2008-11-02 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar 2008-11-02 21:43 . 2008-11-02 21:43 <DIR> d-------- c:\program files\MSN Messenger 2008-11-02 20:30 . 2008-11-02 21:32 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-11-02 20:29 . 2008-11-02 20:29 <DIR> d-------- c:\program files\Windows Live 2008-11-02 20:29 . 2008-11-02 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-02 20:16 . 2008-11-02 20:16 1,374 --a------ c:\windows\imsins.BAK 2008-11-02 18:26 . 2008-11-02 18:26 <DIR> d-------- c:\program files\KONAMI 2008-11-01 17:57 . 2008-11-01 17:57 <DIR> d-------- c:\program files\PlayFirst 2008-11-01 17:57 . 2008-11-01 17:57 <DIR> d-------- c:\program files\eGames 2008-11-01 17:55 . 2008-11-01 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(3) 2008-11-01 14:32 . 2008-11-01 17:57 <DIR> d-------- c:\program files\a-squared Anti-Malware 2008-10-30 23:00 . 2008-11-01 17:38 <DIR> d-------- c:\program files\Trojan Remover 2008-10-30 10:44 . 2008-11-01 17:37 <DIR> d-------- c:\documents and settings\Zaki\Application Data\Simply Super Software 2008-10-30 10:44 . 2008-10-30 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-10-30 10:44 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-10-30 10:44 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\unrar3.dll 2008-10-30 10:44 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-10-30 10:44 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-10-30 10:44 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-10-29 20:29 . 2008-10-29 22:49 <DIR> d-------- c:\program files\Crawler 2008-10-26 16:22 . 2008-10-26 16:22 3,596 --a------ c:\windows\system32\PerfStringBackup.TMP 2008-10-22 18:54 . 2008-10-22 18:54 189 --a------ c:\windows\?®AVSCAN-20081022-195420-3430BF31.avp 2008-10-13 13:21 . 2008-10-13 13:21 <DIR> d-------- c:\windows\Sun 2008-10-12 16:11 . 2008-11-09 16:54 <DIR> d-------- c:\documents and settings\Zaki\Application Data\OpenOffice.org2 2008-10-12 16:06 . 2008-10-12 16:06 <DIR> d-------- c:\program files\OpenOffice.org 2.4 2008-10-12 16:06 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-12 16:05 . 2008-10-28 09:19 <DIR> d-------- c:\program files\Java 2008-10-12 16:05 . 2008-10-12 16:05 <DIR> d-------- c:\program files\Common Files\Java 2008-10-12 13:27 . 2008-10-12 13:27 <DIR> d-------- c:\program files\uTorrent 2008-10-12 13:27 . 2008-11-09 14:37 <DIR> d-------- c:\documents and settings\Zaki\Application Data\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 15:16 --------- d-----w c:\documents and settings\Zaki\Application Data\Skype 2008-11-09 12:18 --------- d-----w c:\documents and settings\Zaki\Application Data\skypePM 2008-11-08 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-08 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-06 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-11-05 17:00 --------- d-----w c:\program files\Norton Security Scan 2008-11-03 19:50 --------- d-----w c:\program files\BitComet 2008-11-02 17:28 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 16:55 --------- d-----w c:\program files\Agatha Christie Peril At End House 2008-10-31 21:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-10-31 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-10-29 17:01 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-03 19:26 --------- d-----w c:\program files\VSO 2008-10-03 19:26 --------- d-----w c:\program files\D-Tools 2008-09-26 15:03 --------- d-----w c:\program files\QuickTime 2008-09-26 15:02 --------- d-----w c:\program files\Disney Interactive 2008-09-19 16:21 --------- d-----w c:\program files\MathXpert . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F233D99-B03A-4c4d-8CAB-D14ACE8671AD}] 2007-09-21 12:09 548864 --a------ c:\program files\Searchkut\Deskbar\deskbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112] "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2001-08-23 77891] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-13 1450096] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2008-04-16 863232] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE] c:\documents and settings\Zaki\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-06-10 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2006-01-16 139264] ComproScheduler.lnk - c:\program files\Common Files\VideoMate\ComproScheduler.exe [2006-01-16 65536] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] TweakYC.lnk - c:\program files\VideoMate\ComproPVR 2\TweakYC.exe [2006-01-16 516096] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2003-12-19 10:53 65024 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Downloads\\utorrent.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10172:TCP"= 10172:TCP:BitComet 10172 TCP "10172:UDP"= 10172:UDP:BitComet 10172 UDP R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969] R3 Cap7134;VideoMate TV Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2005-04-14 354048] R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-04-20 19840] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-04-04 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-04-04 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2007-04-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-04-04 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2007-04-04 98952] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;c:\windows\system32\DRIVERS\USRpdA.sys [2001-08-17 113762] . Contents of the 'Scheduled Tasks' folder 2008-11-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] 2008-11-05 c:\windows\Tasks\Norton Security Scan for Zaki.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-09 16:53:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\WgaTray.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2008-11-09 16:56:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-09 15:56:47 ComboFix2.txt 2008-11-09 14:16:42 Pre-Run: 54.471.729.152 bytes free Post-Run: 54,454,710,272 bytes free 198 --- E O F --- 2008-03-21 06:31:43

Profil

dr_Bora Poslao: 09 Nov 2008 17:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

z.stojanovska Poslao: 09 Nov 2008 17:43 Idi na vrh
offline z.stojanovska Novi MyCity građanin Pridružio: 26 Mar 2008 Poruke: 25 Gde živiš: Skopje,Macedonia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dali je sve u redu? Primetila sam da nisam prethodno deaktivirala NOD-a i Anti Elite. Probacu opet. Dopuna: 09 Nov 2008 17:34 Pa valjda je OK> dali je bilo problema sto nisam deaktivirala gorenavedene ili to je bilo potrebn samo za HIjack-a? Dopuna: 09 Nov 2008 17:42 Dobro je. Nego mi sad nece nigde pojaviti USB. Kad ga stavim u komp ne pojavljuje se vise found new device. Nema nista i u my computer. Nemogu si poslati dokument jer ga nema i u send to. USB na komp komsije radi a kod mene ne. Dopuna: 09 Nov 2008 17:43 Sto se sad desilo.

Profil

dr_Bora Poslao: 09 Nov 2008 17:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix je isključio autorun, no usb uređaji bi trebalo da budu vidljivi u My Computer. Od kada taj problem postoji? Da li su npr. juče ti uređaji bili detektovani? Jesi li probala restartovati kompjuter i videti da li tada radi?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Ko je trenutno na forumu

Ukupno su 745 korisnika na forumu :: 7 registrovanih, 2 sakrivenih i 736 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Dorcolac, goxin, Lazarus, MikeHammer, mnn2, sasa76, Shilok

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by