MyCity » Ambulanta -> Arhiva Ambulante » Trojan horse Packed.Protector.C

Trojan horse Packed.Protector.C

Napisano na dan: 10.12.2009

Strana:
1
2

Trojan horse Packed.Protector.C

Sledeća strana

Pagination

Odgovori

Strana:
1
2

goran2222 Poslao: 10 Dec 2009 14:44 Idi na vrh
offline goran2222 Novi MyCity građanin Pridružio: 03 Mar 2004 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Molim vas za pomoc oko sledeceg. AVG mi je izbacio da je pronasao :Trojan horse Packed.Protector.C AVG ne moze da ga ocisti ,kao ni Ad-Aware , Spybot - Search & Destroy,Malwarebytes' Anti-Malware,a-squared Free. Ja sam svoje znanje ispucao pa bih molio za pomoc. Jako cesto se pojavljuju prozorcici koji konstatujuci virus,ne primecujem promene u radu racunara. Imam kablovski internet brzine 512Kbs.Sa modema se prenosi bezicnim ruterom TP-Link. DDS (Ver_09-12-01.01) - NTFSx86 Run by Dusan at 11:11:36.79 on Thu 12/10/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2585 [GMT 1:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\acs.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\sentryPM\TokenManager\spmTMSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe c:\windows\explorer.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\WFXSVC.EXE C:\WINDOWS\system32\CNAB4RPK.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\TP-LINK\TP-LINK Draft N Wireless Client Utility\11NWCU.exe C:\WINDOWS\system32\SafeSignCertReg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\sentryPM\TokenManager\spmTMcertManager.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe C:\Program Files\sentryPM\TokenManager\spmTMStatusMonitor.exe C:\Documents and Settings\Dusan\Desktop\Karantin\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8 uInternet Settings,ProxyServer = ftp=91.185.96.74:8080;http=91.185.96.74:8080;https=91.185.96.74:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mWinlogon: Shell=c:\windows\explorer.exe mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [WinAlarm] c:\program files\winalarm\WinAlarm.exe mRun: [11NWCU] "c:\program files\tp-link\tp-link draft n wireless client utility\11NWCU.exe" -nogui mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [CertificateRegistration] SafeSignCertReg.exe mRun: [jswtrayutil] "c:\program files\tp-link\tp-link wireless n client utility\jswtrayutil.exe" mRun: [RTHDCPL] RTHDCPL.EXE StartupFolder: c:\documents and settings\dusan\start menu\programs\startup\siszyd32.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\certif~1.lnk - c:\program files\sentrypm\tokenmanager\spmTMcertManager.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tokenm~1.lnk - c:\windows\installer\{b4b92b76-0da6-4113-81f1-7b9b03cf9c3d}\_832A49388BF5A28D13058D.exe IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239088105546 DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab TCP: {1A714912-79C7-4574-AE86-B877A6279F70} = 91.185.96.85 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: jkkHWmmM - jkkHWmmM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\symantec\winfax\WfxSeh32.Dll LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnkJbXr mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dusan\applic~1\mozilla\firefox\profiles\z6maowk0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?\|http://www.kurir-info.rs/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\dusan\application data\mozilla\firefox\profiles\z6maowk0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\opera\program\plugins\np_gp.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-9 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-28 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-23 108552] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-5 1858144] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-6 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-23 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912] R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2007-10-12 686592] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2009-6-24 114304] R3 ham50;Intel HaM Data Fax Voice;c:\windows\system32\drivers\ham50.sys [2007-11-7 365853] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-2-8 57344] S2 gupdate1c998eff6a73ef2;Google Update Service (gupdate1c998eff6a73ef2);c:\program files\google\update\GoogleUpdate.exe [2009-2-27 133104] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?] S3 Alivcwutfl;Alivcwutfl; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-7 1684736] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\tp-link\tp-link wireless n client utility\jswpsapi.exe [2009-2-8 352338] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2002-8-2 32512] S3 S1dddac;S1dddac; [x] =============== Created Last 30 ================ 2009-12-09 20:25:41 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-12-07 20:25:07 358944 ----a-w- c:\windows\vncutil.exe 2009-12-07 20:25:04 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2009-12-07 20:25:04 129568 ----a-w- c:\windows\RtkAudioService.exe 2009-12-07 20:25:03 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys 2009-12-07 20:25:03 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys 2009-12-07 20:17:21 0 d-----w- c:\docume~1\dusan\applic~1\Desktopicon 2009-12-07 19:00:12 14048 ------w- c:\windows\system32\spmsg2.dll 2009-12-05 19:23:58 0 d-----w- c:\program files\a-squared Free 2009-12-05 19:06:44 0 d-----w- c:\docume~1\dusan\applic~1\Malwarebytes 2009-12-05 19:06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-05 19:06:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-05 19:06:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-05 19:06:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-03 17:22:52 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-12-03 17:22:45 4 ----a-w- c:\docume~1\dusan\applic~1\avdrn.dat 2009-11-20 13:45:16 0 d-----w- c:\program files\RAR Password Recovery Magic 2009-11-19 21:01:15 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-11-11 08:38:17 23392 ----a-w- c:\windows\system32\nscompat.tlb 2009-11-11 08:38:17 16832 ----a-w- c:\windows\system32\amcompat.tlb 2009-11-10 17:28:36 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-11-10 17:28:36 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-10 17:28:28 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2009-11-10 17:28:28 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys ==================== Find3M ==================== 2009-12-09 20:36:36 185856 ----a-w- c:\windows\system32\wbem\framedyn.dll 2009-12-09 06:07:34 148768 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-12-01 11:10:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-11-20 16:00:38 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-11-17 19:27:14 84512 ----a-w- c:\windows\SOUNDMAN.EXE 2009-11-17 19:27:14 1833504 ----a-w- c:\windows\SkyTel.exe 2009-11-17 19:27:08 9721888 ----a-w- c:\windows\RTLCPL.EXE 2009-11-17 19:27:08 1489440 ----a-w- c:\windows\RtlUpd.exe 2009-11-17 19:27:02 18789408 ----a-w- c:\windows\RTHDCPL.EXE 2009-11-17 19:26:56 2177568 ----a-w- c:\windows\MicCal.exe 2009-11-17 19:26:50 64032 ----a-w- c:\windows\ALCMTR.EXE 2009-11-17 19:26:50 2815520 ----a-w- c:\windows\ALCWZRD.EXE 2009-11-17 18:51:38 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-11-05 06:15:53 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-05 06:15:45 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-02 12:48:02 831488 ----a-w- c:\windows\RtlExUpd.dll 2006-03-20 13:37:52 5689344 ----a-w- c:\program files\mplayerc.exe 2009-01-07 22:10:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010720090108\index.dat ============= FINISH: 11:11:58.73 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png [url=http://www.mycity.rs/slika.php?slika=1175_45016165_untitled.JPG][img]http://www.mycity.rs/thumbs/1175_tmb_45016165_untitled.JPG[/img][/url]

Profil

helen1 Poslao: 10 Dec 2009 15:04 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

goran2222 Poslao: 10 Dec 2009 17:28 Idi na vrh
offline goran2222 Novi MyCity građanin Pridružio: 03 Mar 2004 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upravo je skeniran sa ComboFix-om a dole je log. ComboFix 09-12-09.04 - Dusan 12/10/2009 16:23:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2883 [GMT 1:00] Running from: c:\documents and settings\Dusan\Desktop\Karantin\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dusan\Application Data\Desktopicon c:\documents and settings\Dusan\Start Menu\Programs\Startup\siszyd32.exe c:\program files\WinPCap c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\Uninstall.exe c:\windows\system32\AutoRun.inf c:\windows\system32\config\systemprofile\av_md.exe c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\system32\drivers\atmapi.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\wdjeylse.ini c:\windows\system32\wpcap.dll D:\AUTORUN.INF Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 ))))))))))))))))))))))))))))))) . 2009-12-09 20:25 . 2009-12-09 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-07 20:25 . 2009-11-17 19:27 358944 ----a-w- c:\windows\vncutil.exe 2009-12-07 20:25 . 2009-11-17 19:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2009-12-07 20:25 . 2009-11-17 19:27 129568 ----a-w- c:\windows\RtkAudioService.exe 2009-12-07 20:25 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys 2009-12-07 20:25 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys 2009-12-07 19:00 . 2009-12-07 19:00 -------- d-----w- c:\program files\Reference Assemblies 2009-12-07 19:00 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-05 19:23 . 2009-12-07 14:14 -------- d-----w- c:\program files\a-squared Free 2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\Dusan\Application Data\Malwarebytes 2009-12-05 19:06 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-05 19:06 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-05 16:17 . 2009-12-05 16:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-03 17:22 . 2009-12-04 06:47 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-11-22 19:14 . 2009-11-22 19:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software 2009-11-20 13:45 . 2009-11-23 18:00 -------- d-----w- c:\program files\RAR Password Recovery Magic 2009-11-19 21:01 . 2009-11-19 21:01 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-11-10 17:28 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-11-10 17:28 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-10 17:28 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2009-11-10 17:28 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-10 15:10 . 2007-07-27 17:34 313936 -c--a-w- c:\documents and settings\Dusan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-09 20:36 . 2007-07-27 15:18 185856 ----a-w- c:\windows\system32\wbem\framedyn.dll 2009-12-09 20:34 . 2007-09-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-07 20:25 . 2007-07-27 15:34 -------- d-----w- c:\program files\Realtek 2009-12-07 19:08 . 2009-10-24 06:58 -------- d-----w- c:\program files\nLite 2009-12-07 18:18 . 2007-11-23 05:49 72686909 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-12-07 16:43 . 2008-05-22 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-12-05 18:15 . 2009-12-04 06:47 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat 2009-12-03 17:22 . 2009-12-03 17:22 4 ----a-w- c:\documents and settings\Dusan\Application Data\avdrn.dat 2009-12-01 18:31 . 2007-07-27 17:41 -------- d-----w- c:\program files\Google 2009-12-01 11:10 . 2007-07-28 17:08 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-11-29 13:48 . 2007-11-07 19:41 -------- d-----w- c:\program files\Symantec 2009-11-28 09:00 . 2007-08-03 23:28 -------- d-----w- c:\documents and settings\Dusan\Application Data\Skype 2009-11-28 08:57 . 2008-01-26 14:46 -------- d-----w- c:\documents and settings\Dusan\Application Data\skypePM 2009-11-25 21:03 . 2009-03-31 20:40 -------- d-----w- c:\program files\Magic Video Converter 2009-11-25 20:55 . 2009-06-22 19:54 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe 2009-11-25 20:55 . 2009-06-26 12:31 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll 2009-11-25 20:55 . 2009-06-26 12:31 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll 2009-11-25 20:55 . 2009-11-05 06:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll 2009-11-25 20:55 . 2009-06-26 12:31 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll 2009-11-25 20:55 . 2009-06-01 19:48 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll 2009-11-25 20:55 . 2009-06-22 19:54 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll 2009-11-25 20:54 . 2009-06-01 19:44 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll 2009-11-25 20:54 . 2009-06-01 19:44 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll 2009-11-25 20:54 . 2009-06-26 12:31 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll 2009-11-25 20:54 . 2009-09-21 19:42 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe 2009-11-25 20:54 . 2009-06-26 12:31 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2009-11-25 20:54 . 2009-06-26 12:30 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2009-11-25 20:54 . 2009-06-22 19:50 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-11-25 20:54 . 2009-06-22 19:45 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2009-11-25 20:53 . 2009-06-22 19:44 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2009-11-20 16:00 . 2008-11-28 16:15 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-11-20 15:45 . 2007-07-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-11-17 21:37 . 2008-11-23 22:57 -------- d-----w- c:\program files\TuneUp Utilities 2008 2009-11-17 19:27 . 2007-07-27 15:34 84512 ----a-w- c:\windows\SOUNDMAN.EXE 2009-11-17 19:27 . 2007-07-27 15:34 1833504 ----a-w- c:\windows\SkyTel.exe 2009-11-17 19:27 . 2007-07-27 15:34 1489440 ----a-w- c:\windows\RtlUpd.exe 2009-11-17 19:27 . 2007-07-27 15:34 9721888 ----a-w- c:\windows\RTLCPL.EXE 2009-11-17 19:27 . 2007-07-27 15:34 18789408 ----a-w- c:\windows\RTHDCPL.EXE 2009-11-17 19:26 . 2007-07-27 15:34 2177568 ----a-w- c:\windows\MicCal.exe 2009-11-17 19:26 . 2007-07-27 15:34 64032 ----a-w- c:\windows\ALCMTR.EXE 2009-11-17 19:26 . 2007-07-27 15:34 2815520 ----a-w- c:\windows\ALCWZRD.EXE 2009-11-17 18:51 . 2007-07-27 15:34 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-11-17 13:36 . 2008-02-22 12:42 80 -c-ha-r- c:\windows\ssystda.dat 2009-11-11 08:37 . 2007-07-29 12:02 -------- d-----w- c:\program files\DivX 2009-11-11 08:36 . 2009-11-06 15:17 -------- d-----w- c:\program files\Windows Media Connect 2 2009-11-11 08:28 . 2007-09-25 18:52 -------- d-----w- c:\program files\ElcomSoft 2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys 2009-11-05 06:15 . 2009-11-05 06:15 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll 2009-11-05 06:15 . 2009-06-01 19:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe 2009-11-05 06:15 . 2009-02-09 21:41 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-05 06:15 . 2009-11-05 06:15 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\VipreBridge.dll 2009-11-05 06:15 . 2009-11-05 06:15 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Vipre.dll 2009-11-05 06:15 . 2009-11-05 06:15 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBTE.dll 2009-11-05 06:15 . 2009-11-05 06:15 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBRE.dll 2009-11-05 06:14 . 2009-06-26 12:31 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll 2009-11-04 20:45 . 2009-11-04 20:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-04 15:49 . 2008-05-29 20:47 313936 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-02 12:48 . 2007-07-27 15:33 831488 ----a-w- c:\windows\RtlExUpd.dll 2009-10-25 16:11 . 2007-09-30 23:57 10 ----a-w- c:\windows\popcinfo.dat 2009-10-08 21:44 . 2009-10-08 21:44 177024 ----a-w- c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\FlashGot.exe 2009-10-03 08:15 . 2009-11-04 20:45 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-09-23 12:55 . 2009-02-09 20:41 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-21 19:42 . 2009-09-21 19:42 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll 2009-09-21 19:42 . 2009-03-05 14:29 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys 2009-09-21 19:42 . 2009-03-05 14:28 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe 2009-09-21 19:42 . 2009-06-22 19:47 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe 2006-03-20 13:37 . 2007-07-28 08:04 5689344 ----a-w- c:\program files\mplayerc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-26 08:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe -start" [X] "11NWCU"="c:\program files\TP-LINK\TP-LINK Draft N Wireless Client Utility\11NWCU.exe -nogui" [X] "snpstd"="c:\windows\vsnpstd.exe" [2006-08-23 339968] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-25 2029336] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "WinAlarm"="c:\program files\WinAlarm\WinAlarm.exe" [2007-12-26 353280] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-25 788880] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672] "jswtrayutil"="c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe" [2008-01-11 41045] "RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Certificate Manager.lnk - c:\program files\sentryPM\TokenManager\spmTMcertManager.exe [2005-9-24 45056] Token Manager.lnk - c:\windows\Installer\{B4B92B76-0DA6-4113-81F1-7B9B03CF9C3D}\_832A49388BF5A28D13058D.exe [2009-7-25 26694] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-31 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWmmM] 2004-08-04 01:07 24576 ----a-w- c:\windows\system32\jkkhwmmm.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "WinFaxAppPortStarter"=wfxsnt40.exe "FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033 "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/9/2009 21:41 64288] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/21/2008 6:35 642560] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 0:13 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 0:13 108552] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/5/2009 20:23 1858144] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/6/2008 22:27 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2008 0:13 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 1184912] R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/12/2007 18:30 686592] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [6/24/2009 10:16 114304] R3 ham50;Intel HaM Data Fax Voice;c:\windows\system32\drivers\ham50.sys [11/7/2007 20:22 365853] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/8/2009 12:56 57344] S2 gupdate1c998eff6a73ef2;Google Update Service (gupdate1c998eff6a73ef2);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2009 16:27 133104] S3 Alivcwutfl;Alivcwutfl; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/7/2009 21:25 1684736] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe [2/8/2009 12:56 352338] S3 S1dddac;S1dddac; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = ftp=91.185.96.74:8080;http=91.185.96.74:8080;https=91.185.96.74:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {1A714912-79C7-4574-AE86-B877A6279F70} = 91.185.96.85 DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab FF - ProfilePath - c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?\|http://www.kurir-info.rs/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-12-10 16:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe >>UNKNOWN [0x8B03D5D0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> 0x8b03d5d0 \Driver\ACPI -> ACPI.sys @ 0xba677cb8 \Driver\atapi -> atapi.sys @ 0xba60cb40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: TP-LINK Draft N Wireless Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba4e4bd4 PacketIndicateHandler -> NDIS.sys @ 0xba4f0a21 SendHandler -> NDIS.sys @ 0xba4e4d44 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-926492609-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&31ad995d&0\LogConf] @DACL=(02 0000) "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\ "BootConfig"=hex(:01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00, 00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1420) c:\windows\system32\jkkHWmmM.dll c:\windows\system32\spmcsp32.dll c:\windows\system32\spmtkpin.dll c:\windows\system32\spmp1132.dll c:\windows\system32\spmTMlang.dll - - - - - - - > 'explorer.exe'(2120) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\SCardSvr.exe c:\windows\system32\acs.exe c:\program files\sentryPM\TokenManager\spmTMSvc.exe c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe c:\windows\system32\crypserv.exe c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\InstallShield\UpdateService\issch.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\WFXSVC.EXE c:\program files\Symantec\WinFax\WFXMOD32.EXE c:\windows\system32\RUNDLL32.EXE c:\windows\system32\CNAB4RPK.EXE c:\windows\system32\SafeSignCertReg.exe c:\windows\RTHDCPL.EXE c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2009-12-10 16:31:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-10 15:31 Pre-Run: 12,303,507,456 bytes free Post-Run: 12,188,545,024 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - E21735ED38FBE5991354A8BAF829CFAD

Profil

helen1 Poslao: 11 Dec 2009 00:21 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi: c:\windows\system32\spmcsp32.dll preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

goran2222 Poslao: 11 Dec 2009 13:26 Idi na vrh
offline goran2222 Novi MyCity građanin Pridružio: 03 Mar 2004 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve je u redu fajl je otisao.

Profil

helen1 Poslao: 11 Dec 2009 13:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\fjhdyfhsn.bat c:\documents and settings\NetworkService\Application Data\fvgqad.dat c:\documents and settings\Dusan\Application Data\avdrn.dat c:\windows\system32\jkkhwmmm.dll Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWmmM] Driver:: Alivcwutfl S1dddac` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

goran2222 Poslao: 12 Dec 2009 08:07 Idi na vrh
offline goran2222 Novi MyCity građanin Pridružio: 03 Mar 2004 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-12-11.01 - Dusan 12/12/2009 0:37.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2847 [GMT 1:00] Running from: c:\documents and settings\Dusan\Desktop\Karantin\ComboFix.exe Command switches used :: c:\documents and settings\Dusan\Desktop\Karantin\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\documents and settings\Dusan\Application Data\avdrn.dat" "c:\documents and settings\NetworkService\Application Data\fvgqad.dat" "c:\windows\system32\fjhdyfhsn.bat" "c:\windows\system32\jkkhwmmm.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dusan\Application Data\avdrn.dat c:\documents and settings\NetworkService\Application Data\fvgqad.dat c:\windows\system32\fjhdyfhsn.bat c:\windows\system32\jkkhwmmm.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ALIVCWUTFL -------\Service_Alivcwutfl -------\Service_S1dddac ((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 ))))))))))))))))))))))))))))))) . 2009-12-09 20:25 . 2009-12-09 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-07 20:25 . 2009-11-17 19:27 358944 ----a-w- c:\windows\vncutil.exe 2009-12-07 20:25 . 2009-11-17 19:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2009-12-07 20:25 . 2009-11-17 19:27 129568 ----a-w- c:\windows\RtkAudioService.exe 2009-12-07 20:25 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys 2009-12-07 20:25 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys 2009-12-07 19:00 . 2009-12-07 19:00 -------- d-----w- c:\program files\Reference Assemblies 2009-12-07 19:00 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-05 19:23 . 2009-12-07 14:14 -------- d-----w- c:\program files\a-squared Free 2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\Dusan\Application Data\Malwarebytes 2009-12-05 19:06 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-05 19:06 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-05 16:17 . 2009-12-05 16:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-11-22 19:14 . 2009-11-22 19:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software 2009-11-20 13:45 . 2009-11-23 18:00 -------- d-----w- c:\program files\RAR Password Recovery Magic 2009-11-19 21:01 . 2009-11-19 21:01 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-10 18:50 . 2008-05-22 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-12-10 15:10 . 2007-07-27 17:34 313936 -c--a-w- c:\documents and settings\Dusan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-09 20:36 . 2007-07-27 15:18 185856 ----a-w- c:\windows\system32\wbem\framedyn.dll 2009-12-09 20:34 . 2007-09-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-07 20:25 . 2007-07-27 15:34 -------- d-----w- c:\program files\Realtek 2009-12-07 19:08 . 2009-10-24 06:58 -------- d-----w- c:\program files\nLite 2009-12-07 18:18 . 2007-11-23 05:49 72686909 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-12-01 18:31 . 2007-07-27 17:41 -------- d-----w- c:\program files\Google 2009-12-01 11:10 . 2007-07-28 17:08 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-11-29 13:48 . 2007-11-07 19:41 -------- d-----w- c:\program files\Symantec 2009-11-28 09:00 . 2007-08-03 23:28 -------- d-----w- c:\documents and settings\Dusan\Application Data\Skype 2009-11-28 08:57 . 2008-01-26 14:46 -------- d-----w- c:\documents and settings\Dusan\Application Data\skypePM 2009-11-25 21:03 . 2009-03-31 20:40 -------- d-----w- c:\program files\Magic Video Converter 2009-11-25 20:55 . 2009-06-22 19:54 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe 2009-11-25 20:55 . 2009-06-26 12:31 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll 2009-11-25 20:55 . 2009-06-26 12:31 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll 2009-11-25 20:55 . 2009-11-05 06:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll 2009-11-25 20:55 . 2009-06-26 12:31 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll 2009-11-25 20:55 . 2009-06-01 19:48 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll 2009-11-25 20:55 . 2009-06-22 19:54 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll 2009-11-25 20:54 . 2009-06-01 19:44 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll 2009-11-25 20:54 . 2009-06-01 19:44 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll 2009-11-25 20:54 . 2009-06-26 12:31 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll 2009-11-25 20:54 . 2009-09-21 19:42 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe 2009-11-25 20:54 . 2009-06-26 12:31 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2009-11-25 20:54 . 2009-06-26 12:30 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2009-11-25 20:54 . 2009-06-22 19:50 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-11-25 20:54 . 2009-06-22 19:45 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2009-11-25 20:53 . 2009-06-22 19:44 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2009-11-20 16:00 . 2008-11-28 16:15 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-11-20 15:45 . 2007-07-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-11-17 21:37 . 2008-11-23 22:57 -------- d-----w- c:\program files\TuneUp Utilities 2008 2009-11-17 19:27 . 2007-07-27 15:34 84512 ----a-w- c:\windows\SOUNDMAN.EXE 2009-11-17 19:27 . 2007-07-27 15:34 1833504 ----a-w- c:\windows\SkyTel.exe 2009-11-17 19:27 . 2007-07-27 15:34 1489440 ----a-w- c:\windows\RtlUpd.exe 2009-11-17 19:27 . 2007-07-27 15:34 9721888 ----a-w- c:\windows\RTLCPL.EXE 2009-11-17 19:27 . 2007-07-27 15:34 18789408 ----a-w- c:\windows\RTHDCPL.EXE 2009-11-17 19:26 . 2007-07-27 15:34 2177568 ----a-w- c:\windows\MicCal.exe 2009-11-17 19:26 . 2007-07-27 15:34 64032 ----a-w- c:\windows\ALCMTR.EXE 2009-11-17 19:26 . 2007-07-27 15:34 2815520 ----a-w- c:\windows\ALCWZRD.EXE 2009-11-17 18:51 . 2007-07-27 15:34 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-11-17 13:36 . 2008-02-22 12:42 80 -c-ha-r- c:\windows\ssystda.dat 2009-11-11 08:37 . 2007-07-29 12:02 -------- d-----w- c:\program files\DivX 2009-11-11 08:36 . 2009-11-06 15:17 -------- d-----w- c:\program files\Windows Media Connect 2 2009-11-11 08:28 . 2007-09-25 18:52 -------- d-----w- c:\program files\ElcomSoft 2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys 2009-11-05 06:15 . 2009-11-05 06:15 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll 2009-11-05 06:15 . 2009-06-01 19:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe 2009-11-05 06:15 . 2009-02-09 21:41 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-05 06:15 . 2009-11-05 06:15 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\VipreBridge.dll 2009-11-05 06:15 . 2009-11-05 06:15 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Vipre.dll 2009-11-05 06:15 . 2009-11-05 06:15 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBTE.dll 2009-11-05 06:15 . 2009-11-05 06:15 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBRE.dll 2009-11-05 06:14 . 2009-06-26 12:31 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll 2009-11-04 20:45 . 2009-11-04 20:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-04 15:49 . 2008-05-29 20:47 313936 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-02 12:48 . 2007-07-27 15:33 831488 ----a-w- c:\windows\RtlExUpd.dll 2009-10-25 16:11 . 2007-09-30 23:57 10 ----a-w- c:\windows\popcinfo.dat 2009-10-08 21:44 . 2009-10-08 21:44 177024 ----a-w- c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\FlashGot.exe 2009-10-03 08:15 . 2009-11-04 20:45 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-09-23 12:55 . 2009-02-09 20:41 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-21 19:42 . 2009-09-21 19:42 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll 2009-09-21 19:42 . 2009-03-05 14:29 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys 2009-09-21 19:42 . 2009-03-05 14:28 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe 2009-09-21 19:42 . 2009-06-22 19:47 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe 2006-03-20 13:37 . 2007-07-28 08:04 5689344 ----a-w- c:\program files\mplayerc.exe . ((((((((((((((((((((((((((((( SnapShot@2009-12-10_15.28.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-11 23:43 . 2009-12-11 23:43 16384 c:\windows\Temp\Perflib_Perfdata_42c.dat + 2007-08-18 09:23 . 2009-12-11 06:35 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2007-08-18 09:23 . 2009-08-27 09:03 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2007-07-27 15:20 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll + 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2007-07-27 15:20 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll + 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-26 08:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "snpstd"="c:\windows\vsnpstd.exe" [2006-08-23 339968] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-25 2029336] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "WinAlarm"="c:\program files\WinAlarm\WinAlarm.exe" [2007-12-26 353280] "11NWCU"="c:\program files\TP-LINK\TP-LINK Draft N Wireless Client Utility\11NWCU.exe" [2007-08-21 499852] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-25 788880] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672] "jswtrayutil"="c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe" [2008-01-11 41045] "RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Certificate Manager.lnk - c:\program files\sentryPM\TokenManager\spmTMcertManager.exe [2005-9-24 45056] Token Manager.lnk - c:\windows\Installer\{B4B92B76-0DA6-4113-81F1-7B9B03CF9C3D}\_832A49388BF5A28D13058D.exe [2009-7-25 26694] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-31 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "WinFaxAppPortStarter"=wfxsnt40.exe "FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033 "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/9/2009 21:41 64288] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/21/2008 6:35 642560] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 0:13 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 0:13 108552] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/5/2009 20:23 1858144] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/6/2008 22:27 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2008 0:13 297752] R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/12/2007 18:30 686592] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [6/24/2009 10:16 114304] R3 ham50;Intel HaM Data Fax Voice;c:\windows\system32\drivers\ham50.sys [11/7/2007 20:22 365853] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/8/2009 12:56 57344] S2 gupdate1c998eff6a73ef2;Google Update Service (gupdate1c998eff6a73ef2);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2009 16:27 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 1184912] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/7/2009 21:25 1684736] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe [2/8/2009 12:56 352338] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = ftp=91.185.96.74:8080;http=91.185.96.74:8080;https=91.185.96.74:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {1A714912-79C7-4574-AE86-B877A6279F70} = 91.185.96.85 DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab FF - ProfilePath - c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?\|http://www.kurir-info.rs/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-12-12 07:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe >>UNKNOWN [0x8B03D5D0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> 0x8b03d5d0 \Driver\ACPI -> ACPI.sys @ 0xba677cb8 \Driver\atapi -> atapi.sys @ 0xba60cb40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: TP-LINK Draft N Wireless Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba4e4bd4 PacketIndicateHandler -> NDIS.sys @ 0xba4f0a21 SendHandler -> NDIS.sys @ 0xba4e4d44 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-926492609-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&31ad995d&0\LogConf] @DACL=(02 0000) "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\ "BootConfig"=hex(:01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00, 00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1420) c:\windows\system32\l3codeca.acm c:\windows\system32\divxa32.acm c:\windows\system32\vorbis.acm c:\windows\system32\lameACM.acm c:\windows\system32\IEFRAME.dll - - - - - - - > 'explorer.exe'(3956) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\SCardSvr.exe c:\windows\system32\acs.exe c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe c:\windows\system32\crypserv.exe c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\WFXSVC.EXE c:\program files\Symantec\WinFax\WFXMOD32.EXE c:\windows\system32\CNAB4RPK.EXE c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\SafeSignCertReg.exe c:\windows\RTHDCPL.EXE . ************************************************************************* . Completion time: 2009-12-12 08:00:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-12 07:00 ComboFix2.txt 2009-12-10 15:31 Pre-Run: 12,164,079,616 bytes free Post-Run: 13,083,648,000 bytes free - - End Of File - - 263C183AD4E6E2D662FF736878BDB123

Profil

helen1 Poslao: 12 Dec 2009 09:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

goran2222 Poslao: 12 Dec 2009 12:55 Idi na vrh
offline goran2222 Novi MyCity građanin Pridružio: 03 Mar 2004 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upravo sam procesljao AVG-om C:\WINDOWS folder i nista nje pronadjeno. Hvala. Predpostavljam da mogu da sklonim folder sa log.-ovima i sam ComboFix. Procitao sam na ovom forumu da ga ne treba koristiti samostalno pa se pridrzavam preporuke. Najlepse hvala na trudu, vremenu i pomoci. Pozdrav

Profil

helen1 Poslao: 12 Dec 2009 13:02 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan horse Packed.Protector.C

Ko je trenutno na forumu

Ukupno su 892 korisnika na forumu :: 38 registrovanih, 5 sakrivenih i 849 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., AC-DC, Battlehammer, bojank, bojcistv, Boris90, BSD, cavatina, Denaya, DPera, Dvojac005, GandorCC, Georgius, gorican, h8propaganda, HrcAk47, Ivica1102, Karla, ksyyaj, ljuba, Lubica, marsovac 2, mercedesamg, Mi lao shu, mikrimaus, milenko crazy north, MrNo, nemkea71, powSrb, Rogan33, stegonosa, Sumadija34, vaso1, VP6919, yrraf, YU-UKI, |_MeD_|, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by