MyCity » Ambulanta -> Arhiva Ambulante » pregled logofile

pregled logofile

Napisano na dan: 26.3.2008

pregled logofile

Sledeća strana

Pagination

Odgovori

trifko86 Poslao: 26 Mar 2008 20:12 Idi na vrh
offline trifko86 Zaslužni građanin Zanimam se ;) Pridružio: 30 Jul 2005 Poruke: 689 Gde živiš: Teslić	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav molio bih vas da provjerite ovaj logfile. Radi se od laptopu ledi se i resetu je se i jako je usporio u radu, skeniran je kaspersky-im on je našao par trojanaca, ad-aware-om je isto skeniran i on je našao nešto gamadi i očistio. Problem je što komp. nije moj nego od prijateljice pa tako da ne znam ništa više o simptomima. Logfile of HijackThis v1.99.1 Scan saved at 19:59:26, on 26.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Euro'Splet\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) R3 - URLSearchHook: DFX Community Toolbar - {48f270ae-42ea-4ace-8ee2-7c99a454fe49} - C:\Program Files\DFX_Community\tbDFX_.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DFX Community Toolbar - {48f270ae-42ea-4ace-8ee2-7c99a454fe49} - C:\Program Files\DFX_Community\tbDFX_.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {D39DE44A-70EC-433A-B136-27B58D0A3534} - C:\WINDOWS\system32\vtsqr.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) O3 - Toolbar: DFX Community Toolbar - {48f270ae-42ea-4ace-8ee2-7c99a454fe49} - C:\Program Files\DFX_Community\tbDFX_.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....6161727968 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0b672edc359ae936.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B64C36F9-A75C-4FA7-A8B5-A94A692E1370}: NameServer = 217.23.192.9 217.23.192.14 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: ljjjhfg - ljjjhfg.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Profil

dr_Bora Poslao: 27 Mar 2008 06:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Uploaduj mi file: C:\Program Files\DFX_Community\tbDFX_.dll preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Fix Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

trifko86 Poslao: 31 Mar 2008 20:21 Idi na vrh
offline trifko86 Zaslužni građanin Zanimam se ;) Pridružio: 30 Jul 2005 Poruke: 689 Gde živiš: Teslić	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uplodovo sam onaj fajl. a logo fajlovi će biti Dopuna: 31 Mar 2008 0:31 VundoFix V6.7.0 Checking Java version... Java version is 1.5.0.11 Scan started at 0:15:46 6.12.2007 Listing files found while scanning.... C:\windows\system32\atewfamp.ini C:\windows\system32\awqygbwn.dll C:\WINDOWS\system32\fdlgmoii.dll C:\WINDOWS\system32\fwxqcrkh.ini C:\WINDOWS\system32\hkrcqxwf.dll C:\WINDOWS\system32\iiomgldf.ini C:\WINDOWS\system32\iwuoclkn.dll C:\windows\system32\iwypfuet.ini C:\WINDOWS\system32\ljjjhfg.dll C:\WINDOWS\system32\mncdqtxt.dll C:\windows\system32\nklcouwi.ini C:\windows\system32\nwbgyqwa.ini C:\WINDOWS\system32\pmafweta.dll C:\windows\system32\rqstv.bak1 C:\windows\system32\rqstv.bak2 C:\windows\system32\rqstv.ini C:\windows\system32\rqstv.ini2 C:\windows\system32\rqstv.tmp C:\windows\system32\rtcpvmqs.ini C:\WINDOWS\system32\sqmvpctr.dll C:\windows\system32\teufpywi.dll C:\WINDOWS\system32\vtsqr.dll C:\windows\system32\wpxgsmry.ini C:\WINDOWS\system32\yrmsgxpw.dll Beginning removal... Attempting to delete C:\windows\system32\atewfamp.ini C:\windows\system32\atewfamp.ini Has been deleted! Attempting to delete C:\windows\system32\awqygbwn.dll C:\windows\system32\awqygbwn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fdlgmoii.dll C:\WINDOWS\system32\fdlgmoii.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fwxqcrkh.ini C:\WINDOWS\system32\fwxqcrkh.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\hkrcqxwf.dll C:\WINDOWS\system32\hkrcqxwf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\iiomgldf.ini C:\WINDOWS\system32\iiomgldf.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\iwuoclkn.dll C:\WINDOWS\system32\iwuoclkn.dll Has been deleted! Attempting to delete C:\windows\system32\iwypfuet.ini C:\windows\system32\iwypfuet.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mncdqtxt.dll C:\WINDOWS\system32\mncdqtxt.dll Has been deleted! Attempting to delete C:\windows\system32\nklcouwi.ini C:\windows\system32\nklcouwi.ini Has been deleted! Attempting to delete C:\windows\system32\nwbgyqwa.ini C:\windows\system32\nwbgyqwa.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pmafweta.dll C:\WINDOWS\system32\pmafweta.dll Has been deleted! Attempting to delete C:\windows\system32\rqstv.bak1 C:\windows\system32\rqstv.bak1 Has been deleted! Attempting to delete C:\windows\system32\rqstv.bak2 C:\windows\system32\rqstv.bak2 Has been deleted! Attempting to delete C:\windows\system32\rqstv.ini C:\windows\system32\rqstv.ini Has been deleted! Attempting to delete C:\windows\system32\rqstv.ini2 C:\windows\system32\rqstv.ini2 Has been deleted! Attempting to delete C:\windows\system32\rqstv.tmp C:\windows\system32\rqstv.tmp Has been deleted! Attempting to delete C:\windows\system32\rtcpvmqs.ini C:\windows\system32\rtcpvmqs.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\sqmvpctr.dll C:\WINDOWS\system32\sqmvpctr.dll Has been deleted! Attempting to delete C:\windows\system32\teufpywi.dll C:\windows\system32\teufpywi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqr.dll C:\WINDOWS\system32\vtsqr.dll Has been deleted! Attempting to delete C:\windows\system32\wpxgsmry.ini C:\windows\system32\wpxgsmry.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\yrmsgxpw.dll C:\WINDOWS\system32\yrmsgxpw.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Performing Repairs to the registry. Done! VundoFix V6.7.0 Checking Java version... Java version is 1.5.0.11 Scan started at 13:03:09 30.12.2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.7.0 Checking Java version... Java version is 1.5.0.11 Scan started at 23:54:45 7.3.2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.7.0 Checking Java version... Java version is 1.5.0.11 Scan started at 2:17:01 23.3.2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.7.0 Checking Java version... Java version is 1.5.0.11 Scan started at 21:35:12 27.3.2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.7.0 Checking Java version... Java version is 1.5.0.11 Scan started at 22:34:26 27.3.2008 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V7.0.3 Scan started at 23:26:39 27.3.2008 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... Dopuna: 31 Mar 2008 20:21 ComboFix 08-03-23.2 - Euro'Splet 2008-03-27 22:32:10.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.47 [GMT 1:00] Running from: C:\Documents and Settings\Euro'Splet\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Other TimeOuts -- pv -kf -l"* pid.bat " VFind -rtd C:\WINDOWS\inet20 CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]\\[^\\]$" VFind -tf -s282624 "C:\Program Files\????????[0-9].dll" CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" pv -kf -l"* pid.bat " CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" GREP -Eis "\.Windows Shell$\|\.TIEBHOCom$" swreg query HKCR ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d-------- C:\Program Files\MSECache 2008-03-24 19:54 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\Euro'Splet\Application Data\vlc 2008-03-24 19:50 . 2008-03-24 19:50 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-24 03:53 . 2007-12-07 03:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-03-24 03:53 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-03-24 03:53 . 2007-07-01 04:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-03-24 03:53 . 2007-12-07 03:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-03-24 03:53 . 2007-12-07 03:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-03-24 03:53 . 2007-12-07 03:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-03-24 03:53 . 2007-12-07 03:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-03-24 03:53 . 2007-12-07 03:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-03-24 03:53 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-03-24 03:33 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-23 21:38 . 2008-03-23 21:38 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-03-23 21:38 . 2008-03-23 21:38 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-03-23 21:36 . 2008-03-23 21:36 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-03-23 21:36 . 2008-03-24 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-23 21:36 . 2008-03-24 23:02 3,306,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-23 21:36 . 2008-03-24 23:00 66,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-23 21:36 . 2008-03-24 18:57 45,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-23 21:36 . 2008-03-24 18:57 6,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-23 21:31 . 2008-03-23 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Program Files\DFX_Community 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Program Files\Conduit 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DFX 2008-03-23 01:24 . 2008-03-23 01:24 <DIR> d-------- C:\Program Files\DFX 2008-03-07 18:16 . 2008-03-07 18:16 <DIR> d-------- C:\WINDOWS\system32\recover . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 21:47 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\Skype 2008-03-24 03:32 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\Yahoo! 2008-03-24 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2008-03-24 03:31 --------- d-----w C:\Program Files\Yahoo! 2008-03-24 03:30 --------- d-----w C:\Program Files\Windows Live 2008-03-24 03:27 --------- d-----w C:\Program Files\BitTorrent 2008-03-23 22:08 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\BitTorrent 2008-03-23 20:13 --------- d-----w C:\Program Files\ESET 2008-03-23 19:31 --------- d-----w C:\Program Files\Nokia 2008-03-23 19:31 --------- d-----w C:\Program Files\Common Files\Nokia 2008-03-23 04:39 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\uTorrent 2008-03-23 00:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-14 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-13 02:33 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-11 18:32 --------- d-----w C:\Program Files\myTouch 2008-03-10 16:34 --------- d-----w C:\Program Files\MSN Games 2008-03-10 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-09 20:04 --------- d-----w C:\Program Files\Java 2008-03-07 16:49 --------- d-----w C:\Program Files\eMule 2008-02-25 17:43 --------- d-----w C:\Program Files\Opera 2008-02-13 20:59 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll 2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat 2008-02-05 00:40 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-24 23:36 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\QQ Games Plugin 2008-01-24 23:20 --------- d-----w C:\Program Files\Tencent 2008-01-24 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-01-24 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll . ((((((((((((((((((((((((((((( snapshot_2008-03-24_18.28.04,46 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-24 19:51:02 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll + 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll + 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll + 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll + 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll + 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll + 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] 2008-03-13 10:30 1524248 --a------ C:\Program Files\DFX_Community\tbDFX_.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D39DE44A-70EC-433A-B136-27B58D0A3534}] C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{48F270AE-42EA-4ACE-8EE2-7C99A454FE49}"= "C:\Program Files\DFX_Community\tbDFX_.dll" [2008-03-13 10:30 1524248] [HKEY_CLASSES_ROOT\clsid\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{48F270AE-42EA-4ACE-8EE2-7C99A454FE49}"= C:\Program Files\DFX_Community\tbDFX_.dll [2008-03-13 10:30 1524248] [HKEY_CLASSES_ROOT\clsid\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 16:00 1937408] "slide.exe"="C:\Program Files\Slide\Slide.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "ares"="C:\Program Files\Ares\Ares.exe" [2007-11-23 17:18 962560] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 13:54 16248320 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 12:35 53248] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-03-30 18:13:14 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhfg] ljjjhfg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 22:59:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll . Completion time: 2008-03-24 23:20:06 ComboFix-quarantined-files.txt 2008-03-24 22:19:43 ComboFix2.txt 2008-03-24 17:29:33 ComboFix3.txt 2007-12-07 00:13:55 . 2008-03-24 03:02:43 --- E O F ---

Profil

dr_Bora Poslao: 31 Mar 2008 22:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskopiraj u temu sadržaj sledećeg file-a: C:\QooBox\ComboFix2.txt

Profil

trifko86 Poslao: 01 Apr 2008 00:58 Idi na vrh
offline trifko86 Zaslužni građanin Zanimam se ;) Pridružio: 30 Jul 2005 Poruke: 689 Gde živiš: Teslić	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema ovog C:\QooBox\ComboFix2.txt samo ima C:\QooBox\ComboFix1.txt ComboFix 08-03-23.2 - Euro'Splet 2008-03-24 22:32:10.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.47 [GMT 1:00] Running from: C:\Documents and Settings\Euro'Splet\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Other TimeOuts -- pv -kf -l"* pid.bat " VFind -rtd C:\WINDOWS\inet20 CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]\\[^\\]$" VFind -tf -s282624 "C:\Program Files\????????[0-9].dll" CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" pv -kf -l"* pid.bat " CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" GREP -Eis "\.Windows Shell$\|\.TIEBHOCom$" swreg query HKCR ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d-------- C:\Program Files\MSECache 2008-03-24 19:54 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\Euro'Splet\Application Data\vlc 2008-03-24 19:50 . 2008-03-24 19:50 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-24 03:53 . 2007-12-07 03:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-03-24 03:53 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-03-24 03:53 . 2007-07-01 04:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-03-24 03:53 . 2007-12-07 03:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-03-24 03:53 . 2007-12-07 03:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-03-24 03:53 . 2007-12-07 03:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-03-24 03:53 . 2007-12-07 03:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-03-24 03:53 . 2007-12-07 03:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-03-24 03:53 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-03-24 03:33 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-23 21:38 . 2008-03-23 21:38 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-03-23 21:38 . 2008-03-23 21:38 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-03-23 21:36 . 2008-03-23 21:36 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-03-23 21:36 . 2008-03-24 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-23 21:36 . 2008-03-24 23:02 3,306,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-23 21:36 . 2008-03-24 23:00 66,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-23 21:36 . 2008-03-24 18:57 45,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-23 21:36 . 2008-03-24 18:57 6,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-23 21:31 . 2008-03-23 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Program Files\DFX_Community 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Program Files\Conduit 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DFX 2008-03-23 01:24 . 2008-03-23 01:24 <DIR> d-------- C:\Program Files\DFX 2008-03-07 18:16 . 2008-03-07 18:16 <DIR> d-------- C:\WINDOWS\system32\recover . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 21:47 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\Skype 2008-03-24 03:32 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\Yahoo! 2008-03-24 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2008-03-24 03:31 --------- d-----w C:\Program Files\Yahoo! 2008-03-24 03:30 --------- d-----w C:\Program Files\Windows Live 2008-03-24 03:27 --------- d-----w C:\Program Files\BitTorrent 2008-03-23 22:08 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\BitTorrent 2008-03-23 20:13 --------- d-----w C:\Program Files\ESET 2008-03-23 19:31 --------- d-----w C:\Program Files\Nokia 2008-03-23 19:31 --------- d-----w C:\Program Files\Common Files\Nokia 2008-03-23 04:39 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\uTorrent 2008-03-23 00:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-14 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-13 02:33 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-11 18:32 --------- d-----w C:\Program Files\myTouch 2008-03-10 16:34 --------- d-----w C:\Program Files\MSN Games 2008-03-10 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-09 20:04 --------- d-----w C:\Program Files\Java 2008-03-07 16:49 --------- d-----w C:\Program Files\eMule 2008-02-25 17:43 --------- d-----w C:\Program Files\Opera 2008-02-13 20:59 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll 2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat 2008-02-05 00:40 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-24 23:36 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\QQ Games Plugin 2008-01-24 23:20 --------- d-----w C:\Program Files\Tencent 2008-01-24 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-01-24 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll . ((((((((((((((((((((((((((((( snapshot_2008-03-24_18.28.04,46 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-24 19:51:02 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll + 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll + 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll + 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll + 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll + 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll + 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] 2008-03-13 10:30 1524248 --a------ C:\Program Files\DFX_Community\tbDFX_.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D39DE44A-70EC-433A-B136-27B58D0A3534}] C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{48F270AE-42EA-4ACE-8EE2-7C99A454FE49}"= "C:\Program Files\DFX_Community\tbDFX_.dll" [2008-03-13 10:30 1524248] [HKEY_CLASSES_ROOT\clsid\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{48F270AE-42EA-4ACE-8EE2-7C99A454FE49}"= C:\Program Files\DFX_Community\tbDFX_.dll [2008-03-13 10:30 1524248] [HKEY_CLASSES_ROOT\clsid\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 16:00 1937408] "slide.exe"="C:\Program Files\Slide\Slide.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "ares"="C:\Program Files\Ares\Ares.exe" [2007-11-23 17:18 962560] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 13:54 16248320 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 12:35 53248] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-03-30 18:13:14 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhfg] ljjjhfg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 22:59:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll . Completion time: 2008-03-24 23:20:06 ComboFix-quarantined-files.txt 2008-03-24 22:19:43 ComboFix2.txt 2008-03-24 17:29:33 ComboFix3.txt 2007-12-07 00:13:55 . 2008-03-24 03:02:43 --- E O F ---

Profil

dr_Bora Poslao: 01 Apr 2008 17:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D39DE44A-70EC-433A-B136-27B58D0A3534}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhfg]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ------------------------------------------------------------------------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Scan dugme ispod i sačuvaj logfile. Uz iduću poruku priloži taj logfile (koristi opciju Prikači Fajl)

Profil

trifko86 Poslao: 02 Apr 2008 00:15 Idi na vrh
offline trifko86 Zaslužni građanin Zanimam se ;) Pridružio: 30 Jul 2005 Poruke: 689 Gde živiš: Teslić	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo logo fajl ali se meni bar čini da je ovo isti logo fajl ComboFix 08-03-23.2 - Euro'Splet 2008-03-24 22:32:10.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.47 [GMT 1:00] Running from: C:\Documents and Settings\Euro'Splet\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Other TimeOuts -- pv -kf -l"* pid.bat " VFind -rtd C:\WINDOWS\inet20 CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]\\[^\\]$" VFind -tf -s282624 "C:\Program Files\????????[0-9].dll" CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" pv -kf -l"* pid.bat " CF9910.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" GREP -Eis "\.Windows Shell$\|\.TIEBHOCom$" swreg query HKCR ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d-------- C:\Program Files\MSECache 2008-03-24 19:54 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\Euro'Splet\Application Data\vlc 2008-03-24 19:50 . 2008-03-24 19:50 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-24 03:53 . 2007-12-07 03:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-03-24 03:53 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-03-24 03:53 . 2007-07-01 04:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-03-24 03:53 . 2007-12-07 03:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-03-24 03:53 . 2007-12-07 03:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-03-24 03:53 . 2007-12-07 03:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-03-24 03:53 . 2007-12-07 03:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-03-24 03:53 . 2007-12-07 03:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-03-24 03:53 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-03-24 03:33 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-23 21:38 . 2008-03-23 21:38 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-03-23 21:38 . 2008-03-23 21:38 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-03-23 21:36 . 2008-03-23 21:36 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-03-23 21:36 . 2008-03-24 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-23 21:36 . 2008-03-24 23:02 3,306,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-23 21:36 . 2008-03-24 23:00 66,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-23 21:36 . 2008-03-24 18:57 45,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-23 21:36 . 2008-03-24 18:57 6,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-23 21:31 . 2008-03-23 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Program Files\DFX_Community 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Program Files\Conduit 2008-03-23 01:25 . 2008-03-23 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DFX 2008-03-23 01:24 . 2008-03-23 01:24 <DIR> d-------- C:\Program Files\DFX 2008-03-07 18:16 . 2008-03-07 18:16 <DIR> d-------- C:\WINDOWS\system32\recover . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 21:47 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\Skype 2008-03-24 03:32 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\Yahoo! 2008-03-24 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2008-03-24 03:31 --------- d-----w C:\Program Files\Yahoo! 2008-03-24 03:30 --------- d-----w C:\Program Files\Windows Live 2008-03-24 03:27 --------- d-----w C:\Program Files\BitTorrent 2008-03-23 22:08 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\BitTorrent 2008-03-23 20:13 --------- d-----w C:\Program Files\ESET 2008-03-23 19:31 --------- d-----w C:\Program Files\Nokia 2008-03-23 19:31 --------- d-----w C:\Program Files\Common Files\Nokia 2008-03-23 04:39 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\uTorrent 2008-03-23 00:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-14 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-13 02:33 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-11 18:32 --------- d-----w C:\Program Files\myTouch 2008-03-10 16:34 --------- d-----w C:\Program Files\MSN Games 2008-03-10 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-09 20:04 --------- d-----w C:\Program Files\Java 2008-03-07 16:49 --------- d-----w C:\Program Files\eMule 2008-02-25 17:43 --------- d-----w C:\Program Files\Opera 2008-02-13 20:59 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll 2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat 2008-02-05 00:40 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-24 23:36 --------- d-----w C:\Documents and Settings\Euro'Splet\Application Data\QQ Games Plugin 2008-01-24 23:20 --------- d-----w C:\Program Files\Tencent 2008-01-24 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-01-24 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll . ((((((((((((((((((((((((((((( snapshot_2008-03-24_18.28.04,46 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-24 19:51:02 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll + 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll + 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll + 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll + 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll + 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll + 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll + 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll + 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll + 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] 2008-03-13 10:30 1524248 --a------ C:\Program Files\DFX_Community\tbDFX_.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D39DE44A-70EC-433A-B136-27B58D0A3534}] C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{48F270AE-42EA-4ACE-8EE2-7C99A454FE49}"= "C:\Program Files\DFX_Community\tbDFX_.dll" [2008-03-13 10:30 1524248] [HKEY_CLASSES_ROOT\clsid\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{48F270AE-42EA-4ACE-8EE2-7C99A454FE49}"= C:\Program Files\DFX_Community\tbDFX_.dll [2008-03-13 10:30 1524248] [HKEY_CLASSES_ROOT\clsid\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 16:00 1937408] "slide.exe"="C:\Program Files\Slide\Slide.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "ares"="C:\Program Files\Ares\Ares.exe" [2007-11-23 17:18 962560] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 13:54 16248320 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 12:35 53248] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-03-30 18:13:14 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhfg] ljjjhfg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 22:59:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll . Completion time: 2008-03-24 23:20:06 ComboFix-quarantined-files.txt 2008-03-24 22:19:43 ComboFix2.txt 2008-03-24 17:29:33 ComboFix3.txt 2007-12-07 00:13:55 . 2008-03-24 03:02:43 --- E O F --- Dopuna: 02 Apr 2008 0:15 https://www.mycity.rs/must-login.png

Profil

dr_Bora Poslao: 02 Apr 2008 17:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Naravno da je isti - iskopirao si logfile od 24. marta... Ukoliko si ispratio prethodno uputstvo, iskopiraj u temu poslednji logfile čija je lokacija C:\ComboFix.txt.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pregled logofile

Ko je trenutno na forumu

Ukupno su 551 korisnika na forumu :: 13 registrovanih, 0 sakrivenih i 538 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, 9k38, A.R.Chafee.Jr., bojcistv, boris.zic, dekan.m, Istman, kihot, ruso, samsung, SR-3m, yrraf, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by