MyCity » Ambulanta -> Arhiva Ambulante » ultimate antivirus 2008

ultimate antivirus 2008

Napisano na dan: 1.11.2008

Strana:
1
2

ultimate antivirus 2008

Sledeća strana

Pagination

Odgovori

Strana:
1
2

varagicmarijan Poslao: 01 Nov 2008 02:53 Idi na vrh
offline varagicmarijan Građanin Pridružio: 17 Jul 2008 Poruke: 41 Gde živiš: Pirot/Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pomagajte imam problem kad startujem komp odma pocne da ga skenira neki antivirusni program,Ultimate antivirus 2008 - security center,e sad ako pratim uputstva on pokusa da ode na net i blokira,a onda vise ne mogu nista da radim pa moram da restartujem.A ako odem na "Continue unprotected" i zatvorim prozor on se onda pojavljuje na svakih 30 sec.Kako da ga se resim,mnogo je dosadan.Molim da pogledate log i sklonite viruse koje sigurno imam.Za konekciju od skora koristim ADSLLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:32:56, on 1.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\UAV\uav.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\system32\algg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\My PC\Desktop\New Folder\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = windiwsfsearch.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = windiwsfsearch.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll (file missing) O2 - BHO: (no name) - {46D7049A-9DB9-4AEC-82B1-F101B9367CB1} - C:\WINDOWS\system32\qoMghefC.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {60EDB834-9813-49EC-B576-644EF24551AA} - (no file) O2 - BHO: (no name) - {89A5F36D-0974-4D69-A124-D11BDA0D87EF} - C:\WINDOWS\system32\xxywTNGw.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\My PC\Desktop\setup_sbd_en.exe O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare.exe" /pause O4 - HKLM\..\Run: [9086580d] rundll32.exe "C:\WINDOWS\system32\dfsenrgn.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe O4 - HKCU\..\Run: [Power2GoExpress] "D:\Program Files\Power2GoExpress.exe" /Startup O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O20 - Winlogon Notify: qoMghefC - C:\WINDOWS\SYSTEM32\qoMghefC.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O24 - Desktop Component 0: (no name) - badtushy.com/mainpics/t031008b/movieboxa1.jpg -- End of file - 8401 bytes

Profil

dr_Bora Poslao: 01 Nov 2008 09:51 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Potebno je privremeno isključiti TeaTimer: Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti program sa ovog linka na Desktop. - Pokrenuti ga dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. ------------------------------------------------------------------------------------- Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

Profil

varagicmarijan Poslao: 01 Nov 2008 13:34 Idi na vrh
offline varagicmarijan Građanin Pridružio: 17 Jul 2008 Poruke: 41 Gde živiš: Pirot/Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nema program ispod linka gdesi mi reko da kliknem

Profil

dr_Bora Poslao: 01 Nov 2008 13:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postoje dva linka u mojoj poruci - na koji misliš?

Profil

varagicmarijan Poslao: 01 Nov 2008 14:31 Idi na vrh
offline varagicmarijan Građanin Pridružio: 17 Jul 2008 Poruke: 41 Gde živiš: Pirot/Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zarim skini program sa OVOG LINKA na desk.Kod kliknem otvara mi preko cele strane neke brojkee i slova i znake i nema nikakve opsije

Profil

dr_Bora Poslao: 01 Nov 2008 15:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom na link i izaberi Save linked content as... ili Save target sa... ili Save as...

Profil

varagicmarijan Poslao: 01 Nov 2008 16:15 Idi na vrh
offline varagicmarijan Građanin Pridružio: 17 Jul 2008 Poruke: 41 Gde živiš: Pirot/Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Malwarebytes' Anti-Malware 1.30 Database version: 1349 Windows 5.1.2600 Service Pack 2 1.11.2008 15:52:19 mbam-log-2008-11-01 (15-52-19).txt Scan type: Quick Scan Objects scanned: 50584 Time elapsed: 3 minute(s), 10 second(s) Memory Processes Infected: 2 Memory Modules Infected: 3 Registry Keys Infected: 19 Registry Values Infected: 7 Registry Data Items Infected: 10 Folders Infected: 13 Files Infected: 54 Memory Processes Infected: C:\Program Files\UAV\uav.exe (Rogue.UltimateAntivirus) -> Unloaded process successfully. C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\dfsenrgn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\xxywTNGw.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qoMghefC.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42872555-746e-4d4c-a2bc-0b111348653c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{42872555-746e-4d4c-a2bc-0b111348653c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomghefc (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{030a0f33-5b99-482e-83f5-2eeb8457878b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42872555-746e-4d4c-a2bc-0b111348653c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9086580d (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sbi (Rogue.AntiSpywareSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxywtngw -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywtngw -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WAV (Rogue.WindowsAntivirus2008-) -> Quarantined and deleted successfully. C:\Program Files\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\675873 (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\My PC\Application Data\RegistryBot (Rogue.RegistryBot) -> Quarantined and deleted successfully. C:\Documents and Settings\My PC\Application Data\RegistryBot\Log (Rogue.RegistryBot) -> Quarantined and deleted successfully. C:\Documents and Settings\My PC\Application Data\RegistryBot\Registry Backups (Rogue.RegistryBot) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\xxywTNGw.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\wGNTwyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wGNTwyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMghefC.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\bnlgpmsx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xsmpglnb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dfsenrgn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ngrnesfd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eocefvyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uyvfecoe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fbcfycjw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wjcyfcbf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\funigamb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bmaginuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nduohbmu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\umbhoudn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ohpvoqgy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ygqovpho.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pjijdind.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dnidjijp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vyqffflh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hlfffqyv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xawwesug.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gusewwax.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\675873\675873.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gnkwpalb.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oakwbewf.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bducqtyd.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bhmpklmu.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hihfljbv.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hnvdfavb.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seembqtw.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wmrgrfsu.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jwabkggx.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xshspieu.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vhedvrhr.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcDtTnN.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUnNfeF.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\My PC\Local Settings\temp\ssty0.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\AAV\aav.exe (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WAV\wav.cpl (Rogue.WindowsAntivirus2008-) -> Quarantined and deleted successfully. C:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008-) -> Quarantined and deleted successfully. C:\Program Files\UAV\uav.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\Program Files\UAV\uav.exe (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\Program Files\UAV\uav.ooo (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\Program Files\UAV\uav1.dat (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\My PC\Application Data\RegistryBot\Registry Backups\2008-07-17_15-28-03.reg (Rogue.RegistryBot) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080820141139281.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uav.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wav.cpl (Rogue.WindowsAntivirus2008-) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aav.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully. Napisao je da nekoliko nisu ociscena i zatrazio restart-sto sam i ucinio. Evo i Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:09:40, on 1.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\My PC\Desktop\New Folder\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {47433D23-8E7D-4476-9026-2FAA314C2717} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {60EDB834-9813-49EC-B576-644EF24551AA} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {AEDABB57-BF9D-489B-B42C-F5876F1F6E4C} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare.exe" /pause O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Power2GoExpress] "D:\Program Files\Power2GoExpress.exe" /Startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O24 - Desktop Component 0: (no name) - badtushy.com/mainpics/t031008b/movieboxa1.jpg -- End of file - 7299 bytes

Profil

dr_Bora Poslao: 01 Nov 2008 16:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

varagicmarijan Poslao: 01 Nov 2008 17:13 Idi na vrh
offline varagicmarijan Građanin Pridružio: 17 Jul 2008 Poruke: 41 Gde živiš: Pirot/Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! combofix je otrio da nemam windows recovery console i stao sa radom.Sta dalje Dopuna: 01 Nov 2008 17:13 posto je ponudjena opcija da pritisnem yes da bi instalirao odmah ,to sam i uradio.Combo je nastavio sa radom,restartovao je komp i izbacio Log. Evo ga ovde ComboFix 08-10-31.02 - My PC 2008-11-01 16:52:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT 1:00] Running from: C:\Documents and Settings\My PC\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\IE4 Error Log.txt C:\WINDOWS\system32\dctolxax.ini C:\WINDOWS\system32\vilqgkux.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 ))))))))))))))))))))))))))))))) . 2008-11-01 15:43 . 2008-11-01 15:43 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Malwarebytes 2008-11-01 15:43 . 2008-11-01 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-01 15:43 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-11-01 15:43 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-11-01 05:32 . 2008-11-01 14:59 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Juce VST Host 2008-11-01 01:25 . 2008-11-01 01:25 <DIR> d-------- C:\Program Files\Bonjour 2008-11-01 01:25 . 2008-11-01 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-11-01 01:14 . 2007-04-25 15:18 464,384 --------- C:\WINDOWS\system32\imapi2fs.dll 2008-11-01 01:14 . 2007-04-25 15:18 464,384 -----c--- C:\WINDOWS\system32\dllcache\imapi2fs.dll 2008-11-01 01:14 . 2007-04-25 15:18 317,952 --------- C:\WINDOWS\system32\imapi2.dll 2008-11-01 01:14 . 2007-04-25 15:18 317,952 -----c--- C:\WINDOWS\system32\dllcache\imapi2.dll 2008-11-01 01:14 . 2007-04-25 12:41 62,592 -----c--- C:\WINDOWS\system32\dllcache\cdrom.sys 2008-11-01 01:13 . 2008-11-01 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-11-01 01:05 . 2008-11-01 01:05 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\AltrixSoft 2008-11-01 00:39 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2008-11-01 00:38 . 2008-11-01 00:39 <DIR> d-------- C:\Program Files\VstPlugins 2008-11-01 00:38 . 2008-11-01 00:40 <DIR> d-------- C:\Program Files\Image-Line 2008-11-01 00:37 . 2008-11-01 00:37 <DIR> d-------- C:\Program Files\Outsim 2008-10-31 23:14 . 2008-10-31 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-10-31 06:03 . 2008-11-01 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-28 00:37 . 2008-10-28 00:37 170 --a------ C:\WINDOWS\wininit.ini 2008-10-27 20:01 . 2008-10-27 20:01 120 ---hs---- C:\WINDOWS\system32\upxtjkwb.ini 2008-10-23 18:54 . 2008-10-23 18:54 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-10-23 18:54 . 2001-09-27 20:41 4,206,080 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-10-23 18:54 . 2001-09-27 20:41 2,017,280 --a------ C:\WINDOWS\system32\QuickTimeMusicalInstruments.qtx 2008-10-23 18:54 . 1997-08-21 13:44 345,600 --a------ C:\WINDOWS\system32\Qtim32.dll 2008-10-23 18:54 . 2001-09-27 19:41 287,232 --a------ C:\WINDOWS\system32\QuickTime.cpl 2008-10-23 18:54 . 1996-08-26 03:12 93,696 --a------ C:\WINDOWS\system32\Qtole32.dll 2008-10-23 18:54 . 2001-11-28 15:43 53,985 --a------ C:\WINDOWS\system32\QuickTime.qtp 2008-10-23 18:15 . 2008-10-23 18:15 292 --a------ C:\WINDOWS\vtmb.ini 2008-10-20 01:56 . 2008-10-20 01:56 120 ---hs---- C:\WINDOWS\system32\nksibmfo.ini 2008-10-19 03:49 . 2008-10-19 03:49 <DIR> d-------- C:\Documents and Settings\My PC\TYPHOON 2008-10-08 19:23 . 2008-10-19 23:23 <DIR> d-------- C:\Documents and Settings\My PC\.SimpleCenter 2008-10-08 19:22 . 2008-10-08 19:22 <DIR> d-------- C:\Program Files\SimpleCenter 2008-10-08 19:22 . 2008-10-08 19:22 <DIR> d-------- C:\Program Files\Common Files\i4j_jres . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-01 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\services 2008-10-31 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-31 05:06 --------- d-----w C:\Program Files\Google 2008-10-31 01:35 --------- d-----w C:\Program Files\Eset 2008-10-30 16:30 --------- d-----w C:\Documents and Settings\My PC\Application Data\Winamp 2008-10-30 00:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-30 00:50 22,328 ----a-w C:\Documents and Settings\My PC\Application Data\PnkBstrK.sys 2008-10-23 17:03 --------- d-----w C:\Program Files\Activision 2008-10-22 19:22 --------- d-----w C:\Program Files\BSPlayer 2008-10-19 15:10 --------- d-----w C:\Documents and Settings\My PC\Application Data\Nokia Multimedia Player 2008-10-19 02:51 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-10-18 11:15 --------- d-----w C:\Program Files\Opera 2008-10-08 19:03 --------- d-----w C:\Documents and Settings\My PC\Application Data\PC Suite 2008-10-08 18:18 --------- d-----w C:\Program Files\Nokia 2008-10-08 16:51 --------- d-----w C:\Documents and Settings\My PC\Application Data\Datalayer 2008-10-07 20:26 --------- d-----w C:\Documents and Settings\My PC\Application Data\Nokia 2008-09-23 22:34 --------- d-----w C:\Documents and Settings\My PC\Application Data\Wildfire 2008-09-23 18:53 --------- d-----w C:\Program Files\audiograbber 2008-09-23 15:53 --------- d-----w C:\Program Files\The Playa 2008-09-23 15:53 --------- d-----w C:\Program Files\DivXCodec 2008-09-23 15:50 --------- d-----w C:\Program Files\Micro DVD Player 2008-09-18 08:42 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-18 08:42 --------- d-----w C:\Documents and Settings\My PC\Application Data\InterTrust 2008-09-14 12:13 3,839,862 --sh--r C:\AVG7DB_F.DAT 2008-09-14 12:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7 2008-08-05 13:42 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-08-05 13:42 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-07-10 09:35 2,401,296 ----a-w C:\Program Files\WLinstaller.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-25 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-14 921600] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.clmp3enc"= D:\PROGRA~1\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "D:\\igre\\Warcraft III\\War3.exe"= "C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"= "C:\\Program Files\\SimpleCenter\\Home Media Server.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328] R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-06-13 162432] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-06-13 12032] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-06-13 48928] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{510f45cc-7534-11dd-9a2d-00e04d6a7475}] \Shell\AutoRun\command - F:\ \Shell\open\Command - rundll32.exe .\\ltxclu.dll,InstallM . - - - - ORPHANS REMOVED - - - - BHO-{47433D23-8E7D-4476-9026-2FAA314C2717} - (no file) BHO-{60EDB834-9813-49EC-B576-644EF24551AA} - (no file) BHO-{AEDABB57-BF9D-489B-B42C-F5876F1F6E4C} - (no file) HKCU-Run-Power2GoExpress - D:\Program Files\Power2GoExpress.exe HKLM-Run-BearShare - D:\Program Files\BearShare.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\My PC\Application Data\Mozilla\Firefox\Profiles\zi11vjn4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-01 16:55:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\obvious] "ImagePath"="system32\DRIVERS\obvious.sys" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************ . Completion time: 2008-11-01 17:01:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-01 16:00:45 Pre-Run: 18.100.912.128 bytes free Post-Run: 18,292,256,768 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 195 --- E O F --- 2008-08-14 21:27:48

Profil

dr_Bora Poslao: 01 Nov 2008 18:20 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\upxtjkwb.ini C:\WINDOWS\system32\nksibmfo.ini FileLook:: C:\WINDOWS\system32\Drivers\obvious.sys Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{510f45cc-7534-11dd-9a2d-00e04d6a7475}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » ultimate antivirus 2008

Ko je trenutno na forumu

Ukupno su 887 korisnika na forumu :: 46 registrovanih, 8 sakrivenih i 833 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Belac91, bigfoot, Buzdovan, ccoogg123, CikaKURE, dmdr, draganca, elenemste, Excalibur13, FOX, HrcAk47, Kandrbandrdzilo, Karla, Krvava Devetka, kybonacci, marsovac 2, Matija, Mcdado, menges, mercedesamg, mikrimaus, Mlav, nebojsag, nenad81, Oscar2, Parker, pein, proka89, Rakenica, raptorsi, rasok, RJ, robert1979, SlaKoj, Smiljke, Srle993, stalja, stegonosa, StepskiVuk, Trpe Grozni, tubular, vathra, zlaya011, šumar bk2, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by