Antivirus 2009

Antivirus 2009

offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

Ja ne znam ni da izbrisem antivirus 2009 a kamoli nesto vise

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Uradi kako se ovde kaze:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:59, on 18.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Windows User\Desktop\TR3.exe\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\igre\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [91010732968067067043703807921716] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c9533568c3ecd4) (gupdate1c9533568c3ecd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8992 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

---------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

ComboFix 09-01-17.04 - Windows User 2009-01-18 21:25:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.608 [GMT 1:00]
Running from: c:\documents and settings\Windows User\Desktop\TR3.exe\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Windows User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\documents and settings\Windows User\Start Menu\Antivirus 2009
c:\documents and settings\Windows User\Start Menu\Antivirus 2009\Antivirus 2009.lnk
c:\documents and settings\Windows User\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-17 18:05 . 2009-01-17 18:05 97,792 --a------ c:\windows\system32\drivers\ACEDRV05.sys
2009-01-16 16:14 . 2009-01-17 15:21 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-15 01:52 . 2009-01-15 01:52 268 --ah----- C:\sqmdata19.sqm
2009-01-15 01:52 . 2009-01-15 01:52 244 --ah----- C:\sqmnoopt19.sqm
2009-01-14 11:49 . 2009-01-14 11:49 268 --ah----- C:\sqmdata18.sqm
2009-01-14 11:49 . 2009-01-14 11:49 244 --ah----- C:\sqmnoopt18.sqm
2009-01-14 11:36 . 2009-01-14 11:36 268 --ah----- C:\sqmdata17.sqm
2009-01-14 11:36 . 2009-01-14 11:36 244 --ah----- C:\sqmnoopt17.sqm
2009-01-13 16:13 . 2009-01-13 16:13 268 --ah----- C:\sqmdata16.sqm
2009-01-13 16:13 . 2009-01-13 16:13 244 --ah----- C:\sqmnoopt16.sqm
2009-01-13 15:44 . 2009-01-13 15:44 <DIR> d-------- c:\program files\VirtualDJ
2009-01-12 21:59 . 2009-01-12 21:59 268 --ah----- C:\sqmdata15.sqm
2009-01-12 21:59 . 2009-01-12 21:59 244 --ah----- C:\sqmnoopt15.sqm
2009-01-12 12:13 . 2009-01-12 12:13 268 --ah----- C:\sqmdata14.sqm
2009-01-12 12:13 . 2009-01-12 12:13 244 --ah----- C:\sqmnoopt14.sqm
2009-01-11 20:42 . 2009-01-11 20:42 268 --ah----- C:\sqmdata13.sqm
2009-01-11 20:42 . 2009-01-11 20:42 244 --ah----- C:\sqmnoopt13.sqm
2009-01-11 13:12 . 2009-01-11 13:12 268 --ah----- C:\sqmdata12.sqm
2009-01-11 13:12 . 2009-01-11 13:12 244 --ah----- C:\sqmnoopt12.sqm
2009-01-10 16:25 . 2009-01-10 16:25 268 --ah----- C:\sqmdata11.sqm
2009-01-10 16:25 . 2009-01-10 16:25 244 --ah----- C:\sqmnoopt11.sqm
2009-01-10 10:24 . 2009-01-10 10:24 268 --ah----- C:\sqmdata10.sqm
2009-01-10 10:24 . 2009-01-10 10:24 244 --ah----- C:\sqmnoopt10.sqm
2009-01-10 00:10 . 2009-01-10 00:10 268 --ah----- C:\sqmdata09.sqm
2009-01-10 00:10 . 2009-01-10 00:10 244 --ah----- C:\sqmnoopt09.sqm
2009-01-09 09:40 . 2009-01-09 09:40 268 --ah----- C:\sqmdata08.sqm
2009-01-09 09:40 . 2009-01-09 09:40 244 --ah----- C:\sqmnoopt08.sqm
2009-01-08 23:03 . 2009-01-18 20:43 <DIR> d-------- c:\documents and settings\LocalService\Application Data\GameTracker
2009-01-08 23:02 . 2009-01-08 23:03 <DIR> d-------- c:\program files\GameTracker
2009-01-08 23:01 . 2009-01-18 20:44 <DIR> d-------- c:\documents and settings\Windows User\Application Data\GameTracker
2009-01-08 22:27 . 2009-01-09 18:59 <DIR> d-------- c:\program files\sXe Injected
2009-01-08 21:23 . 2009-01-08 21:23 268 --ah----- C:\sqmdata07.sqm
2009-01-08 21:23 . 2009-01-08 21:23 244 --ah----- C:\sqmnoopt07.sqm
2009-01-07 10:10 . 2009-01-07 10:10 268 --ah----- C:\sqmdata06.sqm
2009-01-07 10:10 . 2009-01-07 10:10 244 --ah----- C:\sqmnoopt06.sqm
2009-01-06 21:29 . 2009-01-06 21:29 268 --ah----- C:\sqmdata05.sqm
2009-01-06 21:29 . 2009-01-06 21:29 244 --ah----- C:\sqmnoopt05.sqm
2009-01-06 15:16 . 2009-01-06 15:16 268 --ah----- C:\sqmdata04.sqm
2009-01-06 15:16 . 2009-01-06 15:16 244 --ah----- C:\sqmnoopt04.sqm
2009-01-06 10:14 . 2009-01-06 10:14 268 --ah----- C:\sqmdata03.sqm
2009-01-06 10:14 . 2009-01-06 10:14 244 --ah----- C:\sqmnoopt03.sqm
2009-01-06 10:10 . 2009-01-06 10:10 268 --ah----- C:\sqmdata02.sqm
2009-01-06 10:10 . 2009-01-06 10:10 244 --ah----- C:\sqmnoopt02.sqm
2009-01-06 09:55 . 2009-01-16 01:27 268 --ah----- C:\sqmdata01.sqm
2009-01-06 09:55 . 2009-01-16 01:27 244 --ah----- C:\sqmnoopt01.sqm
2009-01-05 21:22 . 2009-01-05 21:30 <DIR> d-------- C:\Fraps
2009-01-05 21:22 . 2009-01-05 21:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-05 15:04 . 2009-01-15 11:24 268 --ah----- C:\sqmdata00.sqm
2009-01-05 15:04 . 2009-01-15 11:24 244 --ah----- C:\sqmnoopt00.sqm
2009-01-03 23:53 . 2009-01-05 15:24 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-03 11:59 . 2009-01-03 11:59 81,920 --a------ c:\windows\system32\frapsvid.dll
2009-01-02 18:31 . 2009-01-03 22:17 <DIR> d-------- c:\documents and settings\Windows User\Application Data\Image Zone Express
2009-01-02 18:28 . 2009-01-02 18:31 <DIR> d-------- c:\documents and settings\Windows User\Application Data\HP
2009-01-02 18:28 . 2009-01-02 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-02 18:26 . 2009-01-02 18:26 <DIR> d-------- c:\program files\Common Files\HP
2009-01-02 18:25 . 2009-01-02 18:25 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-02 18:25 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-02 18:25 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2009-01-02 18:25 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-02 18:25 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-02 18:25 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-01-02 18:25 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2009-01-02 18:25 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-02 18:24 . 2009-01-02 18:28 <DIR> d-------- c:\program files\HP
2009-01-02 18:24 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-02 18:24 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-02 18:21 . 2009-01-02 18:28 123,988 --a------ c:\windows\HPHins12.dat
2009-01-02 18:21 . 2006-05-16 07:25 77,824 -ra------ c:\windows\system32\hpzids01.dll
2009-01-02 18:21 . 2006-06-13 00:15 14,916 --------- c:\windows\hphmdl12.dat
2009-01-02 18:20 . 2006-06-03 21:29 48,640 --a------ c:\windows\system32\hpzll4pi.dll
2008-12-27 12:24 . 2008-12-27 12:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\ProStroke Golf
2008-12-27 12:23 . 2008-12-27 12:23 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 12:18 . 2008-12-27 12:18 <DIR> d-------- c:\program files\Oxygen Interactive
2008-12-23 22:44 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-23 22:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-23 22:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-23 22:44 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-23 13:15 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-23 13:15 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-23 13:14 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-23 13:14 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-23 13:14 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-23 13:14 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-23 13:14 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-23 13:14 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-23 13:14 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-23 13:14 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-23 13:14 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-23 13:09 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-23 13:09 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-23 13:09 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-23 13:09 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-23 12:49 . 2008-12-23 12:49 <DIR> d-------- c:\program files\YouTube Downloader
2008-12-21 19:01 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Windows Live Favorites
2008-12-21 19:01 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 19:01 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-21 19:01 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-21 19:00 . 2008-12-21 19:00 <DIR> d-------- c:\program files\Real
2008-12-21 19:00 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-21 19:00 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-21 19:00 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-21 19:00 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-21 19:00 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-21 18:58 . 2008-12-21 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-12-21 18:57 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Windows Live Toolbar
2008-12-21 18:56 . 2009-01-16 11:39 <DIR> d-------- c:\documents and settings\Windows User\Contacts
2008-12-21 18:55 . 2008-12-21 18:55 <DIR> d-------- c:\program files\MSN Messenger
2008-12-21 18:49 . 2008-12-21 18:49 <DIR> d-------- c:\program files\ToggleEN
2008-12-21 18:49 . 2008-12-21 18:49 <DIR> d-------- c:\program files\Conduit
2008-12-21 14:44 . 2008-12-21 14:44 <DIR> d-------- c:\program files\AskBarDis
2008-12-21 12:34 . 2008-12-21 20:49 230 --a------ c:\windows\LEXSTAT.INI
2008-12-21 12:00 . 2003-03-05 18:06 61,440 --a------ c:\windows\system32\lxbcpwr.dll
2008-12-21 11:58 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 18:42 --------- d-----w c:\documents and settings\Windows User\Application Data\uTorrent
2009-01-17 23:19 --------- d-----w c:\program files\Google
2009-01-05 10:20 --------- d-----w c:\program files\Microsoft Works
2008-12-27 16:58 --------- d-----w c:\documents and settings\Windows User\Application Data\AVGTOOLBAR
2008-12-27 11:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 11:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-14 13:26 --------- d-----w c:\program files\Winamp Toolbar
2008-12-14 13:26 --------- d-----w c:\program files\Winamp
2008-12-14 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 22:15 --------- d-----w c:\program files\Common Files\DirectX
2008-12-06 14:04 28,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-06 11:38 --------- d-----w c:\documents and settings\Windows User\Application Data\Black Sea Studios
2008-11-23 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2008-11-04 10:12 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
2004-08-03 21:59 298496 --a------ c:\windows\system32\winsystems.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-11 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="d:\igre\Steam\Steam.exe" [2003-09-11 958464]
"GameTracker"="c:\program files\GameTracker\GTLite.exe" [2008-12-11 3238752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1235736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\igre\\Pes 2008\\PES2008.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\igre\\Counter-Strike 1.6\\hl.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-04 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-04 90632]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-11-05 30336]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-21 464264]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-04 874776]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R4 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2009-01-08 2329440]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2008-12-19 49408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-21 234888]
S4 gupdate1c9533568c3ecd4;Google Update Service (gupdate1c9533568c3ecd4);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-30 133104]
S4 RPCER;Remote Procedure Call (HNM);c:\program files\Common Files\ODBC\comp.exe [2006-03-28 12801736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60e378a3-b94c-11dd-a1a2-b2f57c038434}]
\Shell\AutoRun\command - F:\sq.com
\Shell\explore\Command - F:\sq.com
\Shell\open\Command - F:\sq.com
.
Contents of the 'Scheduled Tasks' folder

2009-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-30 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-18 21:26:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-18 21:27:07
ComboFix-quarantined-files.txt 2009-01-18 20:27:06

Pre-Run: 24.731.394.048 bytes free
Post-Run: 25,056,522,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer

269 --- E O F --- 2009-01-14 10:39:19

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Mozes li da uploadujes sledeci fajl:

c:\program files\Common Files\ODBC\comp.exe

na www.virustotal.com i ovde mi das link ka rezultatu.

offline
  • Pridružio: 17 Mar 2008
  • Poruke: 33
  • Gde živiš: K U B A

Ali nema mi tog fajla kada otvorim ovo ODBC onda mi pokaze
folder"data source" i taj folder je prazan

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

FileLook::
c:\program files\Common Files\ODBC\comp.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 472 korisnika na forumu :: 6 registrovanih, 1 sakriven i 465 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bato, Ehinacea, opt1, simazr, Smd, zlaya011