MyCity » Ambulanta -> Arhiva Ambulante » Molim za pomoć

Molim za pomoć

Napisano na dan: 19.4.2008

Strana:
1
2

Molim za pomoć

Sledeća strana

Pagination

Odgovori

Strana:
1
2

badboyfromnis Poslao: 19 Apr 2008 17:24 Idi na vrh
offline badboyfromnis Novi MyCity građanin Pridružio: 19 Apr 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 17:10:29, on 19.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\All Users\Application Data\qzyjerop\wxqfgxmb.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINDOWS\system32\SafeSignCertReg.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marko\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - C:\WINDOWS\system32\fccdabCr.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {FD4D57B5-63D3-42B8-9124-BDA3FD1FAF16} - C:\WINDOWS\system32\yayvVLBR.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [CertificateRegistration] SafeSignCertReg.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7146001531 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: fccdabCr - fccdabCr.dll (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe AVG mi registruje trojan horse downloader.obfuskated i prebacije ga u virus valut i ja ga obrišem, ali on kao da ga stvarno ne obriše, i stalno mi svetli dijoda recive na modemu definitivno nešto skida sa neta stalno, kako da ga se rešim definitivno? Hvala!

Profil

helen1 Poslao: 19 Apr 2008 18:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

badboyfromnis Poslao: 19 Apr 2008 18:16 Idi na vrh
offline badboyfromnis Novi MyCity građanin Pridružio: 19 Apr 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-18.3 - Marko 2008-04-19 18:03:26.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.103 [GMT 2:00] Running from: C:\Documents and Settings\Marko\My Documents\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\RBLVvyay.ini C:\WINDOWS\system32\RBLVvyay.ini2 . ((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))) . 2008-04-18 16:28 . 2008-04-18 16:29 286,720 --------- C:\WINDOWS\Setup1.exe 2008-04-18 16:27 . 2008-04-18 16:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-04-18 15:30 . 2008-04-18 15:30 <DIR> d-------- C:\Documents and Settings\Marko\System 2008-04-18 15:30 . 2008-04-18 15:37 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\SmartDraw 2008-04-17 16:31 . 2008-04-17 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-13 21:32 . 2008-04-13 21:32 <DIR> d-------- C:\WINDOWS\Sun 2008-04-12 20:11 . 2008-04-12 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-12 17:49 . 2008-04-12 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-12 15:43 . 2008-04-12 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qzyjerop 2008-04-11 19:13 . 2008-04-19 14:59 <DIR> dr-h----- C:\$VAULT$.AVG 2008-04-11 18:10 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-04-11 18:08 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys 2008-04-11 18:07 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys 2008-04-11 18:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-04-11 18:05 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-04-11 18:04 . 2004-08-04 15:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-04-11 18:03 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-04-11 18:02 . 2004-08-04 15:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll 2008-04-11 18:01 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys 2008-04-11 18:00 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-04-11 17:59 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-04-11 17:58 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll 2008-04-11 17:57 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-04-11 17:56 . 2004-08-04 15:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2008-04-11 17:55 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-04-11 17:54 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys 2008-04-11 17:53 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2008-04-11 17:52 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2008-04-11 17:51 . 2004-08-04 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-04-11 17:50 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys 2008-04-11 17:49 . 2004-08-04 15:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex 2008-04-11 17:48 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2008-04-11 17:47 . 2004-08-04 15:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll 2008-04-11 17:46 . 2004-08-04 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-04-11 17:45 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys 2008-04-11 17:44 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-04-11 17:43 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys 2008-04-11 17:42 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys 2008-04-11 17:41 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-04-11 17:32 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe 2008-04-11 17:31 . 2004-08-04 15:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-04-11 17:30 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys 2008-04-11 17:29 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-04-11 17:28 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys 2008-04-11 17:27 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-04-11 16:38 . 2008-04-11 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM 2008-04-11 16:37 . 2008-04-11 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-04-10 16:06 . 2008-04-10 16:06 <DIR> d-------- C:\Program Files\Canon 2008-04-10 16:06 . 2005-03-22 16:00 135,168 --a------ C:\WINDOWS\system32\CNAB4EMU.DLL 2008-04-10 16:06 . 2005-03-22 16:00 65,536 --a------ C:\WINDOWS\system32\CNAB4SMK.DLL 2008-04-10 16:06 . 2005-03-22 16:00 57,344 --a------ C:\WINDOWS\system32\CNAB4RPK.EXE 2008-04-10 16:06 . 2005-03-22 16:00 28,672 --a------ C:\WINDOWS\system32\CNAB4PTU.DLL 2008-04-10 16:06 . 2005-03-22 16:00 28,672 --a------ C:\WINDOWS\system32\CNAB4LMK.DLL 2008-04-09 14:47 . 2008-04-09 14:47 <DIR> d-------- C:\Program Files\Pexim Solutions 2008-04-09 14:47 . 2008-04-09 14:47 <DIR> d-------- C:\Program Files\Common Files\FX Client 2008-04-09 14:31 . 2008-04-09 14:31 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Pexim Digitrust API 2008-04-09 14:27 . 2008-04-09 14:27 <DIR> d-------- C:\Program Files\EZUSB 2008-04-05 13:39 . 2008-04-05 13:46 353 --a------ C:\WINDOWS\pdf2word.INI 2008-04-02 16:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-04-02 16:21 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-04-02 16:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-04-02 16:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-04-02 16:21 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-04-02 15:40 . 2008-04-02 15:40 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Samsung 2008-04-02 15:39 . 2008-04-02 15:39 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-04-02 15:39 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-04-02 15:39 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-04-02 15:39 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-04-02 15:39 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-04-02 15:39 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-04-02 15:39 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-04-02 15:39 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-04-02 15:39 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-04-02 15:38 . 2008-04-02 15:38 <DIR> d-------- C:\Program Files\Samsung 2008-04-02 15:38 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-04-02 15:38 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-04-02 13:32 . 2008-04-02 13:32 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-03-31 13:18 . 2008-04-14 20:17 10 --a------ C:\WINDOWS\popcinfo.dat 2008-03-31 11:41 . 2008-03-31 11:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-31 11:41 . 2008-03-31 11:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-29 15:17 . 2008-03-29 15:17 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\AdobeUM 2008-03-28 13:19 . 2008-04-19 16:19 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\AVG7 2008-03-28 13:19 . 2008-03-28 13:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-28 13:19 . 2008-04-18 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-28 13:19 . 2008-03-28 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-27 17:51 . 2008-03-27 17:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Yahoo! 2008-03-27 17:51 . 2008-03-27 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-27 17:49 . 2008-03-27 17:49 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2008-03-27 17:49 . 2008-04-02 13:30 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-27 17:36 . 2008-04-11 14:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Lavasoft 2008-03-27 17:16 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-27 17:14 . 2008-03-27 17:14 <DIR> d-------- C:\Program Files\MSBuild 2008-03-27 17:14 . 2008-03-27 17:14 <DIR> d-------- C:\Program Files\Microsoft Works 2008-03-27 17:13 . 2008-04-08 18:15 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-27 17:10 . 2008-03-27 17:19 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-27 17:10 . 2008-03-27 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-27 16:57 . 2008-03-27 16:57 <DIR> d-------- C:\Program Files\A.E.T. Europe B.V 2008-03-27 16:57 . 2004-05-26 10:51 651,264 --a------ C:\WINDOWS\system32\aetdlss1.dll 2008-03-27 16:57 . 2004-05-17 18:30 499,712 --a------ C:\WINDOWS\system32\aetpkss1.dll 2008-03-27 16:57 . 2004-02-11 17:49 253,952 --a------ C:\WINDOWS\system32\aetjcss1.dll 2008-03-27 16:57 . 2003-12-18 10:23 155,648 --a------ C:\WINDOWS\system32\scardspen.dll 2008-03-27 16:57 . 2004-06-30 12:00 131,072 --a------ C:\WINDOWS\system32\aetcsss1.dll 2008-03-27 16:57 . 2004-02-17 10:00 28,672 --a------ C:\WINDOWS\system32\SafeSignCertReg.exe 2008-03-27 16:57 . 2004-05-04 17:09 28,672 --a------ C:\WINDOWS\system32\aetpksse.dll 2008-03-27 16:57 . 2004-02-11 17:49 11,776 --a------ C:\WINDOWS\system32\aetpkssw.dll 2008-03-27 16:57 . 2004-06-30 12:00 136 --a------ C:\WINDOWS\system32\aetcsss1.sig 2008-03-27 16:54 . 2008-04-08 17:56 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-03-27 16:54 . 2008-04-09 14:51 <DIR> d-------- C:\Program Files\FX Enterprise 2008-03-27 16:54 . 2004-06-11 01:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe 2008-03-27 16:54 . 2004-06-11 01:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys 2008-03-27 16:54 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2008-03-27 16:54 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2008-03-27 16:54 . 2004-06-10 10:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys 2008-03-27 16:51 . 2008-03-27 16:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\FX Enterprise 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Program Files\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-03-27 16:44 . 2008-03-27 16:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-27 16:40 . 2008-03-27 16:41 <DIR> d-------- C:\Program Files\Winamp 2008-03-27 16:40 . 2008-04-18 18:29 155 --a------ C:\WINDOWS\winamp.ini 2008-03-27 16:35 . 2008-03-27 16:35 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\InterVideo 2008-03-27 16:34 . 2008-03-27 16:34 <DIR> d-------- C:\Program Files\DVD-RAM 2008-03-27 16:34 . 2004-08-28 09:37 155,648 --a------ C:\WINDOWS\system32\RAMASST.exe 2008-03-27 16:34 . 2005-04-22 13:36 135,168 --a------ C:\WINDOWS\system32\DVDMenu.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 20:53 --------- d-----w C:\Program Files\TOSHIBA 2008-03-27 20:52 --------- d-----w C:\Program Files\Synaptics 2008-03-27 20:52 --------- d-----w C:\Program Files\Sonic 2008-03-27 20:51 --------- d-----w C:\Program Files\Realtek 2008-03-27 20:51 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 20:51 --------- d-----w C:\Program Files\ltmoh 2008-03-27 20:50 --------- d-----w C:\Program Files\Java 2008-03-27 20:47 --------- d-----w C:\Program Files\Common Files\Java 2008-03-27 20:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-27 20:47 --------- d-----w C:\Program Files\ATI Technologies 2008-03-27 20:47 --------- d-----w C:\Program Files\Atheros 2008-03-27 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-03-27 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-27 14:28 --------- d-----w C:\Program Files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD4D57B5-63D3-42B8-9124-BDA3FD1FAF16}] C:\WINDOWS\system32\yayvVLBR.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 13:26 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 14:25 73728] "TPSMain"="TPSMain.exe" [2005-08-03 16:26 266240 C:\WINDOWS\system32\TPSMain.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 14:53 352256] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26 688218] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 12:31 118784] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 20:14 15473664 C:\WINDOWS\RTHDCPL.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:53 1077329] "NDSTray.exe"="NDSTray.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 07:10 122940] "Device Detector"="DevDetect.exe" [] "CFSServ.exe"="CFSServ.exe" [] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 10:00 28672 C:\WINDOWS\system32\SafeSignCertReg.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 10:49 579584] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064] "Alcmtr"="ALCMTR.EXE" [2005-05-04 03:43 69632 C:\WINDOWS\Alcmtr.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-28 13:19 219136] C:\Documents and Settings\Marko\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-03-27 16:34:36 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "RTuXmCFZt0"= C:\Documents and Settings\All Users\Application Data\qzyjerop\wxqfgxmb.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdabCr] fccdabCr.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= R3 EZUSB;EZUSB PC/SC Smart Card Reader;C:\WINDOWS\system32\DRIVERS\ezusb.sys [2004-09-23 14:06] . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-19 18:06:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\userinit.exe . ************************************************************************ . Completion time: 2008-04-19 18:08:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-19 16:08:38 Pre-Run: 11,967,377,408 bytes free Post-Run: 12,021,059,584 bytes free 228

Profil

helen1 Poslao: 19 Apr 2008 20:16 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Documents and Settings\All Users\Application Data\qzyjerop\wxqfgxmb.exe C:\WINDOWS\system32\yayvVLBR.dll Folder:: C:\Documents and Settings\All Users\Application Data\qzyjerop Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD4D57B5-63D3-42B8-9124-BDA3FD1FAF16}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdabCr] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "RTuXmCFZt0"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

badboyfromnis Poslao: 19 Apr 2008 20:28 Idi na vrh
offline badboyfromnis Novi MyCity građanin Pridružio: 19 Apr 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-18.3 - Marko 2008-04-19 20:21:54.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.80 [GMT 2:00] Running from: C:\Documents and Settings\Marko\My Documents\ComboFix.exe Command switches used :: C:\Documents and Settings\Marko\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\All Users\Application Data\qzyjerop\wxqfgxmb.exe C:\WINDOWS\system32\yayvVLBR.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\qzyjerop C:\Documents and Settings\All Users\Application Data\qzyjerop\wxqfgxmb.exe . ((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))) . 2008-04-19 19:13 . 2008-04-19 19:13 98,304 --a------ C:\WINDOWS\system32\ynkjibol.exe 2008-04-18 16:28 . 2008-04-18 16:29 286,720 --------- C:\WINDOWS\Setup1.exe 2008-04-18 16:27 . 2008-04-18 16:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-04-18 15:30 . 2008-04-18 15:30 <DIR> d-------- C:\Documents and Settings\Marko\System 2008-04-18 15:30 . 2008-04-18 15:37 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\SmartDraw 2008-04-17 16:31 . 2008-04-17 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-13 21:32 . 2008-04-13 21:32 <DIR> d-------- C:\WINDOWS\Sun 2008-04-12 20:11 . 2008-04-12 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-12 17:49 . 2008-04-12 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-11 19:13 . 2008-04-19 19:11 <DIR> dr-h----- C:\$VAULT$.AVG 2008-04-11 18:10 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-04-11 18:08 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys 2008-04-11 18:07 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys 2008-04-11 18:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-04-11 18:05 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-04-11 18:04 . 2004-08-04 15:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-04-11 18:03 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-04-11 18:02 . 2004-08-04 15:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll 2008-04-11 18:01 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys 2008-04-11 18:00 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-04-11 17:59 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-04-11 17:58 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll 2008-04-11 17:57 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-04-11 17:56 . 2004-08-04 15:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2008-04-11 17:55 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-04-11 17:54 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys 2008-04-11 17:53 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2008-04-11 17:52 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2008-04-11 17:51 . 2004-08-04 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-04-11 17:50 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys 2008-04-11 17:49 . 2004-08-04 15:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex 2008-04-11 17:48 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2008-04-11 17:47 . 2004-08-04 15:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll 2008-04-11 17:46 . 2004-08-04 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-04-11 17:45 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys 2008-04-11 17:44 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-04-11 17:43 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys 2008-04-11 17:42 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys 2008-04-11 17:41 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-04-11 17:32 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe 2008-04-11 17:31 . 2004-08-04 15:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-04-11 17:30 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys 2008-04-11 17:29 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-04-11 17:28 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys 2008-04-11 17:27 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-04-11 16:38 . 2008-04-11 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM 2008-04-11 16:37 . 2008-04-11 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-04-10 16:06 . 2008-04-10 16:06 <DIR> d-------- C:\Program Files\Canon 2008-04-10 16:06 . 2005-03-22 16:00 135,168 --a------ C:\WINDOWS\system32\CNAB4EMU.DLL 2008-04-10 16:06 . 2005-03-22 16:00 65,536 --a------ C:\WINDOWS\system32\CNAB4SMK.DLL 2008-04-10 16:06 . 2005-03-22 16:00 57,344 --a------ C:\WINDOWS\system32\CNAB4RPK.EXE 2008-04-10 16:06 . 2005-03-22 16:00 28,672 --a------ C:\WINDOWS\system32\CNAB4PTU.DLL 2008-04-10 16:06 . 2005-03-22 16:00 28,672 --a------ C:\WINDOWS\system32\CNAB4LMK.DLL 2008-04-09 14:47 . 2008-04-09 14:47 <DIR> d-------- C:\Program Files\Pexim Solutions 2008-04-09 14:47 . 2008-04-09 14:47 <DIR> d-------- C:\Program Files\Common Files\FX Client 2008-04-09 14:31 . 2008-04-09 14:31 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Pexim Digitrust API 2008-04-09 14:27 . 2008-04-09 14:27 <DIR> d-------- C:\Program Files\EZUSB 2008-04-05 13:39 . 2008-04-05 13:46 353 --a------ C:\WINDOWS\pdf2word.INI 2008-04-02 16:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-04-02 16:21 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-04-02 16:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-04-02 16:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-04-02 16:21 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-04-02 15:40 . 2008-04-02 15:40 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Samsung 2008-04-02 15:39 . 2008-04-02 15:39 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-04-02 15:39 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-04-02 15:39 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-04-02 15:39 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-04-02 15:39 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-04-02 15:39 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-04-02 15:39 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-04-02 15:39 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-04-02 15:39 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-04-02 15:38 . 2008-04-02 15:38 <DIR> d-------- C:\Program Files\Samsung 2008-04-02 15:38 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-04-02 15:38 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-04-02 13:32 . 2008-04-02 13:32 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-03-31 13:18 . 2008-04-14 20:17 10 --a------ C:\WINDOWS\popcinfo.dat 2008-03-31 11:41 . 2008-03-31 11:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-31 11:41 . 2008-03-31 11:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-29 15:17 . 2008-03-29 15:17 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\AdobeUM 2008-03-28 13:19 . 2008-04-19 19:04 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\AVG7 2008-03-28 13:19 . 2008-03-28 13:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-28 13:19 . 2008-04-18 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-28 13:19 . 2008-03-28 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-27 17:51 . 2008-03-27 17:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Yahoo! 2008-03-27 17:51 . 2008-03-27 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-27 17:49 . 2008-03-27 17:49 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2008-03-27 17:49 . 2008-04-02 13:30 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-27 17:36 . 2008-04-11 14:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Lavasoft 2008-03-27 17:16 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-27 17:14 . 2008-03-27 17:14 <DIR> d-------- C:\Program Files\MSBuild 2008-03-27 17:14 . 2008-03-27 17:14 <DIR> d-------- C:\Program Files\Microsoft Works 2008-03-27 17:13 . 2008-04-08 18:15 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-27 17:10 . 2008-03-27 17:19 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-27 17:10 . 2008-03-27 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-27 16:57 . 2008-03-27 16:57 <DIR> d-------- C:\Program Files\A.E.T. Europe B.V 2008-03-27 16:57 . 2004-05-26 10:51 651,264 --a------ C:\WINDOWS\system32\aetdlss1.dll 2008-03-27 16:57 . 2004-05-17 18:30 499,712 --a------ C:\WINDOWS\system32\aetpkss1.dll 2008-03-27 16:57 . 2004-02-11 17:49 253,952 --a------ C:\WINDOWS\system32\aetjcss1.dll 2008-03-27 16:57 . 2003-12-18 10:23 155,648 --a------ C:\WINDOWS\system32\scardspen.dll 2008-03-27 16:57 . 2004-06-30 12:00 131,072 --a------ C:\WINDOWS\system32\aetcsss1.dll 2008-03-27 16:57 . 2004-02-17 10:00 28,672 --a------ C:\WINDOWS\system32\SafeSignCertReg.exe 2008-03-27 16:57 . 2004-05-04 17:09 28,672 --a------ C:\WINDOWS\system32\aetpksse.dll 2008-03-27 16:57 . 2004-02-11 17:49 11,776 --a------ C:\WINDOWS\system32\aetpkssw.dll 2008-03-27 16:57 . 2004-06-30 12:00 136 --a------ C:\WINDOWS\system32\aetcsss1.sig 2008-03-27 16:54 . 2008-04-08 17:56 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-03-27 16:54 . 2008-04-09 14:51 <DIR> d-------- C:\Program Files\FX Enterprise 2008-03-27 16:54 . 2004-06-11 01:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe 2008-03-27 16:54 . 2004-06-11 01:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys 2008-03-27 16:54 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2008-03-27 16:54 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2008-03-27 16:54 . 2004-06-10 10:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys 2008-03-27 16:51 . 2008-03-27 16:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\FX Enterprise 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Program Files\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-03-27 16:44 . 2008-03-27 16:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-27 16:40 . 2008-03-27 16:41 <DIR> d-------- C:\Program Files\Winamp 2008-03-27 16:40 . 2008-04-18 18:29 155 --a------ C:\WINDOWS\winamp.ini 2008-03-27 16:35 . 2008-03-27 16:35 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\InterVideo 2008-03-27 16:34 . 2008-03-27 16:34 <DIR> d-------- C:\Program Files\DVD-RAM 2008-03-27 16:34 . 2004-08-28 09:37 155,648 --a------ C:\WINDOWS\system32\RAMASST.exe 2008-03-27 16:34 . 2005-04-22 13:36 135,168 --a------ C:\WINDOWS\system32\DVDMenu.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 20:53 --------- d-----w C:\Program Files\TOSHIBA 2008-03-27 20:52 --------- d-----w C:\Program Files\Synaptics 2008-03-27 20:52 --------- d-----w C:\Program Files\Sonic 2008-03-27 20:51 --------- d-----w C:\Program Files\Realtek 2008-03-27 20:51 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 20:51 --------- d-----w C:\Program Files\ltmoh 2008-03-27 20:50 --------- d-----w C:\Program Files\Java 2008-03-27 20:47 --------- d-----w C:\Program Files\Common Files\Java 2008-03-27 20:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-27 20:47 --------- d-----w C:\Program Files\ATI Technologies 2008-03-27 20:47 --------- d-----w C:\Program Files\Atheros 2008-03-27 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-03-27 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-27 14:28 --------- d-----w C:\Program Files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 13:26 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 14:25 73728] "TPSMain"="TPSMain.exe" [2005-08-03 16:26 266240 C:\WINDOWS\system32\TPSMain.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 14:53 352256] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26 688218] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 12:31 118784] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 20:14 15473664 C:\WINDOWS\RTHDCPL.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:53 1077329] "NDSTray.exe"="NDSTray.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 07:10 122940] "Device Detector"="DevDetect.exe" [] "CFSServ.exe"="CFSServ.exe" [] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 10:00 28672 C:\WINDOWS\system32\SafeSignCertReg.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 10:49 579584] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-28 13:19 219136] C:\Documents and Settings\Marko\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-03-27 16:34:36 155648] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= R3 EZUSB;EZUSB PC/SC Smart Card Reader;C:\WINDOWS\system32\DRIVERS\ezusb.sys [2004-09-23 14:06] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-19 20:22:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-19 20:23:35 ComboFix-quarantined-files.txt 2008-04-19 18:23:32 Pre-Run: 12,038,160,384 bytes free Post-Run: 12,033,482,752 bytes free 220

Profil

helen1 Poslao: 19 Apr 2008 21:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Interesuje me da li si ti kreirao ovaj folder, na ovoj lokaciji: C:\WINDOWS\SHELLNEW

Profil

badboyfromnis Poslao: 19 Apr 2008 21:18 Idi na vrh
offline badboyfromnis Novi MyCity građanin Pridružio: 19 Apr 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne nikad ne kreiram foldere unutar windows foldera. Dopuna: 19 Apr 2008 21:16 do sad nisam ni primetio da je tu, sad sam ga pogledao i u njemu se nalaze jedan exel jedan power poin i jedan offis publisher dokument, e i nisam dosad pomenu ali kad skeniram računar sa avg-om izbacuje mi da su kernell32.dll sell32.dll user32.dll ntoskrnl.exe i hostis Chage Dopuna: 19 Apr 2008 21:18 da li da probam da obrišem ovaj shellnew folder?

Profil

helen1 Poslao: 19 Apr 2008 21:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\ynkjibol.exe C:\WINDOWS\popcinfo.dat Folder:: C:\WINDOWS\SHELLNEW` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Dopuna: 19 Apr 2008 21:20 Nemoj ti molim te da brises. Sve cu ja.

Profil

badboyfromnis Poslao: 19 Apr 2008 21:26 Idi na vrh
offline badboyfromnis Novi MyCity građanin Pridružio: 19 Apr 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-18.3 - Marko 2008-04-19 21:17:41.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.152 [GMT 2:00] Running from: C:\Documents and Settings\Marko\My Documents\ComboFix.exe Command switches used :: C:\Documents and Settings\Marko\My Documents\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\popcinfo.dat C:\WINDOWS\system32\ynkjibol.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\popcinfo.dat C:\WINDOWS\SHELLNEW C:\WINDOWS\SHELLNEW\EXCEL12.XLSX C:\WINDOWS\SHELLNEW\MSPUB.PUB C:\WINDOWS\SHELLNEW\PWRPNT12.PPTX . ((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))) . 2008-04-18 16:28 . 2008-04-18 16:29 286,720 --------- C:\WINDOWS\Setup1.exe 2008-04-18 16:27 . 2008-04-18 16:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-04-18 15:30 . 2008-04-18 15:30 <DIR> d-------- C:\Documents and Settings\Marko\System 2008-04-18 15:30 . 2008-04-18 15:37 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\SmartDraw 2008-04-17 16:31 . 2008-04-17 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-13 21:32 . 2008-04-13 21:32 <DIR> d-------- C:\WINDOWS\Sun 2008-04-12 20:11 . 2008-04-12 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-12 17:49 . 2008-04-12 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-11 19:13 . 2008-04-19 20:52 <DIR> dr-h----- C:\$VAULT$.AVG 2008-04-11 18:10 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-04-11 18:08 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys 2008-04-11 18:07 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys 2008-04-11 18:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-04-11 18:05 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-04-11 18:04 . 2004-08-04 15:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-04-11 18:03 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-04-11 18:02 . 2004-08-04 15:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll 2008-04-11 18:01 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys 2008-04-11 18:00 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-04-11 17:59 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-04-11 17:58 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll 2008-04-11 17:57 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-04-11 17:56 . 2004-08-04 15:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2008-04-11 17:55 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-04-11 17:54 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys 2008-04-11 17:53 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2008-04-11 17:52 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2008-04-11 17:51 . 2004-08-04 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-04-11 17:50 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys 2008-04-11 17:49 . 2004-08-04 15:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex 2008-04-11 17:48 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2008-04-11 17:47 . 2004-08-04 15:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll 2008-04-11 17:46 . 2004-08-04 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-04-11 17:45 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys 2008-04-11 17:44 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-04-11 17:43 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys 2008-04-11 17:42 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys 2008-04-11 17:41 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-04-11 17:32 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe 2008-04-11 17:31 . 2004-08-04 15:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-04-11 17:30 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys 2008-04-11 17:29 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-04-11 17:28 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys 2008-04-11 17:27 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-04-11 16:38 . 2008-04-11 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM 2008-04-11 16:37 . 2008-04-11 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-04-10 16:06 . 2008-04-10 16:06 <DIR> d-------- C:\Program Files\Canon 2008-04-10 16:06 . 2005-03-22 16:00 135,168 --a------ C:\WINDOWS\system32\CNAB4EMU.DLL 2008-04-10 16:06 . 2005-03-22 16:00 65,536 --a------ C:\WINDOWS\system32\CNAB4SMK.DLL 2008-04-10 16:06 . 2005-03-22 16:00 57,344 --a------ C:\WINDOWS\system32\CNAB4RPK.EXE 2008-04-10 16:06 . 2005-03-22 16:00 28,672 --a------ C:\WINDOWS\system32\CNAB4PTU.DLL 2008-04-10 16:06 . 2005-03-22 16:00 28,672 --a------ C:\WINDOWS\system32\CNAB4LMK.DLL 2008-04-09 14:47 . 2008-04-09 14:47 <DIR> d-------- C:\Program Files\Pexim Solutions 2008-04-09 14:47 . 2008-04-09 14:47 <DIR> d-------- C:\Program Files\Common Files\FX Client 2008-04-09 14:31 . 2008-04-09 14:31 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Pexim Digitrust API 2008-04-09 14:27 . 2008-04-09 14:27 <DIR> d-------- C:\Program Files\EZUSB 2008-04-05 13:39 . 2008-04-05 13:46 353 --a------ C:\WINDOWS\pdf2word.INI 2008-04-02 16:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-04-02 16:21 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-04-02 16:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-04-02 16:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-04-02 16:21 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-04-02 15:40 . 2008-04-02 15:40 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Samsung 2008-04-02 15:39 . 2008-04-02 15:39 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-04-02 15:39 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-04-02 15:39 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-04-02 15:39 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-04-02 15:39 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-04-02 15:39 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-04-02 15:39 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-04-02 15:39 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-04-02 15:39 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-04-02 15:38 . 2008-04-02 15:38 <DIR> d-------- C:\Program Files\Samsung 2008-04-02 15:38 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-04-02 15:38 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-04-02 13:32 . 2008-04-02 13:32 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-03-31 11:41 . 2008-03-31 11:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-31 11:41 . 2008-03-31 11:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-29 15:17 . 2008-03-29 15:17 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\AdobeUM 2008-03-28 13:19 . 2008-04-19 21:12 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\AVG7 2008-03-28 13:19 . 2008-03-28 13:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-28 13:19 . 2008-04-18 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-28 13:19 . 2008-03-28 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-27 17:51 . 2008-03-27 17:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Yahoo! 2008-03-27 17:51 . 2008-03-27 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-27 17:49 . 2008-03-27 17:49 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2008-03-27 17:49 . 2008-04-02 13:30 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-27 17:36 . 2008-04-11 14:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Lavasoft 2008-03-27 17:16 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-27 17:14 . 2008-03-27 17:14 <DIR> d-------- C:\Program Files\MSBuild 2008-03-27 17:14 . 2008-03-27 17:14 <DIR> d-------- C:\Program Files\Microsoft Works 2008-03-27 17:13 . 2008-04-08 18:15 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-27 17:10 . 2008-03-27 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-27 16:57 . 2008-03-27 16:57 <DIR> d-------- C:\Program Files\A.E.T. Europe B.V 2008-03-27 16:57 . 2004-05-26 10:51 651,264 --a------ C:\WINDOWS\system32\aetdlss1.dll 2008-03-27 16:57 . 2004-05-17 18:30 499,712 --a------ C:\WINDOWS\system32\aetpkss1.dll 2008-03-27 16:57 . 2004-02-11 17:49 253,952 --a------ C:\WINDOWS\system32\aetjcss1.dll 2008-03-27 16:57 . 2003-12-18 10:23 155,648 --a------ C:\WINDOWS\system32\scardspen.dll 2008-03-27 16:57 . 2004-06-30 12:00 131,072 --a------ C:\WINDOWS\system32\aetcsss1.dll 2008-03-27 16:57 . 2004-02-17 10:00 28,672 --a------ C:\WINDOWS\system32\SafeSignCertReg.exe 2008-03-27 16:57 . 2004-05-04 17:09 28,672 --a------ C:\WINDOWS\system32\aetpksse.dll 2008-03-27 16:57 . 2004-02-11 17:49 11,776 --a------ C:\WINDOWS\system32\aetpkssw.dll 2008-03-27 16:57 . 2004-06-30 12:00 136 --a------ C:\WINDOWS\system32\aetcsss1.sig 2008-03-27 16:54 . 2008-04-08 17:56 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-03-27 16:54 . 2008-04-09 14:51 <DIR> d-------- C:\Program Files\FX Enterprise 2008-03-27 16:54 . 2004-06-11 01:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe 2008-03-27 16:54 . 2004-06-11 01:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys 2008-03-27 16:54 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2008-03-27 16:54 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2008-03-27 16:54 . 2004-06-10 10:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys 2008-03-27 16:51 . 2008-03-27 16:51 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\FX Enterprise 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Program Files\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\ACD Systems 2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-03-27 16:44 . 2008-03-27 16:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-27 16:40 . 2008-03-27 16:41 <DIR> d-------- C:\Program Files\Winamp 2008-03-27 16:40 . 2008-04-18 18:29 155 --a------ C:\WINDOWS\winamp.ini 2008-03-27 16:35 . 2008-03-27 16:35 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\InterVideo 2008-03-27 16:34 . 2008-03-27 16:34 <DIR> d-------- C:\Program Files\DVD-RAM 2008-03-27 16:34 . 2004-08-28 09:37 155,648 --a------ C:\WINDOWS\system32\RAMASST.exe 2008-03-27 16:34 . 2005-04-22 13:36 135,168 --a------ C:\WINDOWS\system32\DVDMenu.dll 2008-03-27 16:34 . 2004-08-28 09:33 110,592 --a------ C:\WINDOWS\system32\DVDRAMSV.exe 2008-03-27 16:34 . 2005-06-02 12:33 102,384 --a------ C:\WINDOWS\system32\drivers\meiudf.sys 2008-03-27 16:28 . 2008-04-09 14:32 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Fx Client . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 20:53 --------- d-----w C:\Program Files\TOSHIBA 2008-03-27 20:52 --------- d-----w C:\Program Files\Synaptics 2008-03-27 20:52 --------- d-----w C:\Program Files\Sonic 2008-03-27 20:51 --------- d-----w C:\Program Files\Realtek 2008-03-27 20:51 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 20:51 --------- d-----w C:\Program Files\ltmoh 2008-03-27 20:50 --------- d-----w C:\Program Files\Java 2008-03-27 20:47 --------- d-----w C:\Program Files\Common Files\Java 2008-03-27 20:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-27 20:47 --------- d-----w C:\Program Files\ATI Technologies 2008-03-27 20:47 --------- d-----w C:\Program Files\Atheros 2008-03-27 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-03-27 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-27 14:28 --------- d-----w C:\Program Files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 13:26 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 14:25 73728] "TPSMain"="TPSMain.exe" [2005-08-03 16:26 266240 C:\WINDOWS\system32\TPSMain.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 14:53 352256] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26 688218] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 12:31 118784] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 20:14 15473664 C:\WINDOWS\RTHDCPL.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:53 1077329] "NDSTray.exe"="NDSTray.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 07:10 122940] "Device Detector"="DevDetect.exe" [] "CFSServ.exe"="CFSServ.exe" [] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 10:00 28672 C:\WINDOWS\system32\SafeSignCertReg.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 10:49 579584] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-28 13:19 219136] C:\Documents and Settings\Marko\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-03-27 16:34:36 155648] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= R3 EZUSB;EZUSB PC/SC Smart Card Reader;C:\WINDOWS\system32\DRIVERS\ezusb.sys [2004-09-23 14:06] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-19 21:18:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-19 21:19:27 ComboFix-quarantined-files.txt 2008-04-19 19:19:23 Pre-Run: 11,991,879,680 bytes free Post-Run: 11,983,450,112 bytes free 224 Dopuna: 19 Apr 2008 21:26 ok ne ljuti se vidiš da slepo pratim sva tvoja uputstva!

Profil

helen1 Poslao: 19 Apr 2008 21:41 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim za pomoć

Ko je trenutno na forumu

Ukupno su 824 korisnika na forumu :: 13 registrovanih, 3 sakrivenih i 808 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Ben Roj, goxin, kuntalo, MilosKop, Nikolaa11, nuke92, procesor, Simon simonović, slonic_tonic, SR-3m, wizzardone, zlaya011, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by