Naj verovatnije virus -Pomozite-

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:05, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IDMan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Commander\TOTALCMD.EXE
C:\Program Files\Collectorz.com\Movie Collector\MovieCollector.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VideoCodec Class - {949859A7-EB1F-400D-BDBC-C48238BDF788} - C:\WINDOWS\system32\AswBHO.dll
O2 - BHO: IE.Filter - {F65E955E-26C0-42FF-8EE2-443A05EA286A} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 5309 bytes

Sta da radim procio sam neka upustva koja ste dali ostalim clanovima sajta ali to mi ne pomaze pomozite molim vas

Dopuna: 26 Jul 2008 14:06

inace ovo mi javlja kao gresku [/img]http://www.mycity.rs/thumbs/46885_tmb_243189986_Untitled-2.jpg[img][/img]

Dopuna: 26 Jul 2008 14:07

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes Anti-Malware
* Zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Nakon svega, postavi i svež HijackThis logfile.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo sada cu probati

Dopuna: 26 Jul 2008 18:01

Malwarebytes' Anti-Malware 1.23
Verzija baze podataka: 993
Windows 5.1.2600 Service Pack 2

4:45:57 PM 7/26/2008
mbam-log-7-26-2008 (16-45-52).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 52077
Proteklo vreme: 4 minute(s), 16 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 10
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 1

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani ključevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f65e955e-26c0-42ff-8ee2-443a05ea286a} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f65e955e-26c0-42ff-8ee2-443a05ea286a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
C:\Documents and Settings\sani\Local Settings\Temp\_tc\(zabranjeno).By.Team.REA\IDMIECC.dll (Trojan.BHO) -> No action taken.

Dopuna: 26 Jul 2008 18:03

sada je sve ok

Dopuna: 26 Jul 2008 18:04

a da evo i ovo Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:45, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IDMan.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Windows Commander\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VideoCodec Class - {949859A7-EB1F-400D-BDBC-C48238BDF788} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\sani\LOCALS~1\Temp\_tc\(zabranjeno).By.Team.REA\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 4973 bytes

Dopuna: 26 Jul 2008 18:05

dr_Bora hvalti puno za ovo sta sve nisam instalirao i pokusao ali ne pomaze ,neznam da li je sada sve u redu znam samo da mi vise ne izlazi ono obavestenje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesi li više puta vršio skeniranje MBAM-om? Tako mi izgleda.

Btw, sudeći po ovom logu koji si postavio obrisao ti je i deo Internet Download Manager-a (koji si, inače, instalirao u temp folder ).


Pokreni HijackThis, skeniraj i čekiraj sledeću liniju:

O2 - BHO: VideoCodec Class - {949859A7-EB1F-400D-BDBC-C48238BDF788} - (no file)

Klikni Fix checked.


Ukoliko više ne primetiš neke probleme, onda smo gotovi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nema vise problema hvala puno -ko zna zna-

Dopuna: 28 Jul 2008 19:34

evo mene opet sa novim problemima ovako skenirao sam pomocu Malwarebytes' Anti-Malware 1.23 on je pronaso desetak virusa ja sam ih obrisao i sada imam problem sa pozadinom na desktop-u sada je bele boje i ne moze da se promeni
Malwarebytes' Anti-Malware 1.23
Verzija baze podataka: 993
Windows 5.1.2600 Service Pack 2

6:52:14 PM 7/28/2008
mbam-log-7-28-2008 (18-52-14).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 52350
Proteklo vreme: 5 minute(s), 18 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 2
Inficirani ključevi u registru: 18
Inficirane vrednosti u registru: 5
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 9

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
C:\WINDOWS\system32\fccBsqOg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.

Inficirani ključevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76086c05-4d0a-4b92-9219-2e3fe8c553f9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76086c05-4d0a-4b92-9219-2e3fe8c553f9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbsqog (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a60eb6f0-24f4-4727-a2bf-da40ab03d5ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0a426bc-cb51-4d2b-b720-f959540b0ab2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13b563e9-b008-4d3a-bbc0-fbb424634455} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bgow (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e8ac85e8-4634-426d-942b-1f6069723dc7} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
C:\WINDOWS\system32\fccBsqOg.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\domie.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\eovp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\sani\Local Settings\Temporary Internet Files\Content.IE5\5EU29PY5\CAJMG37L (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\homie.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfedbYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Dopuna: 28 Jul 2008 19:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:28, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Commander\TOTALCMD.EXE
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VideoCodec Class - {949859A7-EB1F-400D-BDBC-C48238BDF788} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] c:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 5082 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-07-28.2 - sani 2008-07-28 22:24:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.130 [GMT 2:00]
Running from: D:\Download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sani\Application Data\macromedia\Flash Player\#SharedObjects\9T9B3A2H\interclick.com
C:\Documents and Settings\sani\Application Data\macromedia\Flash Player\#SharedObjects\9T9B3A2H\interclick.com\ud.sol
C:\Documents and Settings\sani\Application Data\macromedia\Flash Player\#SharedObjects\PQMWZBQK\interclick.com
C:\Documents and Settings\sani\Application Data\macromedia\Flash Player\#SharedObjects\PQMWZBQK\interclick.com\ud.sol
C:\Documents and Settings\sani\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\sani\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-28 22:22 . 2008-07-28 22:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-07-28 15:13 . 2008-07-28 15:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-07-28 15:10 . 2008-07-28 15:10 <DIR> d-------- C:\Program Files\DreamCatcher
2008-07-28 15:10 . 2006-03-20 16:33 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-07-28 14:45 . 2008-07-28 18:54 8 --a------ C:\WINDOWS\schedule.dat
2008-07-27 17:20 . 2008-07-27 17:39 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Command & Conquer 3 Kane's Wrath
2008-07-27 17:10 . 2008-07-27 19:33 <DIR> d-------- C:\Program Files\Command and Conquer™ 3 Kane's Wrath [Beezle's Custom Standalone Release]
2008-07-26 15:17 . 2008-07-26 15:17 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Malwarebytes
2008-07-26 15:16 . 2008-07-26 15:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 15:16 . 2008-07-26 15:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-07-26 15:16 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 15:16 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 13:48 . 2008-07-26 18:01 <DIR> d-------- C:\SmitfraudFix
2008-07-26 13:40 . 2008-07-26 13:40 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-25 20:49 . 2008-07-25 20:49 <DIR> d-------- C:\Program Files\Collectorz.com
2008-07-25 13:05 . 2008-07-28 13:27 491,303 ---h----- C:\treeinfo.wc
2008-07-24 19:53 . 2008-07-24 19:54 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-07-23 23:15 . 2008-07-23 23:15 <DIR> d-------- C:\Program Files\phenomedia
2008-07-23 14:40 . 2008-07-23 15:04 <DIR> d-------- C:\Documents and Settings\sani\Application Data\My Battle for Middle-earth Files
2008-07-23 14:40 . 2008-07-23 14:40 35 --a------ C:\WINDOWS\Worldbuilder.INI
2008-07-23 14:27 . 2008-07-23 14:27 <DIR> d-------- C:\Program Files\EA GAMES
2008-07-22 21:45 . 2008-07-26 11:13 <DIR> d-------- C:\Documents and Settings\sani\Application Data\OpenOffice.org2
2008-07-22 21:24 . 2008-07-22 21:24 <DIR> d-------- C:\Program Files\IObit
2008-07-22 21:09 . 2008-07-22 21:11 <DIR> d-------- C:\Program Files\JoWood
2008-07-22 15:26 . 2008-07-22 15:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 15:12 . 2008-07-26 13:48 1,772 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-22 15:11 . 2008-07-25 19:39 14 --a------ C:\Documents and Settings\sani\getfile.dat
2008-07-22 14:37 . 2004-08-03 22:59 53,234 --a------ C:\WINDOWS\system32\HAL.DL_
2008-07-22 12:02 . 2008-07-22 12:03 14 --a------ C:\WINDOWS\system32\getfile.dat
2008-07-22 12:02 . 2008-07-22 12:03 0 --a------ C:\WINDOWS\system32\x_dtrace_log
2008-07-22 11:52 . 2008-07-22 11:52 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-22 11:42 . 2008-07-22 11:42 <DIR> d-------- C:\Program Files\Softwin
2008-07-22 11:41 . 2008-07-26 11:48 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-07-21 19:33 . 2008-07-21 19:37 <DIR> d-------- C:\Queue
2008-07-21 19:31 . 2008-07-25 15:36 <DIR> d-------- C:\Program Files\MetaProducts Picture Downloader
2008-07-21 19:26 . 2008-07-21 19:26 <DIR> d-------- C:\Program Files\Teleport Pro
2008-07-21 14:37 . 2008-07-22 11:40 <DIR> d-------- C:\Program Files\ATS2
2008-07-21 12:03 . 2008-07-21 12:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-07-21 12:01 . 2008-07-21 12:01 <DIR> d-------- C:\Program Files\BFG
2008-07-21 12:01 . 2008-07-21 12:02 <DIR> d-------- C:\Program Files\Atlantis
2008-07-20 19:40 . 2008-07-20 19:40 281 --a------ C:\WINDOWS\EReg072.dat
2008-07-20 19:38 . 2008-07-20 19:38 <DIR> d-------- C:\Program Files\Maxis
2008-07-20 19:38 . 2008-07-20 19:38 <DIR> d-------- C:\Documents and Settings\sani\WINDOWS
2008-07-20 19:38 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-07-20 16:05 . 2008-07-28 13:27 <DIR> d-------- C:\Filmovi
2008-07-20 09:59 . 2008-07-20 09:59 45 ---h----- C:\WINDOWS\dsez2411.dat
2008-07-19 17:44 . 2008-07-19 17:44 <DIR> d-------- C:\Documents and Settings\sani\Application Data\ESET
2008-07-19 17:42 . 2008-07-19 17:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-07-19 17:41 . 2008-07-19 17:44 <DIR> d-------- C:\Program Files\ESET
2008-07-19 17:34 . 2004-08-04 01:44 472,007 -ra------ C:\txtsetup.sif
2008-07-19 17:34 . 2004-08-03 23:00 260,272 -ra------ C:\$LDR$
2008-07-18 23:00 . 2008-07-18 23:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-18 21:38 . 2008-07-23 22:02 <DIR> d-------- C:\Documents and Settings\sani\dwhelper
2008-07-18 17:55 . 2008-07-18 18:00 <DIR> d-------- C:\Program Files\Counter-strike
2008-07-18 11:19 . 2008-07-28 18:56 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Thinstall
2008-07-18 11:19 . 2008-07-18 11:19 <DIR> d-------- C:\Documents and Settings\sani\Application Data\3DFA
2008-07-17 20:05 . 2008-07-17 20:05 <DIR> d-------- C:\Program Files\FreeGamePick.com
2008-07-17 18:47 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-17 18:47 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-17 16:57 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-16 15:23 . 2008-07-16 15:44 <DIR> d-------- C:\Program Files\KraiSoft Games
2008-07-15 19:31 . 2008-07-15 19:31 <DIR> d-------- C:\Program Files\Telltale Games
2008-07-15 14:36 . 2008-07-27 16:05 <DIR> d-------- C:\Documents and Settings\sani\Application Data\skypePM
2008-07-15 14:36 . 2008-07-15 14:36 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-15 14:33 . 2008-07-27 16:56 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Skype
2008-07-15 14:31 . 2008-07-15 14:31 <DIR> d-------- C:\Program Files\Skype
2008-07-15 14:31 . 2008-07-15 14:31 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-15 14:31 . 2008-07-15 14:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-07-14 18:27 . 2008-07-18 11:21 <DIR> d-------- C:\Program Files\WYSIWYG Web Builder 5
2008-07-14 18:27 . 2008-07-14 18:27 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-14 12:37 . 2008-07-09 16:34 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-07-14 01:10 . 2008-07-21 11:21 3,024 --a------ C:\rollback.ini
2008-07-13 23:39 . 2008-07-13 23:39 <DIR> d-------- C:\Program Files\Tibo Software
2008-07-13 23:39 . 2008-07-13 23:39 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Tibo Software
2008-07-13 23:39 . 2008-07-13 23:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tibo Software
2008-07-13 12:34 . 2008-07-13 12:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-13 11:44 . 2008-07-13 11:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-07-13 11:44 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-13 11:44 . 2008-07-21 11:09 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-13 11:43 . 2008-07-22 14:18 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-07-13 11:19 . 2008-07-13 11:21 <DIR> d-------- C:\YuRecnik
2008-07-13 10:47 . 2008-07-13 10:47 <DIR> d-------- C:\Program Files\Magic Lines
2008-07-13 07:01 . 2008-07-13 07:02 <DIR> d-------- C:\Program Files\Opera
2008-07-12 21:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-11 21:24 . 2008-07-28 22:21 <DIR> d-------- C:\Documents and Settings\sani\Application Data\IDM
2008-07-11 13:53 . 2008-07-11 13:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-07-11 13:24 . 2008-07-11 13:25 <DIR> d-------- C:\Program Files\IncrediFlash Intro and Banner Studio 1.2
2008-07-11 13:24 . 2008-07-26 11:28 <DIR> d--h----- C:\Documents and Settings\sani\Application Data\IFLTemp
2008-07-11 12:42 . 2008-07-11 12:42 <DIR> d-------- C:\Documents and Settings\sani\Application Data\MyLogoMaker
2008-07-11 12:40 . 2008-07-11 12:40 <DIR> d-------- C:\Program Files\MySoftware
2008-07-08 22:43 . 2008-07-26 21:51 <DIR> d-------- C:\Program Files\Super Internet TV
2008-07-08 22:32 . 2008-07-28 22:27 <DIR> d-------- C:\Documents and Settings\sani\Application Data\DMCache
2008-07-08 22:25 . 2008-07-08 22:25 178 --a------ C:\WINDOWS\VPersonalityPlus.INI
2008-07-08 22:04 . 2008-07-08 22:07 <DIR> d-------- C:\Program Files\Download Master
2008-07-08 22:04 . 2008-07-08 22:05 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Download Master
2008-07-07 22:47 . 2008-07-21 19:30 <DIR> d-------- C:\My Web Sites
2008-07-07 11:53 . 2008-07-07 11:53 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Big Fish Games
2008-07-06 21:50 . 2008-07-26 20:57 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-06 11:00 . 2008-07-06 11:00 <DIR> d-------- C:\Program Files\Valve
2008-07-05 21:01 . 2008-07-05 21:01 <DIR> d-------- C:\Program Files\Act-3D
2008-07-04 17:16 . 2008-07-04 17:16 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Nero
2008-07-04 17:13 . 2008-07-04 17:13 <DIR> d-------- C:\Program Files\Nero
2008-07-04 17:13 . 2008-07-04 17:15 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-04 17:13 . 2008-07-04 17:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-07-03 11:05 . 2008-07-26 21:51 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-07-03 11:05 . 2008-07-03 11:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Big Fish Games
2008-07-03 10:52 . 2008-07-13 11:25 <DIR> d-------- C:\Program Files1111
2008-07-02 20:08 . 2008-07-02 20:08 <DIR> d-------- C:\Program Files\FileSubmit
2008-07-02 14:36 . 2008-07-02 14:36 <DIR> d-------- C:\Program Files\uTorrent
2008-07-02 14:36 . 2008-07-28 14:55 <DIR> d-------- C:\Documents and Settings\sani\Application Data\uTorrent
2008-07-02 13:08 . 2008-07-02 13:08 <DIR> d-------- C:\Documents and Settings\sani\Application Data\Genimo
2008-07-02 00:31 . 2008-07-25 19:20 <DIR> d-------- C:\Program Files\Jigsaw365
2008-07-01 23:59 . 2008-07-04 20:12 <DIR> d-------- C:\Program Files\Butterfly Escape
2008-07-01 23:37 . 2008-07-02 21:39 <DIR> d-------- C:\Program Files\Real Jigsaw Puzzle
2008-07-01 23:23 . 2008-07-17 18:55 <DIR> d-------- C:\Program Files\Jigs@w Puzzle Promo Creator
2008-07-01 23:08 . 2008-07-01 23:08 56 --a------ C:\WINDOWS\wininit.ini
2008-07-01 17:35 . 2008-07-01 17:35 <DIR> d-------- C:\Program Files\Flower Stand Tycoon
2008-07-01 17:35 . 2008-07-01 17:35 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-01 17:34 . 2008-07-01 17:34 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-30 16:01 . 2008-06-30 16:01 <DIR> d-------- C:\Program Files\GameTop.com
2008-06-30 14:31 . 2007-04-11 21:52 185,344 --a------ C:\WINDOWS\system32\iwpsetup.exe
2008-06-30 14:31 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL
2008-06-30 14:31 . 1997-01-16 13:42 6,114 --a------ C:\WINDOWS\system32\SHELLLNK.TLB
2008-06-29 20:30 . 2008-07-07 11:41 <DIR> d-------- C:\Program Files\Flash Effect Maker
2008-06-29 20:29 . 2008-06-29 20:29 <DIR> d-------- C:\Program Files\Flash4D v5 - Pro Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 19:37 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-07-21 17:02 --------- d-----w C:\Program Files\WinHTTrack
2008-07-18 09:01 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-13 11:04 --------- d-----w C:\Program Files\EA Sports
2008-07-13 08:49 --------- d-----w C:\Program Files\Jigs@w Puzzle Platinum Edition
2008-07-12 19:59 --------- d-----w C:\Program Files\Java
2008-07-03 08:52 0 ----a-w C:\Program Files\temp01
2008-06-29 18:09 --------- d-----w C:\Program Files\Windows Commander
2008-06-29 08:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-06-29 08:37 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-27 20:54 --------- d-----w C:\Program Files\The KMPlayer
2008-06-27 18:52 --------- d-----w C:\Documents and Settings\sani\Application Data\Winamp
2008-06-27 18:51 --------- d-----w C:\Program Files\Winamp
2008-06-27 18:42 --------- d-----w C:\Program Files\ffdshow
2008-06-27 11:48 --------- d-----w C:\Documents and Settings\sani\Application Data\Imperium Romanum
2008-06-27 11:47 --------- d-----w C:\Program Files\ProtectDisc Driver Installer
2008-06-27 11:23 --------- d-----w C:\Documents and Settings\sani\Application Data\ChessBase
2008-06-27 11:17 --------- d-----w C:\Program Files\Common Files\ChessBase
2008-06-27 11:17 --------- d-----w C:\Program Files\ChessBase
2008-06-27 10:54 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-27 10:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6381.sys
2008-06-27 10:52 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-26 14:38 --------- d-----w C:\Program Files\MSN Messenger
2008-06-26 14:12 --------- d-----w C:\Documents and Settings\sani\Application Data\MSNInstaller
2008-06-26 13:56 --------- d-----w C:\Documents and Settings\sani\Application Data\Flock
2008-06-26 13:52 --------- d-----w C:\Program Files\Realtek AC97
2008-06-26 13:52 --------- d-----w C:\Program Files\AvRack
2008-06-23 17:30 --------- d-----w C:\Program Files\windirstat
2008-06-23 14:40 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-06-23 13:22 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-06-22 19:50 --------- d-----w C:\Program Files\Jigs@w Puzzle Nature Edition
2008-06-21 11:27 --------- d-----w C:\Program Files\Real Alternative
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 14:08 --------- d-----w C:\Documents and Settings\dalibor\Application Data\UseNeXT
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 08:55 --------- d-----w C:\Program Files\Flock
2008-06-19 17:00 --------- d-----w C:\Program Files\UseNeXT
2008-06-17 14:38 --------- d-----w C:\Program Files\MegauploadToolbar
2008-06-15 18:58 --------- d-----w C:\Program Files\Common Files\Xara
2008-06-14 16:35 --------- d-----w C:\Program Files\Core Services
2008-06-13 13:18 --------- d-----w C:\Program Files\Mojicon
2008-06-10 19:46 --------- d-----w C:\Documents and Settings\dalibor\Application Data\X3mE Yamb
2008-06-10 16:29 --------- d-----w C:\Program Files\Paint.NET
2008-06-09 14:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"IDMan"="c:\Program Files\Internet Download Manager\IDMan.exe" [2008-07-15 08:39 931248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Commander\\WINCMD32.exe"=
"C:\\Program Files\\Windows Commander\\TOTALCMD.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Counter-strike\\hl.exe"=
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
"C:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 10:19]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c03d9769-a11e-11dc-bc78-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

BHO-{949859A7-EB1F-400D-BDBC-C48238BDF788} - (no file)


.
------- Supplementary Scan -------
.
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: Çŕęŕ÷ŕňü ÂŃĹ ďđč ďîěîůč Download Master
O8 -: Çŕęŕ÷ŕňü ďđč ďîěîůč Download Master
O9 -: {8DAE90AD-4583-4977-9DD4-4360F7A45C74}


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-28 22:28:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-28 22:30:03
ComboFix-quarantined-files.txt 2008-07-28 20:30:00

Pre-Run: 13,770,551,296 bytes free
Post-Run: 14,343,479,296 bytes free

267 --- E O F --- 2008-07-18 21:04:55

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Šta se nalazi u ovom folderu: C:\Program Files1111

Jesi li ga ti kreirao? Koja je veličina foldera?


Jesi li uspeo da promeniš wallpaper?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

dr_Bora resio sam problem sa novom instalacijum xp-a

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK...