MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Trojancima!!!

Problem sa Trojancima!!!

Napisano na dan: 9.7.2010

Strana:
1
2
3
4

Problem sa Trojancima!!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

vlax10 Poslao: 09 Jul 2010 16:52 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ovako imam problem sa trojancima..Bas su uporni..Skenirao sam sa malwarebytesom i on ih registruje ali ih ne ocisti, pokusao sam i iz safemoda isto ne reaguje..Tj pise kao da ih je malware ocistio ali opet pri pokretanju kompa ili posle izvesnog vremena se pojave... Okacio sam ovde logfile od HJT i mbam pa ako neko moze da pomogne neka se javi..Unapred zahvlan mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 09 Jul 2010 17:04 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Moraces da ispostujes Uputstvo za otvaranje teme, u ovom delu foruma: -> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Postavi potrebne log-ove (DDS i GMER).

Profil

vlax10 Poslao: 09 Jul 2010 19:34 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png to je sto se tice gmer-a a sada dds mycity.rs/must-login.png a nesto mi neda ovaj poslednji da uploadujem

Profil

diarno Poslao: 09 Jul 2010 20:18 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kolegi su iskrsle neke obaveze pa cu ja nastaviti tvoj slucaj. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. Prilikom instalacije combofixa prihvati instalaciju recovery konzole.

Profil

vlax10 Poslao: 09 Jul 2010 22:32 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 09 Jul 2010 22:29 ComboFix 10-07-08.02 - Vladimir 07/09/2010 22:16:52.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.123 [GMT 2:00] Running from: c:\documents and settings\Vladimir\My Documents\Preuzimanja\ComboFix.exe . ADS - explorer.exe: deleted 55808 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\proxy_port c:\documents and settings\Vladimir\Application Data\wiaservg.log c:\documents and settings\Vladimir\Application Data\yftza.exe c:\windows\system32\msvcrt2.dll c:\windows\system32\regedit.exe c:\windows\system32\userini.exe c:\windows\system32\wbem\grpconv.exe Infected copy of c:\windows\system32\DRIVERS\mouclass.sys was found and disinfected Restored copy from - Kitty had a snack :p c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\ndis.sys . ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))) . 2010-07-09 20:22 . 2008-04-14 03:42 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-07-09 20:22 . 2008-04-14 03:42 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-07-09 14:44 . 2010-07-09 14:44 -------- d-----w- c:\program files\Trend Micro 2010-07-09 00:36 . 2010-07-09 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-09 00:36 . 2010-07-09 00:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-07-07 21:50 . 2010-07-07 21:50 60416 ----a-w- c:\windows\system32\9048ac.exe 2010-07-07 19:31 . 2010-07-08 23:49 -------- d-----w- c:\documents and settings\Vladimir\Tracing 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Microsoft 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live 2010-07-07 18:12 . 2010-07-07 18:12 -------- d-----w- c:\program files\Common Files\Windows Live 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-06 17:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-07-06 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-02 18:22 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-07-02 18:22 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2010-07-02 18:17 . 2010-07-02 18:17 -------- d-----w- c:\program files\Microsoft Works 2010-07-02 18:16 . 2010-07-02 18:16 -------- d-----w- c:\program files\MSBuild 2010-07-02 18:02 . 2010-07-02 18:14 -------- d-----w- c:\windows\SHELLNEW 2010-07-02 18:01 . 2010-07-02 18:01 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Microsoft Help 2010-07-02 18:00 . 2010-07-02 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-02 17:58 . 2010-07-02 17:58 -------- d-----r- C:\MSOCache 2010-07-02 16:10 . 2010-07-02 16:10 -------- d-----w- c:\program files\uTorrent 2010-07-02 16:10 . 2010-07-02 18:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\uTorrent 2010-07-02 10:20 . 2010-07-02 10:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-02 10:20 . 2010-07-07 20:27 -------- d-----w- c:\documents and settings\Vladimir\Application Data\skypePM 2010-07-02 10:19 . 2010-07-07 21:28 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\program files\Common Files\Skype 2010-07-02 10:18 . 2010-07-02 10:19 -------- d-----r- c:\program files\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-02 10:01 . 2010-07-08 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2010-07-02 09:59 . 2010-07-02 09:59 0 ----a-w- c:\windows\nsreg.dat 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Mozilla 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\program files\RFA 2010-07-01 19:49 . 2010-07-01 19:50 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Micro Forte 2010-07-01 19:48 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-07-01 19:48 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-07-01 19:48 . 2007-07-19 22:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll 2010-07-01 19:48 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll 2010-07-01 19:48 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2010-06-27 17:38 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-06-27 16:57 . 2010-06-27 19:50 -------- d-----w- c:\program files\Google 2010-06-24 15:55 . 2010-06-24 15:55 43520 ----a-w- c:\windows\system32\huolpphm°.exe 2010-06-24 15:49 . 2010-06-24 15:50 43520 ----a-w- c:\windows\system32\huolpphm.exe 2010-06-23 17:56 . 2010-06-24 17:40 10 ----a-w- c:\windows\popcinfo.dat 2010-06-23 12:39 . 2010-06-23 12:39 4096 ----a-w- c:\windows\d3dx.dat 2010-06-23 12:38 . 2010-07-02 09:45 -------- d-----w- c:\program files\GameHouse 2010-06-23 12:35 . 2010-06-24 17:42 -------- d-----w- c:\program files\Zuma Deluxe 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Opera 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\program files\Opera 2010-06-20 17:03 . 2010-06-20 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2010-06-20 17:03 . 2010-06-20 19:59 14 ----a-w- c:\windows\popcinfot.dat 2010-06-20 17:03 . 2010-06-20 17:03 0 ----a-w- c:\windows\popcreg.dat 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Media Player Classic 2010-06-19 19:59 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2010-06-19 19:59 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-06-19 19:59 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-19 19:59 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-19 19:59 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-06-19 19:57 . 2010-07-02 21:50 -------- d-----w- c:\documents and settings\Vladimir\Application Data\BSplayer PRO 2010-06-19 19:57 . 2010-06-19 19:57 -------- d-----w- c:\program files\Webteh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 14:23 . 2002-08-29 12:00 1033728 ----a-w- c:\windows\explorer.exe 2010-07-07 18:11 . 2010-06-18 16:57 69232 ----a-w- c:\documents and settings\Vladimir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-02 10:46 . 2010-06-18 17:03 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Winamp 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\program files\Winamp 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\InterTrust 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\program files\Intel 2010-06-18 17:03 . 2010-06-18 16:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-18 17:00 . 2010-06-18 17:00 -------- d-----w- c:\program files\ATI Technologies 2010-06-18 16:59 . 2010-06-18 16:59 -------- d-----w- c:\program files\Common Files\InstallShield 2010-06-18 16:52 . 2010-06-18 16:25 70691 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-06-18 16:27 . 2010-06-18 16:27 -------- d-----w- c:\program files\microsoft frontpage 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\LB1Z9JHR.DAT 2010-06-18 16:26 . 2010-06-18 16:26 558142 ----a-w- c:\windows\java\Packages\UU0H7FFB.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\D31FZNVD.DAT 2010-06-18 16:26 . 2010-06-18 16:26 155995 ----a-w- c:\windows\java\Packages\SAD3TZNZ.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\PZL75FTZ.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\DJ5FHFDN.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\0YFVTZ5B.DAT 2010-06-18 16:23 . 2010-06-18 16:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-12 315392] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 Kwari.xLoader;Kwari.xLoader; [x] . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743 mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\4y1emjty.default\ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-userini - c:\windows\system32\userini.exe HKLM-Run-userini - c:\windows\system32\userini.exe HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-09 22:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wpabaln.exe . ************************************************************************ . Completion time: 2010-07-09 22:26:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-09 20:26 Pre-Run: 3,618,344,960 bytes free Post-Run: 3,593,744,384 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 4B709A017B24DC59A159A655D8B8D599 Dopuna: 09 Jul 2010 22:32 hvala puno cini mi se da je sada sve u redu..i jos dva pitanja da li treba da se deinstalira sada ovaj combofix? I u task manageru mi prikazuje neki plugin-containar.exe koji mi uzima neki 20 rama memorije..Pa sta je to i moze li da se obrise?

Profil

diarno Poslao: 10 Jul 2010 00:11 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\9048ac.exe c:\windows\system32\huolpphm°.exe c:\windows\system32\huolpphm.exe Driver:: Kwari.xLoader` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

vlax10 Poslao: 10 Jul 2010 13:29 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-07-08.02 - Vladimir 07/10/2010 13:10:39.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.141 [GMT 2:00] Running from: c:\documents and settings\Vladimir\My Documents\Preuzimanja\ComboFix.exe Command switches used :: c:\documents and settings\Vladimir\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))))) . 2010-07-09 20:22 . 2008-04-14 03:42 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-07-09 20:22 . 2008-04-14 03:42 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-07-09 20:14 . 2008-04-13 22:09 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys 2010-07-09 20:14 . 2008-04-13 22:09 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys 2010-07-09 14:44 . 2010-07-09 14:44 -------- d-----w- c:\program files\Trend Micro 2010-07-09 00:36 . 2010-07-09 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-07 21:50 . 2010-07-07 21:50 60416 ----a-w- c:\windows\system32\9048ac.exe 2010-07-07 19:31 . 2010-07-09 21:25 -------- d-----w- c:\documents and settings\Vladimir\Tracing 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Microsoft 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live 2010-07-07 18:12 . 2010-07-07 18:12 -------- d-----w- c:\program files\Common Files\Windows Live 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-06 17:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-07-06 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-02 18:22 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-07-02 18:22 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2010-07-02 18:17 . 2010-07-02 18:17 -------- d-----w- c:\program files\Microsoft Works 2010-07-02 18:16 . 2010-07-02 18:16 -------- d-----w- c:\program files\MSBuild 2010-07-02 18:02 . 2010-07-02 18:14 -------- d-----w- c:\windows\SHELLNEW 2010-07-02 18:01 . 2010-07-02 18:01 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Microsoft Help 2010-07-02 18:00 . 2010-07-02 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-02 17:58 . 2010-07-02 17:58 -------- d-----r- C:\MSOCache 2010-07-02 16:10 . 2010-07-02 16:10 -------- d-----w- c:\program files\uTorrent 2010-07-02 16:10 . 2010-07-02 18:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\uTorrent 2010-07-02 10:20 . 2010-07-02 10:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-02 10:20 . 2010-07-10 00:15 -------- d-----w- c:\documents and settings\Vladimir\Application Data\skypePM 2010-07-02 10:19 . 2010-07-10 02:17 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\program files\Common Files\Skype 2010-07-02 10:18 . 2010-07-02 10:19 -------- d-----r- c:\program files\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-02 10:01 . 2010-07-08 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2010-07-02 09:59 . 2010-07-02 09:59 0 ----a-w- c:\windows\nsreg.dat 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Mozilla 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\program files\RFA 2010-07-01 19:49 . 2010-07-01 19:50 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Micro Forte 2010-07-01 19:48 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-07-01 19:48 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-07-01 19:48 . 2007-07-19 22:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll 2010-07-01 19:48 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll 2010-07-01 19:48 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2010-06-27 17:38 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-06-27 16:57 . 2010-06-27 19:50 -------- d-----w- c:\program files\Google 2010-06-24 15:55 . 2010-06-24 15:55 43520 ----a-w- c:\windows\system32\huolpphm°.exe 2010-06-24 15:49 . 2010-06-24 15:50 43520 ----a-w- c:\windows\system32\huolpphm.exe 2010-06-23 17:56 . 2010-06-24 17:40 10 ----a-w- c:\windows\popcinfo.dat 2010-06-23 12:39 . 2010-06-23 12:39 4096 ----a-w- c:\windows\d3dx.dat 2010-06-23 12:38 . 2010-07-02 09:45 -------- d-----w- c:\program files\GameHouse 2010-06-23 12:35 . 2010-06-24 17:42 -------- d-----w- c:\program files\Zuma Deluxe 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Opera 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\program files\Opera 2010-06-20 17:03 . 2010-06-20 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2010-06-20 17:03 . 2010-06-20 19:59 14 ----a-w- c:\windows\popcinfot.dat 2010-06-20 17:03 . 2010-06-20 17:03 0 ----a-w- c:\windows\popcreg.dat 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Media Player Classic 2010-06-19 19:59 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2010-06-19 19:59 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-06-19 19:59 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-19 19:59 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-19 19:59 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-06-19 19:57 . 2010-07-02 21:50 -------- d-----w- c:\documents and settings\Vladimir\Application Data\BSplayer PRO 2010-06-19 19:57 . 2010-06-19 19:57 -------- d-----w- c:\program files\Webteh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 14:23 . 2002-08-29 12:00 1033728 ----a-w- c:\windows\explorer.exe 2010-07-07 18:11 . 2010-06-18 16:57 69232 ----a-w- c:\documents and settings\Vladimir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-02 10:46 . 2010-06-18 17:03 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Winamp 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\program files\Winamp 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\InterTrust 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\program files\Intel 2010-06-18 17:03 . 2010-06-18 16:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-18 17:00 . 2010-06-18 17:00 -------- d-----w- c:\program files\ATI Technologies 2010-06-18 16:59 . 2010-06-18 16:59 -------- d-----w- c:\program files\Common Files\InstallShield 2010-06-18 16:52 . 2010-06-18 16:25 70691 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-06-18 16:27 . 2010-06-18 16:27 -------- d-----w- c:\program files\microsoft frontpage 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\LB1Z9JHR.DAT 2010-06-18 16:26 . 2010-06-18 16:26 558142 ----a-w- c:\windows\java\Packages\UU0H7FFB.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\D31FZNVD.DAT 2010-06-18 16:26 . 2010-06-18 16:26 155995 ----a-w- c:\windows\java\Packages\SAD3TZNZ.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\PZL75FTZ.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\DJ5FHFDN.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\0YFVTZ5B.DAT 2010-06-18 16:23 . 2010-06-18 16:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-12 315392] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 Kwari.xLoader;Kwari.xLoader; [x] . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743 mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\4y1emjty.default\ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-10 13:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2010-07-10 13:18:28 ComboFix-quarantined-files.txt 2010-07-10 11:18 ComboFix2.txt 2010-07-09 20:26 Pre-Run: 3,520,733,184 bytes free Post-Run: 3,513,380,864 bytes free - - End Of File - - 124B7B2B0B9554C567BF6C638D627E45

Profil

diarno Poslao: 10 Jul 2010 15:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne valja. Jel si uradio tacno kako sam ti gore rekao???

Profil

vlax10 Poslao: 10 Jul 2010 17:50 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 10 Jul 2010 15:33 Pa jesam..kopirao sam ove fajlove sto si mi izdvojio i prebacio u combofix..aj sada cu da pokusam ponovo ali ovo su mi skroz nepoznate operacije iako se i razumem nesto u komp.. Dopuna: 10 Jul 2010 16:28 evo jos jednom sam pokusao valjda valjha sada. ComboFix 10-07-09.02 - Vladimir 07/10/2010 16:07:32.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.142 [GMT 2:00] Running from: c:\documents and settings\Vladimir\My Documents\Preuzimanja\ComboFix.exe Command switches used :: c:\documents and settings\Vladimir\Desktop\CFScript . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KWARI.XLOADER -------\Service_Kwari.xLoader ((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))))) . 2010-07-09 20:22 . 2008-04-14 03:42 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-07-09 20:22 . 2008-04-14 03:42 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-07-09 20:14 . 2008-04-13 22:09 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys 2010-07-09 20:14 . 2008-04-13 22:09 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys 2010-07-09 14:44 . 2010-07-09 14:44 -------- d-----w- c:\program files\Trend Micro 2010-07-09 00:36 . 2010-07-09 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-07 21:50 . 2010-07-07 21:50 60416 ----a-w- c:\windows\system32\9048ac.exe 2010-07-07 19:31 . 2010-07-09 21:25 -------- d-----w- c:\documents and settings\Vladimir\Tracing 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Microsoft 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live 2010-07-07 18:12 . 2010-07-07 18:12 -------- d-----w- c:\program files\Common Files\Windows Live 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-06 17:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-07-06 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-02 18:22 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-07-02 18:22 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2010-07-02 18:17 . 2010-07-02 18:17 -------- d-----w- c:\program files\Microsoft Works 2010-07-02 18:16 . 2010-07-02 18:16 -------- d-----w- c:\program files\MSBuild 2010-07-02 18:02 . 2010-07-02 18:14 -------- d-----w- c:\windows\SHELLNEW 2010-07-02 18:01 . 2010-07-02 18:01 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Microsoft Help 2010-07-02 18:00 . 2010-07-02 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-02 17:58 . 2010-07-02 17:58 -------- d-----r- C:\MSOCache 2010-07-02 16:10 . 2010-07-02 16:10 -------- d-----w- c:\program files\uTorrent 2010-07-02 16:10 . 2010-07-02 18:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\uTorrent 2010-07-02 10:20 . 2010-07-02 10:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-02 10:20 . 2010-07-10 00:15 -------- d-----w- c:\documents and settings\Vladimir\Application Data\skypePM 2010-07-02 10:19 . 2010-07-10 02:17 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\program files\Common Files\Skype 2010-07-02 10:18 . 2010-07-02 10:19 -------- d-----r- c:\program files\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-02 10:01 . 2010-07-08 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2010-07-02 09:59 . 2010-07-02 09:59 0 ----a-w- c:\windows\nsreg.dat 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Mozilla 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\program files\RFA 2010-07-01 19:49 . 2010-07-01 19:50 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Micro Forte 2010-07-01 19:48 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-07-01 19:48 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-07-01 19:48 . 2007-07-19 22:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll 2010-07-01 19:48 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll 2010-07-01 19:48 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2010-06-27 17:38 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-06-27 16:57 . 2010-06-27 19:50 -------- d-----w- c:\program files\Google 2010-06-24 15:55 . 2010-06-24 15:55 43520 ----a-w- c:\windows\system32\huolpphm°.exe 2010-06-24 15:49 . 2010-06-24 15:50 43520 ----a-w- c:\windows\system32\huolpphm.exe 2010-06-23 17:56 . 2010-06-24 17:40 10 ----a-w- c:\windows\popcinfo.dat 2010-06-23 12:39 . 2010-06-23 12:39 4096 ----a-w- c:\windows\d3dx.dat 2010-06-23 12:38 . 2010-07-02 09:45 -------- d-----w- c:\program files\GameHouse 2010-06-23 12:35 . 2010-06-24 17:42 -------- d-----w- c:\program files\Zuma Deluxe 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Opera 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\program files\Opera 2010-06-20 17:03 . 2010-06-20 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2010-06-20 17:03 . 2010-06-20 19:59 14 ----a-w- c:\windows\popcinfot.dat 2010-06-20 17:03 . 2010-06-20 17:03 0 ----a-w- c:\windows\popcreg.dat 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Media Player Classic 2010-06-19 19:59 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2010-06-19 19:59 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-06-19 19:59 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-19 19:59 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-19 19:59 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-06-19 19:57 . 2010-07-02 21:50 -------- d-----w- c:\documents and settings\Vladimir\Application Data\BSplayer PRO 2010-06-19 19:57 . 2010-06-19 19:57 -------- d-----w- c:\program files\Webteh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 14:23 . 2002-08-29 12:00 1033728 ----a-w- c:\windows\explorer.exe 2010-07-07 18:11 . 2010-06-18 16:57 69232 ----a-w- c:\documents and settings\Vladimir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-02 10:46 . 2010-06-18 17:03 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Winamp 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\program files\Winamp 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\InterTrust 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\program files\Intel 2010-06-18 17:03 . 2010-06-18 16:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-18 17:00 . 2010-06-18 17:00 -------- d-----w- c:\program files\ATI Technologies 2010-06-18 16:59 . 2010-06-18 16:59 -------- d-----w- c:\program files\Common Files\InstallShield 2010-06-18 16:52 . 2010-06-18 16:25 70691 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-06-18 16:27 . 2010-06-18 16:27 -------- d-----w- c:\program files\microsoft frontpage 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\LB1Z9JHR.DAT 2010-06-18 16:26 . 2010-06-18 16:26 558142 ----a-w- c:\windows\java\Packages\UU0H7FFB.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\D31FZNVD.DAT 2010-06-18 16:26 . 2010-06-18 16:26 155995 ----a-w- c:\windows\java\Packages\SAD3TZNZ.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\PZL75FTZ.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\DJ5FHFDN.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\0YFVTZ5B.DAT 2010-06-18 16:23 . 2010-06-18 16:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-12 315392] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743 mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\4y1emjty.default\ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-10 16:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wpabaln.exe . ************************************************************************ . Completion time: 2010-07-10 16:17:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-10 14:17 ComboFix2.txt 2010-07-10 11:18 ComboFix3.txt 2010-07-09 20:26 Pre-Run: 3,518,177,280 bytes free Post-Run: 3,509,985,280 bytes free - - End Of File - - EF533214F64D7266BF4565E681912DCE Dopuna: 10 Jul 2010 17:50 evo jos jednom sam pokusao ako nije ovo ja stvarno ne znam sta je ComboFix 10-07-09.02 - Vladimir 07/10/2010 17:40:20.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.103 [GMT 2:00] Running from: c:\documents and settings\Vladimir\My Documents\Preuzimanja\ComboFix.exe Command switches used :: c:\documents and settings\Vladimir\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))))) . 2010-07-09 20:22 . 2008-04-14 03:42 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-07-09 20:22 . 2008-04-14 03:42 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-07-09 20:14 . 2008-04-13 22:09 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys 2010-07-09 20:14 . 2008-04-13 22:09 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys 2010-07-09 14:44 . 2010-07-09 14:44 -------- d-----w- c:\program files\Trend Micro 2010-07-09 00:36 . 2010-07-09 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-07 21:50 . 2010-07-07 21:50 60416 ----a-w- c:\windows\system32\9048ac.exe 2010-07-07 19:31 . 2010-07-09 21:25 -------- d-----w- c:\documents and settings\Vladimir\Tracing 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Microsoft 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-07-07 19:22 . 2010-07-07 19:22 -------- d-----w- c:\program files\Windows Live 2010-07-07 18:12 . 2010-07-07 18:12 -------- d-----w- c:\program files\Common Files\Windows Live 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-06 17:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-06 17:22 . 2010-07-06 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-06 17:22 . 2010-07-06 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-02 18:22 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-07-02 18:22 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2010-07-02 18:17 . 2010-07-02 18:17 -------- d-----w- c:\program files\Microsoft Works 2010-07-02 18:16 . 2010-07-02 18:16 -------- d-----w- c:\program files\MSBuild 2010-07-02 18:02 . 2010-07-02 18:14 -------- d-----w- c:\windows\SHELLNEW 2010-07-02 18:01 . 2010-07-02 18:01 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Microsoft Help 2010-07-02 18:00 . 2010-07-02 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-02 17:58 . 2010-07-02 17:58 -------- d-----r- C:\MSOCache 2010-07-02 16:10 . 2010-07-02 16:10 -------- d-----w- c:\program files\uTorrent 2010-07-02 16:10 . 2010-07-02 18:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\uTorrent 2010-07-02 10:20 . 2010-07-02 10:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-02 10:20 . 2010-07-10 15:18 -------- d-----w- c:\documents and settings\Vladimir\Application Data\skypePM 2010-07-02 10:19 . 2010-07-10 15:46 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\program files\Common Files\Skype 2010-07-02 10:18 . 2010-07-02 10:19 -------- d-----r- c:\program files\Skype 2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-02 10:01 . 2010-07-08 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2010-07-02 09:59 . 2010-07-02 09:59 0 ----a-w- c:\windows\nsreg.dat 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Mozilla 2010-07-02 09:59 . 2010-07-02 09:59 -------- d-----w- c:\program files\RFA 2010-07-01 19:49 . 2010-07-01 19:50 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Micro Forte 2010-07-01 19:48 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-07-01 19:48 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-07-01 19:48 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-07-01 19:48 . 2007-07-19 22:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll 2010-07-01 19:48 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll 2010-07-01 19:48 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll 2010-07-01 19:48 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2010-06-27 17:38 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-06-27 16:57 . 2010-06-27 19:50 -------- d-----w- c:\program files\Google 2010-06-24 15:55 . 2010-06-24 15:55 43520 ----a-w- c:\windows\system32\huolpphm°.exe 2010-06-24 15:49 . 2010-06-24 15:50 43520 ----a-w- c:\windows\system32\huolpphm.exe 2010-06-23 17:56 . 2010-06-24 17:40 10 ----a-w- c:\windows\popcinfo.dat 2010-06-23 12:39 . 2010-06-23 12:39 4096 ----a-w- c:\windows\d3dx.dat 2010-06-23 12:38 . 2010-07-02 09:45 -------- d-----w- c:\program files\GameHouse 2010-06-23 12:35 . 2010-06-24 17:42 -------- d-----w- c:\program files\Zuma Deluxe 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\documents and settings\Vladimir\Local Settings\Application Data\Opera 2010-06-23 12:34 . 2010-06-23 12:34 -------- d-----w- c:\program files\Opera 2010-06-20 17:03 . 2010-06-20 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2010-06-20 17:03 . 2010-06-20 19:59 14 ----a-w- c:\windows\popcinfot.dat 2010-06-20 17:03 . 2010-06-20 17:03 0 ----a-w- c:\windows\popcreg.dat 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Media Player Classic 2010-06-19 19:59 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2010-06-19 19:59 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-06-19 19:59 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-19 19:59 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-19 19:59 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-06-19 19:59 . 2010-06-19 19:59 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-06-19 19:57 . 2010-07-02 21:50 -------- d-----w- c:\documents and settings\Vladimir\Application Data\BSplayer PRO 2010-06-19 19:57 . 2010-06-19 19:57 -------- d-----w- c:\program files\Webteh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 14:23 . 2002-08-29 12:00 1033728 ----a-w- c:\windows\explorer.exe 2010-07-07 18:11 . 2010-06-18 16:57 69232 ----a-w- c:\documents and settings\Vladimir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-02 10:46 . 2010-06-18 17:03 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\documents and settings\Vladimir\Application Data\Winamp 2010-06-18 21:08 . 2010-06-18 17:43 -------- d-----w- c:\program files\Winamp 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\documents and settings\Vladimir\Application Data\InterTrust 2010-06-18 17:03 . 2010-06-18 17:03 -------- d-----w- c:\program files\Intel 2010-06-18 17:03 . 2010-06-18 16:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-18 17:00 . 2010-06-18 17:00 -------- d-----w- c:\program files\ATI Technologies 2010-06-18 16:59 . 2010-06-18 16:59 -------- d-----w- c:\program files\Common Files\InstallShield 2010-06-18 16:52 . 2010-06-18 16:25 70691 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-06-18 16:27 . 2010-06-18 16:27 -------- d-----w- c:\program files\microsoft frontpage 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\LB1Z9JHR.DAT 2010-06-18 16:26 . 2010-06-18 16:26 558142 ----a-w- c:\windows\java\Packages\UU0H7FFB.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\D31FZNVD.DAT 2010-06-18 16:26 . 2010-06-18 16:26 155995 ----a-w- c:\windows\java\Packages\SAD3TZNZ.ZIP 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\PZL75FTZ.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\DJ5FHFDN.DAT 2010-06-18 16:26 . 2010-06-18 16:26 2678 ----a-w- c:\windows\java\Packages\Data\0YFVTZ5B.DAT 2010-06-18 16:23 . 2010-06-18 16:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-12 315392] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743 mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Vladimir\Application Data\Mozilla\Firefox\Profiles\4y1emjty.default\ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-10 17:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1800) c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll . Completion time: 2010-07-10 17:49:07 ComboFix-quarantined-files.txt 2010-07-10 15:49 ComboFix2.txt 2010-07-10 14:17 ComboFix3.txt 2010-07-10 11:18 ComboFix4.txt 2010-07-09 20:26 Pre-Run: 3,505,737,728 bytes free Post-Run: 3,497,992,192 bytes free - - End Of File - - 4443A56FE9144D5EA23B3C564B8B1F85

Profil

diarno Poslao: 10 Jul 2010 23:03 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 10 Jul 2010 20:03 Nemoj vise pokretati Combofix. Dobices dalja uputstva kasno veceras. Sad imam goste. Dopuna: 10 Jul 2010 23:03 Postavi mi sveze gmer logove.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Trojancima!!!

Ko je trenutno na forumu

Ukupno su 845 korisnika na forumu :: 16 registrovanih, 3 sakrivenih i 826 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: havoc995, hyla, ILGromovnik, Ivica1102, kjkszpj, Krvava Devetka, mačković, milenko crazy north, Parker, royst33, Sićko, Srle993, stalja, Stoilkovic, wizzardone, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by