MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virus preuzetog sa Skype-a

Problem sa virus preuzetog sa Skype-a

Napisano na dan: 25.1.2009

Strana:
1
2

Problem sa virus preuzetog sa Skype-a

Sledeća strana

Pagination

Odgovori

Strana:
1
2

RyZeeR Poslao: 25 Jan 2009 20:21 Idi na vrh
offline RyZeeR Građanin Pridružio: 09 Dec 2005 Poruke: 174 Gde živiš: Serbia - Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovaj problem se odnosi na mog prijatelja, koji ne moze da stavi "log" sa svog pc-a, jer ga zeza virus (virusi). * Problem je nastao, tako sto je tokom chat-a sa prijateljem dobio neki fajl za download (ms-dos aplikacija), kad je aktivirao program komp mu je "poludeo", i od tada ima probleme sa softverom... * Inace njegov prijatelj je zarazen sa tim virusom odavno... (danas je saznao). Stavio sam i sliku, nadam se da ce pomoci u lecenju Windows XP SP3. Hvala *********************************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:08:43 PM, on 1/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20935) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\UpsPilot\Winpower.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\UpsPilot\monitor.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\PROGRA~1\UpsPilot\wpRMI.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Korisnik\Desktop\virys\tr3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-4663310542-3946980675-048542194-0889\winservices.exe O4 - Startup: cleantemp.bat O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe -- End of file - 9376 bytes Dopuna: 25 Jan 2009 20:21

Profil

helen1 Poslao: 25 Jan 2009 20:41 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. --------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

RyZeeR Poslao: 25 Jan 2009 21:36 Idi na vrh
offline RyZeeR Građanin Pridružio: 09 Dec 2005 Poruke: 174 Gde živiš: Serbia - Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i ComboFix log-a ************************** ComboFix 09-01-21.04 - Korisnik 2009-01-25 21:27:31.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1329 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))) . 2009-01-24 17:34 . 2009-01-24 17:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-24 17:34 . 2009-01-24 17:34 <DIR> d-------- c:\documents and settings\Administrator 2009-01-24 17:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-17 19:32 . 2009-01-17 19:32 <DIR> d-------- c:\windows\Sun 2009-01-12 21:27 . 2009-01-12 21:27 <DIR> d-------- c:\program files\Real 2009-01-12 21:27 . 2009-01-12 21:27 <DIR> d-------- c:\program files\Common Files\xing shared 2009-01-12 21:27 . 2009-01-12 21:27 <DIR> d-------- c:\program files\Common Files\Real 2009-01-04 14:30 . 2009-01-11 20:14 <DIR> d-------- c:\documents and settings\Korisnik\Phone Browser 2009-01-04 14:30 . 2009-01-04 14:30 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Datalayer 2009-01-04 14:29 . 2009-01-04 14:29 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Nokia 2009-01-04 14:27 . 2009-01-04 14:27 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-04 14:26 . 2009-01-04 14:26 <DIR> d-------- c:\windows\Downloaded Installations 2009-01-04 14:26 . 2009-01-04 14:27 <DIR> d-------- c:\program files\Nokia 2009-01-04 14:26 . 2009-01-04 14:27 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-01-04 14:26 . 2009-01-04 14:26 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\PC Suite 2009-01-04 14:26 . 2009-01-04 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite 2009-01-04 14:26 . 2009-01-04 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-01-04 14:26 . 2006-05-29 08:26 127,488 --a------ c:\windows\system32\drivers\nmwcd.sys 2009-01-04 14:26 . 2006-05-29 08:26 50,688 --a------ c:\windows\system32\nmwcdcls.dll 2009-01-04 14:26 . 2006-05-29 08:26 30,720 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-04 14:26 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcm.sys 2009-01-04 14:26 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcj.sys 2009-01-04 14:26 . 2006-05-29 08:26 8,704 --a------ c:\windows\system32\drivers\nmwcdc.sys 2009-01-04 14:26 . 2006-05-29 08:26 4,608 --a------ c:\windows\system32\nmwcdlog.dll 2008-12-28 17:02 . 2009-01-14 17:00 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-28 17:02 . 2008-12-28 17:02 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-12-27 15:48 . 2008-11-13 16:20 203,540 --a------ c:\windows\system32\nvapps.nvb 2008-12-27 15:06 . 2008-12-27 15:34 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-12-27 14:44 . 2008-12-27 14:45 <DIR> d-------- c:\program files\Rockstar Games 2008-12-25 20:13 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-12-25 19:37 . 2009-01-25 13:43 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\skypePM 2008-12-25 19:37 . 2008-12-25 19:37 48 --ah----- c:\windows\system32\ezsidmv.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-25 16:31 --------- d-----w c:\documents and settings\Korisnik\Application Data\Skype 2009-01-25 15:34 --------- d-----w c:\program files\UpsPilot 2009-01-24 19:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-24 18:24 --------- d-----w c:\documents and settings\Korisnik\Application Data\Desktopicon 2009-01-24 16:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-21 22:03 --------- d-----w c:\documents and settings\Korisnik\Application Data\uTorrent 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-13 16:48 --------- d-----w c:\program files\Google 2009-01-12 20:27 348,160 ----a-w c:\windows\system32\msvcr71.dll 2009-01-04 13:27 --------- d-----w c:\program files\DIFX 2008-12-27 13:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-25 19:13 --------- d-----w c:\program files\Common Files\Logitech 2008-12-25 19:13 --------- d-----w c:\program files\Common Files\LogiShrd 2008-12-19 16:30 --------- d--h--r c:\documents and settings\Korisnik\Application Data\SecuROM 2008-12-18 20:35 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-18 20:12 --------- d-----w c:\documents and settings\Korisnik\Application Data\DAEMON Tools Lite 2008-12-18 19:20 --------- d-----w c:\documents and settings\Korisnik\Application Data\Ahead 2008-12-18 18:26 60,156 ----a-w c:\windows\system32\jspWinNm.DLL 2008-12-18 18:26 56,320 ----a-w c:\windows\system32\smemory.dll 2008-12-18 18:26 53,248 ----a-w c:\windows\system32\jspWinRni.DLL 2008-12-18 18:26 51,200 ----a-w c:\windows\system32\TrayIcon12.dll 2008-12-18 18:26 45,056 ----a-w c:\windows\system32\jspWin.dll 2008-12-18 18:26 35,992 ----a-w c:\windows\system32\jspWinRnia.DLL 2008-12-18 18:26 --------- d--h--w c:\program files\Zero G Registry 2008-12-18 17:49 --------- d-----w c:\program files\Logitech 2008-12-18 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2008-12-18 17:42 --------- d-----w c:\program files\Common Files\LogiShared 2008-12-18 17:42 --------- d-----w c:\documents and settings\Korisnik\Application Data\Logitech 2008-12-18 17:41 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-12-18 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2008-12-18 16:05 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-18 16:04 --------- d-----w c:\program files\VS Revo Group 2008-12-18 16:00 --------- d-----w c:\program files\Realtek 2008-12-18 15:57 16,512 ----a-w c:\windows\gdrv.sys 2008-12-18 15:52 --------- d-----w c:\documents and settings\Korisnik\Application Data\Thinstall 2008-12-17 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2008-12-17 21:48 --------- d-----w c:\documents and settings\Korisnik\Application Data\Media Player Classic 2008-12-17 21:32 315,392 ----a-w c:\windows\HideWin.exe 2008-12-17 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-17 19:14 --------- d-----w c:\program files\ESET 2008-12-17 19:08 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-17 19:05 --------- d-----w c:\program files\Windows Live 2008-12-17 19:05 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2008-12-17 19:01 --------- d-----w c:\program files\ESET SysInspector 1.1.2.0 2008-12-17 18:54 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-12-17 18:54 --------- d-----w c:\program files\Skype 2008-12-17 18:54 --------- d-----w c:\program files\Common Files\Skype 2008-12-17 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-12-17 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-12-17 18:42 --------- d-----w c:\program files\ApexDC++ 2008-12-17 18:29 512,096 ----a-w c:\windows\system32\drivers\amon.sys 2008-12-17 18:29 298,104 ----a-w c:\windows\system32\imon.dll 2008-12-17 18:29 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys 2008-12-17 17:37 --------- d-----w c:\program files\SpeedFan 2008-12-17 17:30 --------- d-----w c:\program files\MSECache 2008-12-17 17:30 --------- d-----w c:\program files\Microsoft 2008-12-17 17:29 --------- d-----w c:\program files\GPLGS 2008-12-17 17:29 --------- d-----w c:\program files\Acro Software 2008-12-17 17:26 --------- d-----w c:\program files\Microsoft Works 2008-12-17 17:20 --------- d-----w c:\program files\Common Files\L&H 2008-12-17 17:19 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-17 17:16 --------- d-----w c:\program files\Microsoft.NET 2008-12-17 17:07 --------- d-----w c:\program files\SIW 2008-12-17 17:06 --------- d-----w c:\program files\Everest Ultimate Edition v.4.60.1509 2008-12-17 17:05 --------- d-----w c:\program files\GPU-Z 0.2.9 2008-12-17 17:05 --------- d-----w c:\program files\FDRLab 2008-12-17 17:05 --------- d-----w c:\program files\CPU-Z 1.49 2008-12-17 17:04 --------- d-----w c:\program files\Unlocker 2008-12-17 17:03 --------- d-----w c:\program files\Recuva 2008-12-17 17:03 --------- d-----w c:\program files\CCleaner 2008-12-17 17:02 --------- d-----w c:\documents and settings\Korisnik\Application Data\ACD Systems 2008-12-17 17:00 --------- d-----w c:\program files\Common Files\ACD Systems 2008-12-17 17:00 --------- d-----w c:\program files\ACD Systems 2008-12-17 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2008-12-17 16:59 --------- d-----w c:\program files\The KMPlayer 2008-12-17 16:56 --------- d-----w c:\program files\Common Files\Ahead 2008-12-17 16:55 --------- d-----w c:\program files\Nero 2008-12-17 16:54 --------- d-----w c:\program files\Defraggler 2008-12-17 16:54 --------- d-----w c:\program files\DAMN NFO Viewer 2008-12-17 16:53 --------- d-----w c:\documents and settings\Korisnik\Application Data\Malwarebytes 2008-12-17 16:53 --------- d-----w c:\documents and settings\Korisnik\Application Data\DAEMON Tools Pro 2008-12-17 16:53 --------- d-----w c:\documents and settings\Korisnik\Application Data\DAEMON Tools 2008-12-17 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-17 16:52 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-17 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2008-12-17 16:49 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-17 16:46 --------- d-----w c:\program files\IVT Corporation 2008-12-17 16:45 --------- d-----w c:\program files\Totalcmd v7.2 2008-12-17 16:45 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-17 16:45 --------- d-----w c:\program files\Common Files\Adobe 2008-12-17 16:43 --------- d-----w c:\program files\Your Uninstaller 2008 2008-12-17 16:43 --------- d-----w c:\documents and settings\Korisnik\Application Data\URSoft 2008-12-17 14:19 --------- d-----w c:\documents and settings\Korisnik\Application Data\InstallShield 2008-12-17 14:16 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-17 14:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-17 14:12 --------- d-----w c:\program files\AGEIA Technologies 2008-12-17 14:06 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-17 14:06 --------- d-----w c:\program files\microsoft frontpage 2008-12-17 14:06 --------- d-----w c:\program files\Java 2008-12-17 14:03 --------- d-----w c:\program files\Reference Assemblies . ------- Sigcheck ------- 2008-07-28 12:53 361600 038ca45522fe9b756efb90dbfa9141ea c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-27 306088] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248] "Winpower"="c:\program files\UpsPilot\Winpower.exe" [2008-12-18 114688] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 185872] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\documents and settings\Korisnik\Start Menu\Programs\Startup\ cleantemp.bat [2006-11-05 26] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-18 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "d:\\-=[Download Programs]=-\\Utorrent\\uTorrent.exe"= "d:\\-=[Download Programs]=-\\ApexDC++\\ApexDC.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Games\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Games\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Games\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2008-12-16 9096] R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-17 15424] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-17 15504] R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-12-17 170640] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e0aed2e-ce8b-11dd-8e3f-001d7d075566}] \Shell\Auto\command - activexdebugger32.exe f \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e \Shell\explore\Command - activexdebugger32.exe f \Shell\open\Command - activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0361657-cc48-11dd-911a-806d6172696f}] \Shell\AutoRun\command - E:\Run.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm LSP: c:\windows\system32\imon.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\cx7g4f9k.default\ FF - prefs.js: browser.startup.homepage - google.rs FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-25 21:28:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-1844823847-682003330-1004\Software\SecuROM\License information*] "datasecu"=hex:76,4f,2d,2b,9d,45,c0,48,c6,16,82,ab,38,a2,bc,0f,81,17,ec,67,e3, bf,b9,3b,f6,21,43,94,c8,f2,0c,1a,eb,e5,bd,42,7b,39,b7,aa,89,09,af,c0,c4,a6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(856) c:\windows\system32\imon.dll . Completion time: 2009-01-25 21:29:01 ComboFix-quarantined-files.txt 2009-01-25 20:28:59 ComboFix2.txt 2009-01-25 20:24:20 Pre-Run: 110,247,460,864 bytes free Post-Run: 110,236,315,648 bytes free 269 --- E O F --- 2009-01-15 16:03:16

Profil

helen1 Poslao: 26 Jan 2009 00:58 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix si pokretao i ranije, gde ti je taj log?

Profil

RyZeeR Poslao: 26 Jan 2009 04:05 Idi na vrh
offline RyZeeR Građanin Pridružio: 09 Dec 2005 Poruke: 174 Gde živiš: Serbia - Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo je prvi put da se pokrece taj program na tom kompjuteru... :S

Profil

helen1 Poslao: 26 Jan 2009 08:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poprilicno sam siguran da postoji jos jedan log, zato sto je ovaj koji si mi postavio: ComboFix2.txt Uploaduj mi sledeci fajl: c:\windows\system32\drivers\amdide1.sys preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

RyZeeR Poslao: 26 Jan 2009 19:49 Idi na vrh
offline RyZeeR Građanin Pridružio: 09 Dec 2005 Poruke: 174 Gde živiš: Serbia - Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vezano za sam fajl, to sam mu ja rekao da tako obelezi fajl. Saljem fajl posle 16:00h, hvala. Dopuna: 26 Jan 2009 19:49 Stavio sam fajl koji je bio trazen (stavio sam u rar, nadam se da nisam pogresio :/ ) "Vas fajl je uspesno uploadovan. Molimo Vas da u temi u kojoj je od Vas zahtevano da uploadujete fajl, obavestite lice koje Vam pomaze da ste to uspesno uradili. Hvala Vam."

Profil

helen1 Poslao: 26 Jan 2009 23:45 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e0aed2e-ce8b-11dd-8e3f-001d7d075566}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0361657-cc48-11dd-911a-806d6172696f}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

RyZeeR Poslao: 28 Jan 2009 03:35 Idi na vrh
offline RyZeeR Građanin Pridružio: 09 Dec 2005 Poruke: 174 Gde živiš: Serbia - Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-21.04 - Korisnik 2009-01-27 19:19:35.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1454 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\Programi\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 ))))))))))))))))))))))))))))))) . 2009-01-24 17:34 . 2009-01-24 17:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-24 17:34 . 2009-01-24 17:34 <DIR> d-------- c:\documents and settings\Administrator 2009-01-24 17:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-17 19:32 . 2009-01-17 19:32 <DIR> d-------- c:\windows\Sun 2009-01-12 21:27 . 2009-01-12 21:27 <DIR> d-------- c:\program files\Real 2009-01-12 21:27 . 2009-01-12 21:27 <DIR> d-------- c:\program files\Common Files\xing shared 2009-01-12 21:27 . 2009-01-12 21:27 <DIR> d-------- c:\program files\Common Files\Real 2009-01-04 14:30 . 2009-01-11 20:14 <DIR> d-------- c:\documents and settings\Korisnik\Phone Browser 2009-01-04 14:30 . 2009-01-04 14:30 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Datalayer 2009-01-04 14:29 . 2009-01-04 14:29 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Nokia 2009-01-04 14:27 . 2009-01-04 14:27 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-04 14:26 . 2009-01-04 14:26 <DIR> d-------- c:\windows\Downloaded Installations 2009-01-04 14:26 . 2009-01-04 14:27 <DIR> d-------- c:\program files\Nokia 2009-01-04 14:26 . 2009-01-04 14:27 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-01-04 14:26 . 2009-01-04 14:26 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\PC Suite 2009-01-04 14:26 . 2009-01-04 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite 2009-01-04 14:26 . 2009-01-04 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-01-04 14:26 . 2006-05-29 08:26 127,488 --a------ c:\windows\system32\drivers\nmwcd.sys 2009-01-04 14:26 . 2006-05-29 08:26 50,688 --a------ c:\windows\system32\nmwcdcls.dll 2009-01-04 14:26 . 2006-05-29 08:26 30,720 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-04 14:26 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcm.sys 2009-01-04 14:26 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcj.sys 2009-01-04 14:26 . 2006-05-29 08:26 8,704 --a------ c:\windows\system32\drivers\nmwcdc.sys 2009-01-04 14:26 . 2006-05-29 08:26 4,608 --a------ c:\windows\system32\nmwcdlog.dll 2008-12-28 17:02 . 2009-01-14 17:00 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-28 17:02 . 2008-12-28 17:02 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-12-27 15:48 . 2008-11-13 16:20 203,540 --a------ c:\windows\system32\nvapps.nvb 2008-12-27 15:06 . 2008-12-27 15:34 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-12-27 14:44 . 2008-12-27 14:45 <DIR> d-------- c:\program files\Rockstar Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-27 17:34 --------- d-----w c:\program files\UpsPilot 2009-01-25 16:31 --------- d-----w c:\documents and settings\Korisnik\Application Data\Skype 2009-01-25 12:43 --------- d-----w c:\documents and settings\Korisnik\Application Data\skypePM 2009-01-24 19:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-24 18:24 --------- d-----w c:\documents and settings\Korisnik\Application Data\Desktopicon 2009-01-24 16:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-21 22:03 --------- d-----w c:\documents and settings\Korisnik\Application Data\uTorrent 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-13 16:48 --------- d-----w c:\program files\Google 2009-01-12 20:27 348,160 ----a-w c:\windows\system32\msvcr71.dll 2009-01-04 13:27 --------- d-----w c:\program files\DIFX 2008-12-27 13:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-25 19:13 --------- d-----w c:\program files\Common Files\Logitech 2008-12-25 19:13 --------- d-----w c:\program files\Common Files\LogiShrd 2008-12-19 16:30 --------- d--h--r c:\documents and settings\Korisnik\Application Data\SecuROM 2008-12-18 20:35 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-18 20:12 --------- d-----w c:\documents and settings\Korisnik\Application Data\DAEMON Tools Lite 2008-12-18 19:20 --------- d-----w c:\documents and settings\Korisnik\Application Data\Ahead 2008-12-18 18:26 60,156 ----a-w c:\windows\system32\jspWinNm.DLL 2008-12-18 18:26 56,320 ----a-w c:\windows\system32\smemory.dll 2008-12-18 18:26 53,248 ----a-w c:\windows\system32\jspWinRni.DLL 2008-12-18 18:26 51,200 ----a-w c:\windows\system32\TrayIcon12.dll 2008-12-18 18:26 45,056 ----a-w c:\windows\system32\jspWin.dll 2008-12-18 18:26 35,992 ----a-w c:\windows\system32\jspWinRnia.DLL 2008-12-18 18:26 --------- d--h--w c:\program files\Zero G Registry 2008-12-18 17:49 --------- d-----w c:\program files\Logitech 2008-12-18 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2008-12-18 17:42 --------- d-----w c:\program files\Common Files\LogiShared 2008-12-18 17:42 --------- d-----w c:\documents and settings\Korisnik\Application Data\Logitech 2008-12-18 17:41 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-12-18 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2008-12-18 16:05 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-18 16:04 --------- d-----w c:\program files\VS Revo Group 2008-12-18 16:00 --------- d-----w c:\program files\Realtek 2008-12-18 15:57 16,512 ----a-w c:\windows\gdrv.sys 2008-12-18 15:52 --------- d-----w c:\documents and settings\Korisnik\Application Data\Thinstall 2008-12-17 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2008-12-17 21:48 --------- d-----w c:\documents and settings\Korisnik\Application Data\Media Player Classic 2008-12-17 21:32 315,392 ----a-w c:\windows\HideWin.exe 2008-12-17 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-17 19:14 --------- d-----w c:\program files\ESET 2008-12-17 19:08 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-17 19:05 --------- d-----w c:\program files\Windows Live 2008-12-17 19:05 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2008-12-17 19:01 --------- d-----w c:\program files\ESET SysInspector 1.1.2.0 2008-12-17 18:54 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-12-17 18:54 --------- d-----w c:\program files\Skype 2008-12-17 18:54 --------- d-----w c:\program files\Common Files\Skype 2008-12-17 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-12-17 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-12-17 18:42 --------- d-----w c:\program files\ApexDC++ 2008-12-17 18:29 512,096 ----a-w c:\windows\system32\drivers\amon.sys 2008-12-17 18:29 298,104 ----a-w c:\windows\system32\imon.dll 2008-12-17 18:29 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys 2008-12-17 17:37 --------- d-----w c:\program files\SpeedFan 2008-12-17 17:30 --------- d-----w c:\program files\MSECache 2008-12-17 17:30 --------- d-----w c:\program files\Microsoft 2008-12-17 17:29 --------- d-----w c:\program files\GPLGS 2008-12-17 17:29 --------- d-----w c:\program files\Acro Software 2008-12-17 17:26 --------- d-----w c:\program files\Microsoft Works 2008-12-17 17:20 --------- d-----w c:\program files\Common Files\L&H 2008-12-17 17:19 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-17 17:16 --------- d-----w c:\program files\Microsoft.NET 2008-12-17 17:07 --------- d-----w c:\program files\SIW 2008-12-17 17:06 --------- d-----w c:\program files\Everest Ultimate Edition v.4.60.1509 2008-12-17 17:05 --------- d-----w c:\program files\GPU-Z 0.2.9 2008-12-17 17:05 --------- d-----w c:\program files\FDRLab 2008-12-17 17:05 --------- d-----w c:\program files\CPU-Z 1.49 2008-12-17 17:04 --------- d-----w c:\program files\Unlocker 2008-12-17 17:03 --------- d-----w c:\program files\Recuva 2008-12-17 17:03 --------- d-----w c:\program files\CCleaner 2008-12-17 17:02 --------- d-----w c:\documents and settings\Korisnik\Application Data\ACD Systems 2008-12-17 17:00 --------- d-----w c:\program files\Common Files\ACD Systems 2008-12-17 17:00 --------- d-----w c:\program files\ACD Systems 2008-12-17 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2008-12-17 16:59 --------- d-----w c:\program files\The KMPlayer 2008-12-17 16:56 --------- d-----w c:\program files\Common Files\Ahead 2008-12-17 16:55 --------- d-----w c:\program files\Nero 2008-12-17 16:54 --------- d-----w c:\program files\Defraggler 2008-12-17 16:54 --------- d-----w c:\program files\DAMN NFO Viewer 2008-12-17 16:53 --------- d-----w c:\documents and settings\Korisnik\Application Data\Malwarebytes 2008-12-17 16:53 --------- d-----w c:\documents and settings\Korisnik\Application Data\DAEMON Tools Pro 2008-12-17 16:53 --------- d-----w c:\documents and settings\Korisnik\Application Data\DAEMON Tools 2008-12-17 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-17 16:52 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-17 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2008-12-17 16:49 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-17 16:46 --------- d-----w c:\program files\IVT Corporation 2008-12-17 16:45 --------- d-----w c:\program files\Totalcmd v7.2 2008-12-17 16:45 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-17 16:45 --------- d-----w c:\program files\Common Files\Adobe 2008-12-17 16:43 --------- d-----w c:\program files\Your Uninstaller 2008 2008-12-17 16:43 --------- d-----w c:\documents and settings\Korisnik\Application Data\URSoft 2008-12-17 14:19 --------- d-----w c:\documents and settings\Korisnik\Application Data\InstallShield 2008-12-17 14:16 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-17 14:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-17 14:12 --------- d-----w c:\program files\AGEIA Technologies 2008-12-17 14:06 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-17 14:06 --------- d-----w c:\program files\microsoft frontpage 2008-12-17 14:06 --------- d-----w c:\program files\Java . ------- Sigcheck ------- 2008-07-28 12:53 361600 038ca45522fe9b756efb90dbfa9141ea c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2009-01-25_21.23.42.85 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-25 16:20:12 71,176 ----a-w c:\windows\system32\perfc009.dat + 2009-01-27 18:18:31 71,176 ----a-w c:\windows\system32\perfc009.dat - 2009-01-25 16:20:13 441,432 ----a-w c:\windows\system32\perfh009.dat + 2009-01-27 18:18:31 441,432 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-27 306088] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248] "Winpower"="c:\program files\UpsPilot\Winpower.exe" [2008-12-18 114688] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 185872] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\documents and settings\Korisnik\Start Menu\Programs\Startup\ cleantemp.bat [2006-11-05 26] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-18 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NOD32krn"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "d:\\-=[Download Programs]=-\\Utorrent\\uTorrent.exe"= "d:\\-=[Download Programs]=-\\ApexDC++\\ApexDC.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Games\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Games\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Games\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2008-12-16 9096] R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-17 15424] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-17 15504] R4 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-12-17 170640] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm LSP: c:\windows\system32\imon.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\cx7g4f9k.default\ FF - prefs.js: browser.startup.homepage - google.rs FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-27 19:20:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-1844823847-682003330-1004\Software\SecuROM\License information*] "datasecu"=hex:76,4f,2d,2b,9d,45,c0,48,c6,16,82,ab,38,a2,bc,0f,81,17,ec,67,e3, bf,b9,3b,f6,21,43,94,c8,f2,0c,1a,eb,e5,bd,42,7b,39,b7,aa,89,09,af,c0,c4,a6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(856) c:\windows\system32\imon.dll . Completion time: 2009-01-27 19:21:12 ComboFix-quarantined-files.txt 2009-01-27 18:21:10 ComboFix2.txt 2009-01-25 20:29:02 ComboFix3.txt 2009-01-25 20:24:20 Pre-Run: 110,150,889,472 bytes free Post-Run: 110,154,035,200 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 278 --- E O F --- 2009-01-15 16:03:16

Profil

helen1 Poslao: 28 Jan 2009 14:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li tvoj drug ima sada neke probleme?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virus preuzetog sa Skype-a

Ko je trenutno na forumu

Ukupno su 603 korisnika na forumu :: 21 registrovanih, 6 sakrivenih i 576 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bigfoot, Bluper, darkangel, djordje92sm, GenZee, gorantrojka, Krusarac, m0nstrum_, milenko crazy north, Mixelotti, Panonsky, pein, raykan, sap, Shilok, slonic_tonic, Srle993, stankolich, strela, Vatreni Zmaj, vlad4

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by