Spyware Doctor detektovao a ne znam kako da izbrišem ...

Spyware Doctor detektovao a ne znam kako da izbrišem ...

offline
  • Pridružio: 30 Okt 2009
  • Poruke: 59
  • Gde živiš: Sombor

Evo mog problema,ne znam kako da uklonim ove silne viruse i ostalo.Nod 32 ih nije detektovao pri skeniranju,ali spyware doctor jeste


offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jel ti ja dadoh upute u onoj temi?

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 30 Okt 2009
  • Poruke: 59
  • Gde živiš: Sombor

Napisano: 02 Nov 2009 13:00

Izvinjavam se Embarassed ,odradiću sve po propisu malo kasnije ,sada nemam vremena.
Hvala Exclamation

Dopuna: 02 Nov 2009 18:03

Danas sam instalirala Spyware Doctor i nakon skeniranja otkrio je veliki broj virusa i ostalih infekcija na računaru.Antivirus program koji koristim je NOD 32 i on nije registrovao ni jednu od ovih pretnji.
Ovako izgleda prozor sa infekcijama



Pokušala sam da otvorim Fix Checked polje,ali dobijem ovu ponudu da kupim registraciju i ne mogu da izbrišem sve ove pretnje.




Zbog toga vas molim za pomoć jer ne znam kako da ih izbrišem.

Imam 32 bitni windows,wireless konekciju brzine 256Kb/s ,paket flat@home.

DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by sara david at 16:33:15.81 on 02/11/2009
Internet Explorer: 6.0.2900.3300 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1256.44.1033.18.1022.426 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe
C:\WINDOWS\system32\lxdmcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\sara david\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sara david\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sara david\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sara david\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\sara david\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: TorrentReactor.Net Toolbar: {b23920f4-4c2f-412b-9450-1d7028d5454e} - c:\program files\torrentreactor.net\tbTor1.dll
mWinlogon: Shell=Explorer.exe c:\windows\config\csrss.exe
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: TorrentReactor.Net Toolbar: {b23920f4-4c2f-412b-9450-1d7028d5454e} - c:\program files\torrentreactor.net\tbTor1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sara david\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\sarada~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Translation Options - c:\program files\promt98\promtie4\options.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\promt98\promtie4\search.htm
IE: Translate - c:\program files\promt98\promtie4\translat.htm
IE: Translate in R-Express - c:\program files\promt98\promtie4\wts.htm
IE: Translate in WebView - c:\program files\promt98\promtie4\webview.htm
IE: Translate page - c:\program files\promt98\promtie4\page.htm
IE: {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\promt98\promtie4\promtie5.htm
IE: {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\promt98\promtie4\options.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {B9B1E1B8-78AD-41EF-B7F1-4D5F72054E5E} = 10.238.120.254 89.216.43.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Notify: Antiwpa - antiwpa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sarada~1\applic~1\mozilla\firefox\profiles\8zgharg4.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\documents and settings\sara david\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-2 207280]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/24 23:14:41];c:\program files\cyberlink\powerdvd9\000.fcl [2009-5-7 87536]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-2 112592]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-17 55152]
R2 lxdm_device;lxdm_device;c:\windows\system32\lxdmcoms.exe -service --> c:\windows\system32\lxdmcoms.exe -service [?]
R2 lxdmCATSCustConnectService;lxdmCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdmserv.exe [2009-10-29 99248]
R2 NetService;NetServices;c:\program files\common files\services\netservices.exe [2008-10-6 36864]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-2 358600]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-11-02 09:08:37 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-02 09:08:37 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-02 09:08:37 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-02 09:08:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-02 09:08:37 131 ----a-w- c:\windows\IDB.zip
2009-11-02 09:08:36 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-02 09:08:36 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-02 09:08:36 1152470 ----a-w- c:\windows\UDB.zip
2009-11-02 08:38:08 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-02 08:38:08 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-02 08:38:02 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-02 08:38:02 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-02 08:38:02 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-02 08:38:02 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 08:37:53 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-02 08:37:53 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-02 08:37:35 0 d-----w- c:\program files\Spyware Doctor
2009-11-02 08:37:35 0 d-----w- c:\program files\common files\PC Tools
2009-11-02 08:37:35 0 d-----w- c:\docume~1\sarada~1\applic~1\PC Tools
2009-11-02 08:37:35 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-31 19:20:20 0 d-----w- c:\program files\SystemRequirementsLab
2009-10-31 11:49:34 5953546 ----a-w- C:\AutoRuns1.arn
2009-10-31 11:48:08 237442 ----a-w- C:\AutoRuns.zip
2009-10-31 11:35:50 5953546 ----a-w- C:\AutoRuns.arn
2009-10-31 11:30:39 669032 ----a-w- C:\autoruns.exe
2009-10-31 11:30:39 559976 ----a-w- C:\autorunsc.exe
2009-10-31 11:30:39 48904 ----a-w- C:\autoruns.chm
2009-10-29 19:11:13 518 ----a-w- c:\windows\system32\wul.cfg
2009-10-29 13:07:07 40960 ----a-w- c:\windows\system32\lxdmvs.dll
2009-10-29 13:06:58 348160 ----a-w- c:\windows\system32\lxdmcoin.dll
2009-10-29 13:06:11 65536 ----a-w- c:\windows\system32\lxdmcaps.dll
2009-10-29 13:06:10 692224 ----a-w- c:\windows\system32\lxdmdrs.dll
2009-10-29 13:06:09 69632 ----a-w- c:\windows\system32\lxdmcnv4.dll
2009-10-29 13:05:44 45056 ----a-w- c:\windows\system32\LXDMPMON.DLL
2009-10-29 13:05:44 32768 ----a-w- c:\windows\system32\LXDMFXPU.DLL
2009-10-29 13:05:24 69632 ----a-w- c:\windows\system32\lxdmoem.dll
2009-10-29 13:05:23 0 d-----w- c:\docume~1\alluse~1\applic~1\5000 Series
2009-10-29 13:04:21 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-10-29 13:03:52 740 ----a-w- C:\Lexmark Productivity Studio - 5000 Series.LNK
2009-10-29 13:00:17 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-10-29 12:59:04 0 d-----w- c:\program files\Lexmark 5000 Series
2009-10-29 12:42:59 0 d-----w- c:\program files\Lexmark Toolbar
2009-10-29 12:36:52 0 d-----w- c:\docume~1\sarada~1\applic~1\Lexmark Productivity Studio
2009-10-29 12:35:40 0 d-----w- c:\documents and settings\all users\Lx_cats
2009-10-29 12:35:22 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-29 12:35:10 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-27 16:58:02 0 d-----w- c:\docume~1\sarada~1\applic~1\5000 Series
2009-10-27 16:00:10 0 d-----w- C:\logs
2009-10-27 15:59:26 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-27 15:59:16 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-10-27 15:58:20 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-10-27 15:58:20 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2009-10-27 15:58:20 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2009-10-27 15:58:20 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2009-10-27 15:58:20 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-10-26 10:55:33 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-10-26 08:30:55 0 d-sh--w- c:\documents and settings\sara david\PrivacIE
2009-10-26 08:19:45 0 d-sh--w- c:\documents and settings\sara david\IETldCache
2009-10-26 08:13:38 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-26 08:13:37 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-26 08:13:37 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-26 08:13:36 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-26 08:13:36 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-26 08:13:34 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-26 08:13:30 0 d-----w- c:\windows\ie8updates
2009-10-26 08:13:26 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-26 08:12:47 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-10-25 21:08:50 0 d-----w- c:\docume~1\sarada~1\applic~1\ESET
2009-10-24 19:25:32 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-10-24 19:25:30 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-10-24 19:23:55 0 d-----w- c:\windows\Replay Media Catcher
2009-10-24 19:23:55 0 d-----w- c:\program files\Replay Media Catcher
2009-10-03 18:43:18 31732 ----a-w- c:\windows\system32\SEBRS___.TTF
2009-10-03 18:43:18 109472 ----a-w- c:\windows\system32\Sebran3_.ttf
2009-10-03 18:43:18 0 d-----w- c:\program files\Sebran

==================== Find3M ====================

2017-01-02 10:43:38 77176 ----a-w- c:\windows\fonts\SC_OUHOD.ttf
2016-12-30 15:05:20 66792 ----a-w- c:\windows\fonts\SC_SHARJAH.ttf
2016-12-30 15:02:04 75820 ----a-w- c:\windows\fonts\SC_DUBAI.ttf
2016-12-30 11:32:46 90072 ----a-w- c:\windows\fonts\SC_REHAN.ttf
2016-12-30 11:01:32 70368 ----a-w- c:\windows\fonts\SC_AMEEN.ttf
2016-12-30 05:04:06 66852 ----a-w- c:\windows\fonts\SC_LUJAYN.ttf
2016-12-30 05:03:40 64908 ----a-w- c:\windows\fonts\SC_KHALID.ttf
2016-12-30 05:03:02 63168 ----a-w- c:\windows\fonts\SC_HANI.ttf
2016-12-30 05:02:28 81648 ----a-w- c:\windows\fonts\SC_GULF.ttf
2016-12-30 05:00:56 86304 ----a-w- c:\windows\fonts\SC_ALYERMOOK.ttf
2009-09-27 20:20:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 15:16:05 512000 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 18:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 18:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

============= FINISH: 16:34:14.68 ===============



mycity.rs/must-login.png
GMER1



mycity.rs/must-login.png

GMER2


mycity.rs/must-login.png
GMER3


mycity.rs/must-login.png

Nadam se da sam sve dobro odradila.

Hvala unapred.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 30 Okt 2009
  • Poruke: 59
  • Gde živiš: Sombor

ComboFix 09-11-01.04 - sara david 02/11/2009 19:31.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.44.1033.18.1022.435 [GMT 2:00]
Running from: c:\documents and settings\sara david\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETSERVICE
-------\Service_NetService


((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 17:41 . 2009-11-02 17:41 -------- d-----w- c:\windows\system32\xircom
2009-11-02 17:41 . 2009-11-02 17:41 -------- d-----w- c:\windows\system32\wbem\snmp
2009-11-02 17:41 . 2009-11-02 17:41 -------- d-----w- c:\windows\srchasst
2009-11-02 17:41 . 2009-11-02 17:41 -------- d-----w- c:\program files\microsoft frontpage
2009-11-02 09:08 . 2009-10-08 09:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-02 09:08 . 2009-10-08 09:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-02 09:08 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2009-11-02 09:08 . 2009-10-08 09:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-02 09:08 . 2009-10-08 09:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-02 09:08 . 2009-10-02 12:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-02 08:38 . 2009-09-24 06:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-02 08:38 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-02 08:38 . 2009-09-23 14:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 08:37 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-02 08:37 . 2009-11-02 17:40 -------- d-----w- c:\program files\Spyware Doctor
2009-11-02 08:37 . 2009-11-02 09:08 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-02 08:37 . 2009-11-02 08:37 -------- d-----w- c:\documents and settings\sara david\Application Data\PC Tools
2009-11-02 08:37 . 2009-11-02 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-31 19:20 . 2009-10-31 19:21 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-31 19:20 . 2009-10-31 19:20 -------- d-----w- c:\documents and settings\sara david\Application Data\SystemRequirementsLab
2009-10-31 11:48 . 2009-10-31 11:48 237442 ----a-w- C:\AutoRuns.zip
2009-10-31 11:30 . 2009-10-13 08:20 669032 ----a-w- C:\autoruns.exe
2009-10-31 11:30 . 2009-10-13 08:20 559976 ----a-w- C:\autorunsc.exe
2009-10-29 19:09 . 2009-10-29 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-10-29 13:07 . 2006-08-01 05:53 40960 ----a-w- c:\windows\system32\lxdmvs.dll
2009-10-29 13:06 . 2007-05-03 19:50 348160 ----a-w- c:\windows\system32\lxdmcoin.dll
2009-10-29 13:06 . 2007-05-22 14:10 65536 ----a-w- c:\windows\system32\lxdmcaps.dll
2009-10-29 13:06 . 2007-05-22 22:59 692224 ----a-w- c:\windows\system32\lxdmdrs.dll
2009-10-29 13:06 . 2007-04-17 14:17 69632 ----a-w- c:\windows\system32\lxdmcnv4.dll
2009-10-29 13:05 . 2007-06-07 05:38 45056 ----a-w- c:\windows\system32\LXDMPMON.DLL
2009-10-29 13:05 . 2007-06-07 05:37 32768 ----a-w- c:\windows\system32\LXDMFXPU.DLL
2009-10-29 13:05 . 2007-04-09 14:59 69632 ----a-w- c:\windows\system32\lxdmoem.dll
2009-10-29 13:05 . 2009-10-29 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\5000 Series
2009-10-29 13:04 . 2009-10-29 13:04 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-10-29 13:00 . 2006-11-09 07:11 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-10-29 12:42 . 2009-10-30 19:39 -------- d-----w- c:\program files\Lexmark Toolbar
2009-10-29 12:36 . 2009-10-29 13:12 -------- d-----w- c:\documents and settings\sara david\Application Data\Lexmark Productivity Studio
2009-10-29 12:35 . 2009-11-01 17:46 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2009-10-29 12:35 . 2008-01-25 21:35 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-29 12:35 . 2008-01-25 21:35 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-27 16:58 . 2009-10-27 16:58 -------- d-----w- c:\documents and settings\sara david\Application Data\5000 Series
2009-10-27 16:00 . 2009-10-27 16:00 -------- d-----w- C:\logs
2009-10-27 15:59 . 2008-01-25 21:33 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-27 15:59 . 2001-08-17 20:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-10-27 15:58 . 2006-06-02 21:12 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-10-27 15:58 . 2006-06-02 21:12 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-10-26 10:55 . 2008-03-03 16:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-10-26 08:30 . 2009-10-26 08:30 -------- d-sh--w- c:\documents and settings\sara david\PrivacIE
2009-10-26 08:20 . 2009-10-26 08:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-26 08:19 . 2009-10-26 08:19 -------- d-sh--w- c:\documents and settings\sara david\IETldCache
2009-10-26 08:13 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-26 08:13 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-26 08:13 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-26 08:13 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-26 08:13 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-26 08:13 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-26 08:13 . 2009-10-28 09:16 -------- d-----w- c:\windows\ie8updates
2009-10-26 08:13 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-26 08:12 . 2008-01-26 03:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-10-25 21:08 . 2009-10-25 21:08 -------- d-----w- c:\documents and settings\sara david\Application Data\ESET
2009-10-24 19:25 . 2009-10-24 19:25 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-10-24 19:25 . 2009-10-24 19:25 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-10-24 19:25 . 2009-10-24 19:25 -------- d-----w- c:\documents and settings\sara david\Local Settings\Application Data\mdnslib
2009-10-24 19:24 . 2009-10-31 16:03 -------- d-----w- c:\documents and settings\sara david\Local Settings\Application Data\FLVService
2009-10-24 19:23 . 2009-10-24 19:59 -------- d-----w- c:\program files\Replay Media Catcher
2009-10-24 19:23 . 2009-10-24 19:23 -------- d-----w- c:\windows\Replay Media Catcher
2009-10-03 18:43 . 2009-10-03 18:43 -------- d-----w- c:\program files\Sebran

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 17:41 . 2009-05-17 10:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-01 15:40 . 2009-07-12 11:02 -------- d-----w- c:\documents and settings\sara david\Application Data\vlc
2009-10-29 21:00 . 2009-06-22 20:02 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-10-29 21:00 . 2009-06-22 20:02 -------- d-----w- c:\program files\ACD Systems
2009-10-29 21:00 . 2009-06-22 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-10-29 18:45 . 2009-05-16 17:43 76464 ----a-w- c:\documents and settings\sara david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 18:38 . 2009-07-12 10:25 -------- d-----w- c:\program files\DivX
2009-10-29 13:06 . 2009-10-29 12:59 -------- d-----w- c:\program files\Lexmark 5000 Series
2009-10-29 12:50 . 2009-05-17 12:00 -------- d-----w- c:\program files\Winamp
2009-10-29 12:50 . 2009-07-10 13:52 -------- d-----w- c:\program files\QuickTime
2009-10-29 12:50 . 2009-05-16 18:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-29 12:50 . 2009-05-17 12:33 -------- d-----w- c:\program files\FinePixViewer
2009-10-29 10:30 . 2009-07-16 09:59 -------- d-----w- c:\documents and settings\sara david\Application Data\AmuletAdventure
2009-10-29 10:30 . 2009-05-18 12:00 43 ----a-w- c:\windows\popcinfo.dat
2009-10-28 18:46 . 2009-05-16 21:16 -------- d-----w- c:\documents and settings\sara david\Application Data\uTorrent
2009-10-26 08:28 . 2009-07-15 19:44 -------- d-----w- c:\program files\Games
2009-10-25 21:26 . 2009-05-18 19:03 -------- d-----w- c:\program files\ESET
2009-10-25 21:07 . 2009-05-16 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-20 11:21 . 2009-08-14 10:35 -------- d-----w- c:\program files\Realore
2009-10-17 09:09 . 2009-05-18 08:15 820 ----a-w- c:\windows\system32\InTLub1.sys
2009-10-14 15:07 . 2009-05-21 08:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-29 10:47 . 2009-06-23 20:15 -------- d-----w- c:\documents and settings\sara david\Application Data\Any Video Converter
2009-09-27 20:20 . 2009-09-27 20:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 20:20 . 2009-09-27 20:20 -------- d-----w- c:\program files\Java
2009-09-21 09:25 . 2009-05-17 10:18 -------- d-----w- c:\documents and settings\sara david\Application Data\dvdcss
2009-09-16 01:20 . 2009-11-02 08:38 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 04:20 . 2009-11-02 08:37 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 00:12 . 2009-11-02 08:38 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-14 23:01 . 2009-11-02 08:38 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-12 10:07 . 2009-05-16 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-11 14:18 . 2008-01-26 03:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-01-26 03:57 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2008-01-26 03:57 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-05-16 16:46 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-05-16 16:46 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-05-16 16:46 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-05-16 16:46 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-01-26 03:57 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-05-16 16:46 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-05-16 16:46 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-01-26 03:57 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:44 . 2008-02-12 14:10 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
.

------- Sigcheck -------

[-] 2008-02-03 . F0D1A9D147E3722C4636FBB74A76723E . 1840128 . . [6.00.2900.2894] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b23920f4-4c2f-412b-9450-1d7028d5454e}"= "c:\program files\TorrentReactor.Net\tbTor1.dll" [2009-08-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{b23920f4-4c2f-412b-9450-1d7028d5454e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b23920f4-4c2f-412b-9450-1d7028d5454e}"= "c:\program files\TorrentReactor.Net\tbTor1.dll" [2009-08-12 2215960]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{b23920f4-4c2f-412b-9450-1d7028d5454e}]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B23920F4-4C2F-412B-9450-1D7028D5454E}"= "c:\program files\TorrentReactor.Net\tbTor1.dll" [2009-08-12 2215960]

[HKEY_CLASSES_ROOT\clsid\{b23920f4-4c2f-412b-9450-1d7028d5454e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]
"Google Update"="c:\documents and settings\sara david\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-17 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-01-26 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-26 99840]

c:\documents and settings\sara david\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Realore\\Tiny Cars 2\\TinyCars2.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [02/11/2009 10:38 207280]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01/07/2008 09:04 34312]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/24 23:14];c:\program files\CyberLink\PowerDVD9\000.fcl [07/05/2009 21:05 87536]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [02/11/2009 11:08 112592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [01/07/2008 09:02 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17/05/2009 19:43 55152]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [02/11/2009 10:37 358600]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [23/08/2001 15:00 3584]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-879983540-1417001333-1003Core.job
- c:\documents and settings\sara david\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-17 18:45]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-879983540-1417001333-1003UA.job
- c:\documents and settings\sara david\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-17 18:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Translation Options - c:\program files\PROMT98\promtie4\options.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\PROMT98\promtie4\search.htm
IE: Translate - c:\program files\PROMT98\promtie4\translat.htm
IE: Translate in R-Express - c:\program files\PROMT98\promtie4\wts.htm
IE: Translate in WebView - c:\program files\PROMT98\promtie4\webview.htm
IE: Translate page - c:\program files\PROMT98\promtie4\page.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PROMT98\promtie4\promtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PROMT98\promtie4\options.htm
FF - ProfilePath - c:\documents and settings\sara david\Application Data\Mozilla\Firefox\Profiles\8zgharg4.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\documents and settings\sara david\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-RocketDock 1.3.5 - c:\program files\Company\RocketDock\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-11-02 19:41
Windows 5.1.2600 Service Pack 3, v.5857 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3044)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\windows\system32\lxdmcoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-02 19:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 17:46

Pre-Run: 9,050,869,760 bytes free
Post-Run: 9,937,842,176 bytes free

- - End Of File - - 832A241DBBD88F933E36D0A28B010489


IZVEŠTAJ COMBO FIX-A

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pusti sad Spyware Doctor-a i vidi dal nesto nalazi

Inace posto je tebi trenutno spyware doctor neupotrebljiv jer nisi registrovana na njihovom sajtu ukoliko zelis da zaobidjes tu proceduru i jednostavan Antispyware program mozes instalirati jedan od sledeceih :

http://www.superantispyware.com/
http://www.malwarebytes.org/mbam.php
http://www.lavasoft.com/products/ad_aware_free.php

Ne kazem da je SD los nego jednostavno trenutno je nefunkcionalan i ako nemas vremena da ga registrujes i bakces se sa tim stvarima mozes koristiti neki od ovih...

offline
  • Pridružio: 30 Okt 2009
  • Poruke: 59
  • Gde živiš: Sombor

Napisano: 02 Nov 2009 20:14

Ne mogu da verujem,upravo sam skenirala sa SD i vidi:





Instaliraću jedan od ovih koje si predložio

Dopuna: 02 Nov 2009 21:13

Čini mi se da je ipak bilo najjednostavnije predložiti jedan od ova tri efikasnija spywera,koji brišu infekcije,nego sve ovo što sam odradila

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Dobro ovo sto je detektovao nije strasno... to gotovo svaki user pokupi koristeci net..u pitanju su tracking cookies..koji nisu maliciozni..takodje je detektovao delove combofixa...Znaci deinstaliraj ga pre nego sto instaliras jedan od ova tri...

Uradi jos ovo :

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

To bi bilo to..POzzz

offline
  • Pridružio: 30 Okt 2009
  • Poruke: 59
  • Gde živiš: Sombor

Sklonila sam combo fix i instalirala superantispyware.Skenirao je i očistio je sve,za sada.

Sutra ću skenirati ponovo da vidim da li funkcioniše.

Hvala Exclamation

Ko je trenutno na forumu
 

Ukupno su 551 korisnika na forumu :: 12 registrovanih, 1 sakriven i 538 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, darios, djordje92sm, Fog of War, kybonacci, nemkea71, opt1, sap, saputnik plavetnila, Tas011, vranjanac29, zlaya011