MyCity » Ambulanta -> Arhiva Ambulante » TH Injector i Packed Protector C

TH Injector i Packed Protector C

Napisano na dan: 8.12.2009

TH Injector i Packed Protector C

Sledeća strana

Pagination

Odgovori

milena1402 Poslao: 08 Dec 2009 00:52 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Potrebna mi je pomoc oko ovih virusa koji su se odjednom pojavili i ne mogu da ih ocistim. Zabrljala mi je grafika nakon restarta racunara, a firefox ne moze vise uopste da se startuje. Hvala unapred! Evo i loga: DDS (Ver_09-12-01.01) - NTFSx86 Run by Milena at 0:18:17.20 on Tue 12/08/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.137 [GMT 1:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\USB TV\EM28XX\BDARemote.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\opera.exe C:\Program Files\AVG\AVG9\avgui.exe C:\Documents and Settings\Milena\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchpd.exe" uRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [av_md] c:\windows\temp\~TM26D.tmp mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [sysgif32] c:\windows\temp\~TM26C.tmp mRun: [Regedit32] c:\windows\system32\regedit.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [Link mogu videti samo ulogovani korisnici] DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - [Link mogu videti samo ulogovani korisnici] DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - [Link mogu videti samo ulogovani korisnici] DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici] Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\milena\applic~1\mozilla\firefox\profiles\50yn6ieh.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-1-1 97408] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-31 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-31 28424] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-31 360584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-31 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-31 285392] R3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?] R3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [2009-10-31 13824] =============== Created Last 30 ================ 2009-12-07 23:09:44 148768 -c--a-w- c:\windows\system32\dllcache\atapi.sys 2009-12-07 22:44:45 42 ----a-w- c:\windows\system32\scud.udf 2009-12-07 22:44:17 0 d-----w- c:\program files\Spyware Cease 2009-12-07 21:35:56 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-12-07 21:35:35 4 ----a-w- c:\docume~1\milena\applic~1\avdrn.dat 2009-11-27 22:30:24 0 d-----w- c:\program files\Unlocker 2009-11-27 22:25:52 0 d-----w- c:\docume~1\milena\applic~1\Simply Super Software 2009-11-27 22:25:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software 2009-11-27 20:51:01 0 d-s---w- C:\ComboFix 2009-11-27 17:34:15 0 d-sha-r- C:\cmdcons 2009-11-23 16:22:27 0 d-----w- C:\DeltaBanka 2009-11-21 19:37:28 0 d-----w- c:\program files\JoWooD 2009-11-21 04:32:19 0 d-----w- c:\program files\VideoLAN 2009-11-20 22:39:19 0 d-----w- c:\program files\eMule 2009-11-16 23:40:45 0 d-----w- c:\program files\FDRLab 2009-11-16 22:44:47 0 d-----w- c:\program files\Passware 2009-11-08 01:46:45 0 d-----w- c:\program files\YouTube Downloader ==================== Find3M ==================== 2009-12-07 23:09:44 148768 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-10 08:09:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-06 11:03:27 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2009-11-05 17:54:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-04 13:21:45 8 --sh--r- c:\docume~1\alluse~1\applic~1\CA775620AE.sys 2009-10-31 19:22:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-31 19:22:09 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-31 10:00:29 21640 ----a-w- c:\windows\system32\emptyregdb.dat ============= FINISH: 0:18:45.56 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

Bogdan-Tc Poslao: 08 Dec 2009 02:49 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

milena1402 Poslao: 08 Dec 2009 17:08 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-12-07.07 - Milena 12/08/2009 8:54.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.245 [GMT 1:00] Running from: c:\documents and settings\Milena\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\program files\Spyware Cease c:\program files\Spyware Cease\md5.dll c:\program files\Spyware Cease\mtools.dll c:\program files\Spyware Cease\networkdll.dll c:\program files\Spyware Cease\opfile.dll c:\program files\Spyware Cease\QAreaDLL.dll c:\program files\Spyware Cease\RkHitApi.dll c:\program files\Spyware Cease\sctdll.dll c:\program files\Spyware Cease\spkdll.dll c:\program files\Spyware Cease\SpywareCease.exe c:\program files\Spyware Cease\udefend.dll c:\program files\Spyware Cease\ussafe.dll c:\program files\Spyware Cease\zlib1.dll Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\ERDNT\cache\atapi.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RKHIT -------\Service_RkHit ((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 ))))))))))))))))))))))))))))))) . 2009-12-07 21:35 . 2009-12-07 21:35 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-11-30 09:04 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\Milena\Application Data\Simply Super Software\Trojan Remover\shoC1D.exe 2009-11-30 09:04 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\Milena\Application Data\Simply Super Software\Trojan Remover\kcmC1E.exe 2009-11-30 09:04 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\Milena\Application Data\Simply Super Software\Trojan Remover\magC1C.exe 2009-11-27 22:30 . 2009-11-27 22:30 -------- d-----w- c:\program files\Unlocker 2009-11-27 22:27 . 2009-12-07 22:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-27 22:25 . 2009-11-27 22:25 -------- d-----w- c:\documents and settings\Milena\Application Data\Simply Super Software 2009-11-27 22:25 . 2009-11-27 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-11-26 17:05 . 2009-11-26 17:05 235520 ----a-w- c:\documents and settings\Milena\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe 2009-11-26 17:05 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Milena\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- C:\DeltaBanka 2009-11-22 22:32 . 2009-11-22 22:32 0 ----a-w- c:\windows\nsreg.dat 2009-11-22 22:32 . 2009-11-22 22:32 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Mozilla 2009-11-21 19:37 . 2009-11-21 19:37 -------- d-----w- c:\program files\JoWooD 2009-11-21 04:36 . 2009-11-21 04:36 -------- d-----w- c:\documents and settings\Milena\Application Data\vlc 2009-11-21 04:32 . 2009-11-21 04:32 -------- d-----w- c:\program files\VideoLAN 2009-11-20 22:39 . 2009-11-20 22:48 -------- d-----w- c:\program files\eMule 2009-11-17 00:23 . 2009-11-17 00:23 -------- d-----w- c:\program files\QuickTime 2009-11-16 23:40 . 2009-11-16 23:40 -------- d-----w- c:\program files\FDRLab 2009-11-16 22:44 . 2009-11-16 22:44 -------- d-----w- c:\program files\Passware 2009-11-13 08:06 . 2009-11-13 08:06 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-11-13 08:06 . 2009-11-13 08:06 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2009-11-13 08:06 . 2009-11-10 08:09 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2009-11-13 08:06 . 2009-11-10 08:09 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2009-11-13 08:06 . 2009-11-10 08:09 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2009-11-10 08:08 . 2009-11-10 08:08 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-08 01:33 . 2009-10-31 19:36 -------- d-----w- c:\documents and settings\Milena\Application Data\Skype 2009-12-07 21:35 . 2009-12-07 21:35 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat 2009-12-07 21:35 . 2009-12-07 21:35 4 ----a-w- c:\documents and settings\Milena\Application Data\avdrn.dat 2009-12-07 20:39 . 2009-10-31 19:37 -------- d-----w- c:\documents and settings\Milena\Application Data\skypePM 2009-12-03 07:09 . 2009-11-04 21:22 -------- d-----w- c:\documents and settings\Milena\Application Data\ATI MMC 2009-11-22 21:10 . 2009-10-31 21:28 38808 ----a-w- c:\documents and settings\Milena\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-22 09:33 . 2009-11-04 13:21 -------- d-----w- c:\documents and settings\Milena\Application Data\Corel 2009-11-22 09:33 . 2009-11-01 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-11-22 09:29 . 2009-11-05 20:16 -------- d-----w- c:\program files\Autodesk 2009-11-22 09:28 . 2009-11-05 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-11-17 23:47 . 2009-11-04 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC 2009-11-17 23:13 . 2009-11-05 16:26 -------- d-----w- c:\documents and settings\Milena\Application Data\BitTorrent 2009-11-10 08:09 . 2009-10-31 19:22 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-08 01:46 . 2009-11-08 01:46 -------- d-----w- c:\program files\YouTube Downloader 2009-11-06 11:03 . 2009-11-04 13:21 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-11-06 11:03 . 2009-11-04 13:21 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-11-05 18:24 . 2009-11-05 17:53 -------- d-----w- c:\documents and settings\Milena\Application Data\DAEMON Tools Lite 2009-11-05 17:54 . 2009-11-05 17:53 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-11-05 17:54 . 2009-11-05 17:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-05 17:53 . 2009-11-05 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-11-05 16:26 . 2009-11-05 16:26 -------- d-----w- c:\program files\BitTorrent 2009-11-04 21:17 . 2009-10-31 20:59 -------- d-----w- c:\program files\ATI Technologies 2009-11-04 21:17 . 2009-10-31 20:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-04 21:16 . 2009-10-31 21:27 -------- d-----w- c:\documents and settings\Milena\Application Data\ATI 2009-11-04 21:11 . 2009-11-04 21:11 -------- d-----w- c:\program files\ATI Multimedia 2009-11-04 21:11 . 2009-11-04 21:11 -------- d-----w- c:\program files\Common Files\ATI 2009-11-04 21:08 . 2009-11-04 21:08 -------- d-----w- c:\program files\msaccrt 2009-11-04 18:23 . 2009-11-04 18:23 9158 ----a-r- c:\documents and settings\Milena\Application Data\Microsoft\Installer\{2EAB346D-6073-4FD7-AFC0-B035ABC82A67}\ARPPRODUCTICON.exe 2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\Common Files\ATI Technologies 2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\DIFX 2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\USB TV 2009-11-04 18:22 . 2009-11-04 18:22 -------- d-----w- c:\documents and settings\Milena\Application Data\InstallShield 2009-11-04 17:27 . 2009-11-04 17:24 -------- d-----w- c:\documents and settings\Milena\Application Data\Winamp 2009-11-04 17:27 . 2009-11-04 17:24 -------- d-----w- c:\program files\Winamp 2009-11-04 13:21 . 2009-11-04 13:21 8 --sh--r- c:\documents and settings\All Users\Application Data\CA775620AE.sys 2009-11-04 13:21 . 2009-11-04 13:21 8 --sh--r- c:\documents and settings\All Users\Application Data\CA775620AE.sys 2009-11-04 01:07 . 2009-11-04 01:07 -------- d-----w- c:\documents and settings\Milena\Application Data\AdobeUM 2009-11-04 01:07 . 2009-11-01 00:31 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-02 23:37 . 2009-11-02 23:37 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-11-02 23:36 . 2009-11-02 23:36 -------- d-----w- c:\program files\Microsoft.NET 2009-11-02 23:21 . 2009-10-31 10:02 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-02 18:01 . 2009-11-02 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-11-02 16:52 . 2009-11-02 16:52 -------- d-----w- c:\documents and settings\Milena\Application Data\GRETECH 2009-11-02 16:51 . 2009-11-02 16:51 -------- d-----w- c:\program files\GRETECH 2009-11-01 00:58 . 2009-11-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-11-01 00:37 . 2009-11-01 00:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-10-31 21:27 . 2009-10-31 21:27 129 ----a-w- c:\documents and settings\Milena\Local Settings\Application Data\fusioncache.dat 2009-10-31 21:00 . 2009-10-31 20:34 -------- d-----w- c:\program files\Common Files\InstallShield 2009-10-31 20:36 . 2009-10-31 20:36 -------- d-----w- c:\program files\Common Files\NVIDIA Shared 2009-10-31 20:36 . 2009-10-31 20:36 -------- d-----w- c:\program files\NVIDIA Corporation 2009-10-31 19:37 . 2009-10-31 19:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----w- c:\program files\Common Files\Skype 2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----r- c:\program files\Skype 2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-10-31 19:29 . 2009-10-31 19:29 -------- d-----w- c:\program files\Opera 2009-10-31 19:23 . 2009-10-31 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-31 19:22 . 2009-10-31 19:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-31 19:22 . 2009-10-31 19:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-31 19:22 . 2009-10-31 19:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\program files\AVG 2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-10-31 10:03 . 2009-10-31 10:03 -------- d-----w- c:\program files\microsoft frontpage 2009-10-31 10:00 . 2009-10-31 10:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-16 11:12 . 2009-10-31 19:23 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-10-16 11:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2005-03-18 102400] "ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-03-18 53248] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-17 417792] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-11-4 81997] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-31 19:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1/1/2004 1:34 AM 97408] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/5/2009 6:54 PM 691696] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/31/2009 8:22 PM 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/31/2009 8:22 PM 360584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/31/2009 8:21 PM 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 8:21 PM 285392] R3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [10/31/2009 11:43 AM 13824] . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - [Link mogu videti samo ulogovani korisnici] DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Milena\Application Data\Mozilla\Firefox\Profiles\50yn6ieh.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-12-08 17:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Link mogu videti samo ulogovani korisnici] device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spyt.sys >>UNKNOWN [0x82392938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf859af28 \Driver\ACPI -> ACPI.sys @ 0xf83e2cb8 \Driver\atapi -> atapi.sys @ 0xf839db40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598 ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598 ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6 NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf827abb0 PacketIndicateHandler -> NDIS.sys @ 0xf8287a21 SendHandler -> NDIS.sys @ 0xf826587b user & kernel MBR OK ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688-) c:\windows\system32\Ati2evxx.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe . ************************************************************************ . Completion time: 2009-12-08 17:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-08 16:09 ComboFix2.txt 2009-11-27 17:41 Pre-Run: 11,592,884,224 bytes free Post-Run: 11,509,211,136 bytes free - - End Of File - - EFA37CD132673E55B248B16A1D0122A6

Profil

Bogdan-Tc Poslao: 08 Dec 2009 23:27 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\fjhdyfhsn.bat c:\documents and settings\Milena\Application Data\avdrn.dat c:\documents and settings\NetworkService\Application Data\fvgqad.dat` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

milena1402 Poslao: 08 Dec 2009 23:58 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i ovog loga: ComboFix 09-12-07.07 - Milena 12/08/2009 23:50.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.239 [GMT 1:00] Running from: c:\documents and settings\Milena\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Milena\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\documents and settings\Milena\Application Data\avdrn.dat" "c:\documents and settings\NetworkService\Application Data\fvgqad.dat" "c:\windows\system32\fjhdyfhsn.bat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Milena\Application Data\avdrn.dat c:\documents and settings\NetworkService\Application Data\fvgqad.dat c:\windows\system32\fjhdyfhsn.bat . ((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 ))))))))))))))))))))))))))))))) . 2009-11-30 09:04 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\Milena\Application Data\Simply Super Software\Trojan Remover\shoC1D.exe 2009-11-30 09:04 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\Milena\Application Data\Simply Super Software\Trojan Remover\kcmC1E.exe 2009-11-30 09:04 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\Milena\Application Data\Simply Super Software\Trojan Remover\magC1C.exe 2009-11-27 22:30 . 2009-11-27 22:30 -------- d-----w- c:\program files\Unlocker 2009-11-27 22:27 . 2009-12-07 22:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-27 22:25 . 2009-11-27 22:25 -------- d-----w- c:\documents and settings\Milena\Application Data\Simply Super Software 2009-11-27 22:25 . 2009-11-27 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-11-26 17:05 . 2009-11-26 17:05 235520 ----a-w- c:\documents and settings\Milena\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe 2009-11-26 17:05 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Milena\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- C:\DeltaBanka 2009-11-22 22:32 . 2009-11-22 22:32 0 ----a-w- c:\windows\nsreg.dat 2009-11-22 22:32 . 2009-11-22 22:32 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Mozilla 2009-11-21 19:37 . 2009-11-21 19:37 -------- d-----w- c:\program files\JoWooD 2009-11-21 04:36 . 2009-11-21 04:36 -------- d-----w- c:\documents and settings\Milena\Application Data\vlc 2009-11-21 04:32 . 2009-11-21 04:32 -------- d-----w- c:\program files\VideoLAN 2009-11-20 22:39 . 2009-11-20 22:48 -------- d-----w- c:\program files\eMule 2009-11-17 00:23 . 2009-11-17 00:23 -------- d-----w- c:\program files\QuickTime 2009-11-16 23:40 . 2009-11-16 23:40 -------- d-----w- c:\program files\FDRLab 2009-11-16 22:44 . 2009-11-16 22:44 -------- d-----w- c:\program files\Passware 2009-11-13 08:06 . 2009-11-13 08:06 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-11-13 08:06 . 2009-11-13 08:06 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2009-11-13 08:06 . 2009-11-10 08:09 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2009-11-13 08:06 . 2009-11-10 08:09 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2009-11-13 08:06 . 2009-11-10 08:09 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2009-11-10 08:08 . 2009-11-10 08:08 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-31 21:51 . 2009-10-31 19:37 -------- d-----w- c:\documents and settings\Milena\Application Data\skypePM 2009-12-08 22:34 . 2009-10-31 19:36 -------- d-----w- c:\documents and settings\Milena\Application Data\Skype 2009-12-03 07:09 . 2009-11-04 21:22 -------- d-----w- c:\documents and settings\Milena\Application Data\ATI MMC 2009-11-22 21:10 . 2009-10-31 21:28 38808 ----a-w- c:\documents and settings\Milena\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-22 09:33 . 2009-11-04 13:21 -------- d-----w- c:\documents and settings\Milena\Application Data\Corel 2009-11-22 09:33 . 2009-11-01 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-11-22 09:29 . 2009-11-05 20:16 -------- d-----w- c:\program files\Autodesk 2009-11-22 09:28 . 2009-11-05 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-11-17 23:47 . 2009-11-04 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC 2009-11-17 23:13 . 2009-11-05 16:26 -------- d-----w- c:\documents and settings\Milena\Application Data\BitTorrent 2009-11-10 08:09 . 2009-10-31 19:22 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-08 01:46 . 2009-11-08 01:46 -------- d-----w- c:\program files\YouTube Downloader 2009-11-06 11:03 . 2009-11-04 13:21 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-11-06 11:03 . 2009-11-04 13:21 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-11-05 18:24 . 2009-11-05 17:53 -------- d-----w- c:\documents and settings\Milena\Application Data\DAEMON Tools Lite 2009-11-05 17:54 . 2009-11-05 17:53 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-11-05 17:54 . 2009-11-05 17:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-05 17:53 . 2009-11-05 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-11-05 16:26 . 2009-11-05 16:26 -------- d-----w- c:\program files\BitTorrent 2009-11-04 21:17 . 2009-10-31 20:59 -------- d-----w- c:\program files\ATI Technologies 2009-11-04 21:17 . 2009-10-31 20:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-04 21:16 . 2009-10-31 21:27 -------- d-----w- c:\documents and settings\Milena\Application Data\ATI 2009-11-04 21:11 . 2009-11-04 21:11 -------- d-----w- c:\program files\ATI Multimedia 2009-11-04 21:11 . 2009-11-04 21:11 -------- d-----w- c:\program files\Common Files\ATI 2009-11-04 21:08 . 2009-11-04 21:08 -------- d-----w- c:\program files\msaccrt 2009-11-04 18:23 . 2009-11-04 18:23 9158 ----a-r- c:\documents and settings\Milena\Application Data\Microsoft\Installer\{2EAB346D-6073-4FD7-AFC0-B035ABC82A67}\ARPPRODUCTICON.exe 2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\Common Files\ATI Technologies 2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\DIFX 2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\USB TV 2009-11-04 18:22 . 2009-11-04 18:22 -------- d-----w- c:\documents and settings\Milena\Application Data\InstallShield 2009-11-04 17:27 . 2009-11-04 17:24 -------- d-----w- c:\documents and settings\Milena\Application Data\Winamp 2009-11-04 17:27 . 2009-11-04 17:24 -------- d-----w- c:\program files\Winamp 2009-11-04 13:21 . 2009-11-04 13:21 8 --sh--r- c:\documents and settings\All Users\Application Data\CA775620AE.sys 2009-11-04 13:21 . 2009-11-04 13:21 8 --sh--r- c:\documents and settings\All Users\Application Data\CA775620AE.sys 2009-11-04 01:07 . 2009-11-04 01:07 -------- d-----w- c:\documents and settings\Milena\Application Data\AdobeUM 2009-11-04 01:07 . 2009-11-01 00:31 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-02 23:37 . 2009-11-02 23:37 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-11-02 23:36 . 2009-11-02 23:36 -------- d-----w- c:\program files\Microsoft.NET 2009-11-02 23:21 . 2009-10-31 10:02 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-02 18:01 . 2009-11-02 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-11-02 16:52 . 2009-11-02 16:52 -------- d-----w- c:\documents and settings\Milena\Application Data\GRETECH 2009-11-02 16:51 . 2009-11-02 16:51 -------- d-----w- c:\program files\GRETECH 2009-11-01 00:58 . 2009-11-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-11-01 00:37 . 2009-11-01 00:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-10-31 21:27 . 2009-10-31 21:27 129 ----a-w- c:\documents and settings\Milena\Local Settings\Application Data\fusioncache.dat 2009-10-31 21:00 . 2009-10-31 20:34 -------- d-----w- c:\program files\Common Files\InstallShield 2009-10-31 20:36 . 2009-10-31 20:36 -------- d-----w- c:\program files\Common Files\NVIDIA Shared 2009-10-31 20:36 . 2009-10-31 20:36 -------- d-----w- c:\program files\NVIDIA Corporation 2009-10-31 19:37 . 2009-10-31 19:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----w- c:\program files\Common Files\Skype 2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----r- c:\program files\Skype 2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-10-31 19:29 . 2009-10-31 19:29 -------- d-----w- c:\program files\Opera 2009-10-31 19:23 . 2009-10-31 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-31 19:22 . 2009-10-31 19:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-31 19:22 . 2009-10-31 19:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-31 19:22 . 2009-10-31 19:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\program files\AVG 2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-10-31 10:03 . 2009-10-31 10:03 -------- d-----w- c:\program files\microsoft frontpage 2009-10-31 10:00 . 2009-10-31 10:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-16 11:12 . 2009-10-31 19:23 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-10-16 11:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2005-03-18 102400] "ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-03-18 53248] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\program files\Opera\program\plugins\NPSWF32_FlashUtil.exe" [2009-07-18 257440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-17 417792] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-11-4 81997] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-31 19:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1/1/2004 1:34 AM 97408] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/31/2009 8:22 PM 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/31/2009 8:22 PM 360584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/31/2009 8:21 PM 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 8:21 PM 285392] R3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [10/31/2009 11:43 AM 13824] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/5/2009 6:54 PM 691696] . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - [Link mogu videti samo ulogovani korisnici] DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Milena\Application Data\Mozilla\Firefox\Profiles\50yn6ieh.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-12-08 23:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2009-12-08 23:58 ComboFix-quarantined-files.txt 2009-12-08 22:57 ComboFix2.txt 2009-12-08 16:09 ComboFix3.txt 2009-11-27 17:41 Pre-Run: 11,502,632,960 bytes free Post-Run: 11,473,391,616 bytes free - - End Of File - - 48DCEB38C05E6AEF1F895D28FB45F26D

Profil

Bogdan-Tc Poslao: 09 Dec 2009 22:59 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada deluje ok...ostalo je još da ispratiš sledeće uputstvo.... Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

milena1402 Poslao: 09 Dec 2009 23:25 Idi na vrh
offline milena1402 Građanin Pridružio: 14 Avg 2006 Poruke: 108	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala puno, sad sve radi Ok, a AVG ne prijavljuje vise nista.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » TH Injector i Packed Protector C

Ko je trenutno na forumu

Ukupno su 1468 korisnika na forumu :: 61 registrovanih, 8 sakrivenih i 1399 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Ares12356, Asteker, AudioTehnica, Avalon015, blue, bojank, bokicacar, Bosnjo, bpop, branko7, carinko, cemix, cenejac111, cikadeda, Dorcolac, elenemste, france93, g0xy, g_g, Giskard, Gogi do, goran.vvv, InzenjerBL, Iskander, Jager715510, jalos, Jester, Kiki98TZ, Konda, mainstream, Marko Marković, MaschinenPistole, mean_machine, Miki281, Mldo, Moldovan, nnovakis, pera bager, raketaš, rednap, Romibrat, Sale0501, Savantije, Sharpshooter, Shinobi, Simonsen23, Siti2, sova72, stefan95, Stefi888, they live, Tumansky, Vanderx, vathra, Velja1715, VJ, voja64, vrag81, ziggga, Zvonkozvonko, ZZZ

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by