MyCity » Ambulanta -> Arhiva Ambulante » Virus ili???

Virus ili???

Napisano na dan: 6.2.2009

Strana:
1
2

Virus ili???

Sledeća strana

Pagination

Odgovori

Strana:
1
2

spalekus Poslao: 06 Feb 2009 23:38 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:05, on 6.2.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Unimessage Pro\WilCap.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wilpmove.exe C:\WINDOWS\system\wmisvmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\uTorrent\utorrent.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Gran Paradiso\firefox.exe C:\Documents and Settings\Administrator\Desktop\filko\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WilSpoolProxy] C:\Program Files\Unimessage Pro\WilCap.exe O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - [Link mogu videti samo ulogovani korisnici]* O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Unimessage Printer Tracking Service (wilusbmonitor) - Wordcraft International Limited - C:\WINDOWS\system32\wilpmove.exe O23 - Service: Windows Sync-Manager (WMISMGR) - Unknown owner - C:\WINDOWS\system\wmisvmgr.exe O23 - Service: WMI Servicer (WMISRV) - Security Systems - C:\WINDOWS\system\wmisvr.exe -- End of file - 9252 bytes

Profil

diarno Poslao: 06 Feb 2009 23:55 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Iskopiraj sadržaj tog izveštaja u iduću poruku.

Profil

spalekus Poslao: 07 Feb 2009 00:22 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pri pokretanju programa prvp mi se pojavi situacija koja je prikazana na slici a kad ga i pokrenem do kraja prijavi gresku- ROOTREPEAL CRASH REPORT ------------------------- Exception Code: 0xc0000005 Exception Address: 0x0042425b Attempt to read from address: 0x00000008

Profil

diarno Poslao: 07 Feb 2009 00:44 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK...Obavesticmo autora tog programa Aj da probamo ovako : Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

spalekus Poslao: 07 Feb 2009 09:17 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 07 Feb 2009 13:54 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci pa ukljuci System restore prema ovom uputstvu.... [Link mogu videti samo ulogovani korisnici] Posle toga pusti Ad-aware (ili sta si vec koristio ) i javi dal nesto detektuje...

Profil

spalekus Poslao: 07 Feb 2009 15:38 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] Ovo su rezultati Ad-awara

Profil

diarno Poslao: 07 Feb 2009 15:43 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

spalekus Poslao: 07 Feb 2009 18:54 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-06.04 - Administrator 2009-02-07 18:03:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.159 [GMT 1:00] Running from: E:\Downloads\ComboFix.exe AV: AVG 7.5.552 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\IE4 Error Log.txt C:\WINDOWS\system32\dg.exe.exe C:\WINDOWS\system32\drivers\sysdrv32.sys C:\WINDOWS\system32\ib.exe.exe C:\WINDOWS\system32\in.exe.exe C:\WINDOWS\system32\ne.exe.exe C:\WINDOWS\system32\nz.exe.exe C:\WINDOWS\system32\oj.exe.exe C:\WINDOWS\system32\sa.exe.exe C:\WINDOWS\system32\tu.exe.exe C:\WINDOWS\system32\vn.exe.exe C:\WINDOWS\system32\zz.exe.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSDRV32 -------\Service_sysdrv32 ((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- C:\WINDOWS\system32\xircom 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- C:\Program Files\microsoft frontpage 2009-02-07 15:09 . 2009-02-07 15:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2009-02-07 15:09 . 2009-02-07 15:09 1,409 --a------ C:\WINDOWS\QTFont.for 2009-02-07 09:01 . 2009-02-07 09:01 250 --a------ C:\WINDOWS\gmer.ini 2009-02-07 07:09 . 2009-02-07 17:31 <DIR> d-------- C:\WINDOWS\fix 2009-02-06 16:52 . 2009-02-07 15:40 518,656 -r-hs---- C:\WINDOWS\system\wmisvr.exe 2009-02-06 16:51 . 2009-02-06 16:52 546,304 --a------ C:\WINDOWS\system32\qx.exe 2009-02-06 08:46 . 2009-02-07 13:15 518,656 --a------ C:\WINDOWS\system32\za.exe 2009-02-06 00:34 . 2009-02-06 00:34 543,232 --a------ C:\WINDOWS\system32\wh.exe 2009-02-05 20:30 . 2009-02-05 20:30 543,232 --a------ C:\WINDOWS\system32\gx.exe 2009-02-05 17:19 . 2009-02-05 17:19 543,232 --a------ C:\WINDOWS\system32\nx.exe 2009-02-05 14:38 . 2009-02-05 14:39 543,232 --a------ C:\WINDOWS\system32\gs.exe 2009-02-04 21:22 . 2009-02-04 21:22 554,496 -r-hs---- C:\WINDOWS\system\wmisvmgr.exe 2009-02-04 01:09 . 2009-02-04 01:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Windows Search 2009-02-04 01:07 . 2009-02-04 01:07 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2009-02-04 01:07 . 2009-02-04 07:37 <DIR> d-------- C:\Program Files\Windows Desktop Search 2009-02-04 01:07 . 2007-09-27 10:46 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d-------- C:\WINDOWS\system32\DllCache 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2009-02-04 01:06 . 2008-03-07 17:56 192,000 --------- C:\WINDOWS\system32\DllCache\offfilt.dll 2009-02-04 01:06 . 2008-03-07 17:56 98,304 --------- C:\WINDOWS\system32\DllCache\nlhtml.dll 2009-02-04 01:06 . 2008-03-07 17:56 29,696 --------- C:\WINDOWS\system32\DllCache\mimefilt.dll 2009-02-04 01:05 . 2009-02-04 01:05 <DIR> d-------- C:\Program Files\MSECache 2009-01-21 18:41 . 2009-01-21 18:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\zweitgeist 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- C:\Documents and Settings\Administrator\Shared 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete 2009-01-09 22:29 . 2009-01-13 19:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 14:32 --------- d-----w C:\Program Files\Gran Paradiso 2009-02-07 08:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2009-02-06 10:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7 2009-02-05 21:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2009-02-05 17:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2009-01-22 15:53 --------- d-----w C:\Program Files\Canon 2009-01-07 22:12 --------- d-----w C:\Program Files\Common Files\ACD Systems 2009-01-07 22:12 --------- d-----w C:\Program Files\ACD Systems 2009-01-07 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2009-01-01 12:20 --------- d-----w C:\Program Files\Netscape 2009-01-01 11:54 --------- d-----w C:\Program Files\Apple Software Update 2008-12-29 14:53 --------- d-----w C:\Program Files\PhotoScape 2008-12-29 14:33 --------- d-----w C:\Program Files\Google 2008-12-28 13:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-12-23 13:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CD-LabelPrint 2008-12-23 11:53 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys 2008-12-21 11:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\FastStone 2008-12-21 11:06 --------- d-----w C:\Program Files\FastStone Capture 2008-12-21 10:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Publish Providers 2008-12-21 09:56 --------- d-----w C:\Program Files\Vstplugins 2008-12-21 09:56 --------- d-----w C:\Program Files\Sony 2008-12-21 08:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sony 2008-12-21 07:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sony Setup 2008-12-19 01:05 --------- d-----w C:\Program Files\Common Files\Skype 2008-12-18 06:11 --------- d-----w C:\Program Files\Opera 2008-12-17 08:13 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-12-17 07:20 --------- d-----w C:\Program Files\BearPaw 1200CU Plus 2008-12-17 07:19 --------- d-----w C:\Program Files\Temp 2008-12-16 23:01 --------- d-----w C:\Program Files\Sony Setup 2008-12-16 22:55 --------- d-----w C:\Program Files\CoffeeCup Software 2008-06-07 12:00 88 -csh--r C:\Documents and Settings\All Users\Application Data\A4845040EE.sys 2008-06-07 12:00 2,516 -csha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys . ------- Sigcheck ------- 2007-04-21 13:21 360576 bd8686216e34e22c4ed45a2320b2bea1 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "WilSpoolProxy"="C:\Program Files\Unimessage Pro\WilCap.exe" [2004-08-13 13:29 77824] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 15:33 39408] "AOL Instant Messenger (TM)"="C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe" [1998-02-25 15:08 18944] "Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-16 14:05 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 21:46 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 21:46 86016] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 02:10 409600] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04 39792] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 16342528 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-02 21:46 1630208 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 13:23 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "VIDC.ACDV"= ACDV.dll "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm "MSACM.NSPAC"= NSPAC32.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "C:\\WINDOWS\\system\\wmisvmgr.exe"= "C:\\WINDOWS\\System32\\gs.exe"= "C:\\WINDOWS\\System32\\nx.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\System32\\gx.exe"= "C:\\WINDOWS\\System32\\wh.exe"= "C:\\WINDOWS\\System32\\za.exe"= "C:\\WINDOWS\\system\\wmisvr.exe"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\vd_filedisk.sys [2007-10-11 18:09:37 15872] R2 WILPAR;Wordcraft Parallel Driver;C:\WINDOWS\system32\drivers\WILPAR.SYS [2007-06-13 19:44:05 23008] R2 wilusbmonitor;Unimessage Printer Tracking Service;C:\WINDOWS\system32\wilpmove.exe [2007-06-13 19:52:46 77824] R2 WMISMGR;Windows Sync-Manager;C:\WINDOWS\system\wmisvmgr.exe [2009-02-04 21:22:20 554496] R3 iKeyEnum;Rainbow iKey Enumerator;C:\WINDOWS\system32\drivers\IKEYENUM.SYS [2008-01-23 11:06:31 11256] R3 iKeyIFD;Rainbow iKey Virtual Reader;C:\WINDOWS\system32\drivers\IKEYIFD.SYS [2008-01-23 11:06:31 16696] S2 WMISRV;WMI Servicer;C:\WINDOWS\system\wmisvr.exe [2009-02-06 16:52:27 518656] S3 RnbToken;Rainbow iKey Token Service;C:\WINDOWS\system32\drivers\RNBTOKEN.SYS [2008-01-23 11:06:31 18168] S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys --> D:\NTGLM7X.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - SYSDRV32 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e438fd2-921c-11dd-8663-8a00a12abbf3}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152e43c1-d7ff-11dd-869d-001d9271d11e}] \shell\explore\Command - G:\kvtrwkcc.exe \shell\open\Command - G:\kvtrwkcc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f905e00-daf6-11dd-869f-001d9271d11e}] \Shell\AutoRun\command - G:\RavMon.exe \Shell\explore\Command - G:\RavMon.exe -e \Shell\open\Command - G:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe418022-3429-11dc-9847-001617d60841}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder 2009-02-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-07 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1659004503-682003330-500.job - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 14:05] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Page = [Link mogu videti samo ulogovani korisnici] uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uSearch Bar = [Link mogu videti samo ulogovani korisnici] mDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyOverride = .local;<local> uSearchAssistant = [Link mogu videti samo ulogovani korisnici]* uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] mSearchAssistant = [Link mogu videti samo ulogovani korisnici] IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4k1xvwji.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files\Netscape\Communicator\Program\Plugins\npaudio.dll FF - plugin: C:\Program Files\Netscape\Communicator\Program\Plugins\npavi32.dll FF - plugin: C:\Program Files\Netscape\Communicator\Program\Plugins\nplau32.dll FF - plugin: C:\Program Files\Netscape\Communicator\Program\Plugins\npnul32.dll FF - plugin: C:\Program Files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL FF - plugin: C:\Program Files\Netscape\Communicator\Program\Plugins\npswf32.dll FF - plugin: C:\Program Files\Netscape\Communicator\Program\Plugins\NPVCAL32.DLL . Napomena: računar se resetovao dok je program Conbofix radio pa ne znam da li da ponovim proceduru? Dopuna: 07 Feb 2009 18:54 ComboFix 09-02-06.04 - Administrator 2009-02-07 18:42:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.60 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG 7.5.552 On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\sysdrv32.sys c:\windows\system32\iv.exe.exe . ---- Previous Run ------- . c:\windows\IE4 Error Log.txt c:\windows\system32\dg.exe.exe c:\windows\system32\drivers\sysdrv32.sys c:\windows\system32\ib.exe.exe c:\windows\system32\in.exe.exe c:\windows\system32\ne.exe.exe c:\windows\system32\nz.exe.exe c:\windows\system32\oj.exe.exe c:\windows\system32\sa.exe.exe c:\windows\system32\tu.exe.exe c:\windows\system32\vn.exe.exe c:\windows\system32\zz.exe.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSDRV32 -------\Service_sysdrv32 -------\Legacy_SYSDRV32 ((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-07 18:24 . 2009-02-07 18:25 518,656 --a------ c:\windows\system32\xz.exe 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\windows\system32\xircom 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-07 15:09 . 2009-02-07 15:09 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-07 15:09 . 2009-02-07 15:09 1,409 --a------ c:\windows\QTFont.for 2009-02-07 09:01 . 2009-02-07 09:01 250 --a------ c:\windows\gmer.ini 2009-02-07 07:09 . 2009-02-07 18:09 <DIR> d-------- c:\windows\fix 2009-02-06 16:52 . 2009-02-07 18:42 518,656 -r-hs---- c:\windows\system\wmisvr.exe 2009-02-06 16:51 . 2009-02-06 16:52 546,304 --a------ c:\windows\system32\qx.exe 2009-02-06 08:46 . 2009-02-07 13:15 518,656 --a------ c:\windows\system32\za.exe 2009-02-06 00:34 . 2009-02-06 00:34 543,232 --a------ c:\windows\system32\wh.exe 2009-02-05 20:30 . 2009-02-05 20:30 543,232 --a------ c:\windows\system32\gx.exe 2009-02-05 17:19 . 2009-02-05 17:19 543,232 --a------ c:\windows\system32\nx.exe 2009-02-05 14:38 . 2009-02-05 14:39 543,232 --a------ c:\windows\system32\gs.exe 2009-02-04 21:22 . 2009-02-04 21:22 554,496 -r-hs---- c:\windows\system\wmisvmgr.exe 2009-02-04 01:09 . 2009-02-04 01:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search 2009-02-04 01:07 . 2009-02-04 01:07 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-02-04 01:07 . 2009-02-04 07:37 <DIR> d-------- c:\program files\Windows Desktop Search 2009-02-04 01:07 . 2007-09-27 10:46 23,856 --a------ c:\windows\system32\spupdsvc.exe 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d-------- c:\windows\system32\DllCache 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-04 01:06 . 2008-03-07 17:56 192,000 --------- c:\windows\system32\DllCache\offfilt.dll 2009-02-04 01:06 . 2008-03-07 17:56 98,304 --------- c:\windows\system32\DllCache\nlhtml.dll 2009-02-04 01:06 . 2008-03-07 17:56 29,696 --------- c:\windows\system32\DllCache\mimefilt.dll 2009-02-04 01:05 . 2009-02-04 01:05 <DIR> d-------- c:\program files\MSECache 2009-01-21 18:41 . 2009-01-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\zweitgeist 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Shared 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Incomplete 2009-01-09 22:29 . 2009-01-13 19:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 17:12 --------- d-----w c:\program files\Gran Paradiso 2009-02-07 08:20 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-06 10:45 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7 2009-02-05 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-02-05 17:22 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-22 15:53 --------- d-----w c:\program files\Canon 2009-01-07 22:12 --------- d-----w c:\program files\Common Files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\program files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-01-01 12:20 --------- d-----w c:\program files\Netscape 2009-01-01 11:54 --------- d-----w c:\program files\Apple Software Update 2008-12-29 14:53 --------- d-----w c:\program files\PhotoScape 2008-12-29 14:33 --------- d-----w c:\program files\Google 2008-12-28 13:46 --------- d-----w c:\program files\Common Files\Adobe 2008-12-23 13:53 --------- d-----w c:\documents and settings\Administrator\Application Data\CD-LabelPrint 2008-12-23 11:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-12-21 11:07 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone 2008-12-21 11:06 --------- d-----w c:\program files\FastStone Capture 2008-12-21 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers 2008-12-21 09:56 --------- d-----w c:\program files\Vstplugins 2008-12-21 09:56 --------- d-----w c:\program files\Sony 2008-12-21 08:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2008-12-21 07:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Setup 2008-12-19 01:05 --------- d-----w c:\program files\Common Files\Skype 2008-12-18 06:11 --------- d-----w c:\program files\Opera 2008-12-17 08:13 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ 2008-12-17 07:20 --------- d-----w c:\program files\BearPaw 1200CU Plus 2008-12-17 07:19 --------- d-----w c:\program files\Temp 2008-12-16 23:01 --------- d-----w c:\program files\Sony Setup 2008-12-16 22:55 --------- d-----w c:\program files\CoffeeCup Software 2008-06-07 12:00 88 -csh--r c:\documents and settings\All Users\Application Data\A4845040EE.sys 2008-06-07 12:00 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys . ------- Sigcheck ------- 2007-04-21 13:21 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "WilSpoolProxy"="c:\program files\Unimessage Pro\WilCap.exe" [2004-08-13 77824] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 39408] "AOL Instant Messenger (TM)"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [1998-02-25 18944] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-16 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "VIDC.ACDV"= ACDV.dll "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm "MSACM.NSPAC"= NSPAC32.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system\\wmisvmgr.exe"= "c:\\WINDOWS\\System32\\gs.exe"= "c:\\WINDOWS\\System32\\nx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\System32\\gx.exe"= "c:\\WINDOWS\\System32\\wh.exe"= "c:\\WINDOWS\\System32\\za.exe"= "c:\\WINDOWS\\system\\wmisvr.exe"= R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2007-10-11 15872] R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [2007-06-13 23008] R2 wilusbmonitor;Unimessage Printer Tracking Service;c:\windows\system32\wilpmove.exe [2007-06-13 77824] R2 WMISMGR;Windows Sync-Manager;c:\windows\system\wmisvmgr.exe [2009-02-04 554496] R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-01-23 11256] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-01-23 16696] R4 sysdrv32;Play Port I/O Driver;c:\windows\system32\drivers\sysdrv32.sys [2009-02-07 11656] S2 WMISRV;WMI Servicer;c:\windows\system\wmisvr.exe [2009-02-06 518656] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-01-23 18168] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - SYSDRV32 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e438fd2-921c-11dd-8663-8a00a12abbf3}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152e43c1-d7ff-11dd-869d-001d9271d11e}] \shell\explore\Command - G:\kvtrwkcc.exe \shell\open\Command - G:\kvtrwkcc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f905e00-daf6-11dd-869f-001d9271d11e}] \Shell\AutoRun\command - G:\RavMon.exe \Shell\explore\Command - G:\RavMon.exe -e \Shell\open\Command - G:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe418022-3429-11dc-9847-001617d60841}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder 2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1659004503-682003330-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 14:05] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Page = [Link mogu videti samo ulogovani korisnici] uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uSearch Bar = [Link mogu videti samo ulogovani korisnici] mDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyOverride = .local;<local> uSearchAssistant = [Link mogu videti samo ulogovani korisnici]* uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] mSearchAssistant = [Link mogu videti samo ulogovani korisnici] IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4k1xvwji.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npswf32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPVCAL32.DLL . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-02-07 18:47:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5e,ee,2c,b3,65, c0,6c,2f,c8,28,51,af,b0,29,a3,98,af,91,4b,5c,be,6c,31,6b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,0a,40,28,a0,1c, bd,0e,fc,71,3b,04,66,8b,46,0d,96,25,cb,dc,02,60,b9,d9,72,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e3,92,5d,ed,6e, 31,4d,ef,25,da,ec,7e,55,20,c9,26,53,f6,e5,7d,00,ec,97,56,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3b,ec,8f,63,93, 19,95,bc,3e,1e,9e,e0,57,5a,93,61,72,11,90,0f,19,4f,9d,64,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,94,87,4e,4b,e1, 17,f8,4a,cd,44,cd,b9,a6,33,6c,cd,f8,ae,30,b0,39,93,fa,45,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b6,0f,e5,db,e1, 4a,83,2e,b0,18,ed,a7,3f,8d,37,a4,87,55,4c,b4,ef,15,cf,7c,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,3b,b2,c2,46,55, d6,09,f3,31,77,e1,ba,b1,f8,68,02,eb,6c,36,a6,d3,5c,a1,69,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2c,96,4e,0d,3e, b8,7f,30,83,6c,56,8b,a0,85,96,ab,16,c3,4a,50,cc,f0,53,2d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,29,af,01,1c,b5, ee,aa,8b,51,fa,6e,91,28,9e,14,cc,27,ab,6f,6e,df,ad,12,ff,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,7d,d6,11,16,6b, f1,16,5a,b1,cd,45,5a,a8,c4,f8,b9,65,cf,70,76,f7,b2,90,57,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c4,7f,7e,8a,32, 27,ee,b9,e3,0e,66,d5,eb,bc,2f,6b,39,6d,60,65,29,05,6a,ea,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b7,3a,78,db,26, a5,00,8e,fa,ea,66,7f,d4,3b,6b,70,a1,1a,1e,9c,d9,ae,59,90,6c,43,2d,1e,aa,22,\ . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\scardsvr.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-02-07 18:50:14 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2009-02-07 17:50:12 Pre-Run: 28,494,192,640 bytes free Post-Run: 28,483,989,504 bytes free 316 Ponovio sam proces i mislim da je sada sve odrađemo kako treba.

Profil

diarno Poslao: 07 Feb 2009 20:57 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system\wmisvr.exe C:\WINDOWS\system32\qx.exe C:\WINDOWS\system32\za.exe C:\WINDOWS\system32\wh.exe C:\WINDOWS\system32\gx.exe C:\WINDOWS\system32\nx.exe C:\WINDOWS\system32\gs.exe C:\WINDOWS\system\wmisvmgr.exe c:\windows\system32\xz.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e438fd2-921c-11dd-8663-8a00a12abbf3}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152e43c1-d7ff-11dd-869d-001d9271d11e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f905e00-daf6-11dd-869f-001d9271d11e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe418022-3429-11dc-9847-001617d60841}] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system\\wmisvmgr.exe"=- "C:\\WINDOWS\\System32\\gs.exe"=- "C:\\WINDOWS\\System32\\nx.exe"=- "C:\\WINDOWS\\System32\\gx.exe"=- "C:\\WINDOWS\\System32\\wh.exe"=- "C:\\WINDOWS\\System32\\za.exe"=- "C:\\WINDOWS\\system\\wmisvr.exe"=- Driver:: WMISRV WMISMGR Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus ili???

Ko je trenutno na forumu

Ukupno su 769 korisnika na forumu :: 50 registrovanih, 5 sakrivenih i 714 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -III-, ALFASPORTIVO, Automaticar, Bokiboks, Brankojle, cifra, cincarin, debeli, dejan1972, dekao, djonsule, dok80, drimer, dushan, Dzoni2412, Giskard, HrcAk47, Jester, lord sir giga, M74AB3, Marko Marković, MaschinenPistole, Medojed, mercedesamg, MiloradKomadic, mkukoleca, Nemanja.M, nuke92, oddsock, Orc, Parker, Prašinar, proka89, Radoslava, ruma, savaskytec, skok, Sonic, sspp, stegonosa, Stojan Mrsavi, Superastro, theNedjeljko, Tila Painen, Tvrtko I, Vanderx, VanZan, vathra, Velizar Laro, Zorge

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by