W32.Rontokbro.B@mm

W32.Rontokbro.B@mm

offline
  • Pridružio: 22 Dec 2005
  • Poruke: 5

Pozdrav svima.Zamolila bih za pomoc posto sam izgubila sve zivce pokusavajuci da se resim napasti i nisam uspela a nije mi resenje reinstalacija wina jer mi se virus pojavljuje i na c i na d na kome imam preko 100 gb programa,slika i filmova.U pitanju je W32.Rontokbro.B@mm koji mi prijavljuje Norton Iternet Security.Ne moze da ga obrise ali ga non stop blokira i to najvise u d/filmovi pokusava da se ubaci u svaki folder sa filmom. Pomagajte molim vas.Evo postavljam logove.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:31 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8537D5-0DA1-4AF0-A703-896E844C6C69}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8140 bytes





ComboFix 08-10-07.03 - Tanja 2008-10-08 17:05:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT 2:00]
Running from: C:\Documents and Settings\Tanja\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-08 16:51 . 2008-10-08 16:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-07 12:27 . 2008-04-07 16:42 995,268 --a------ C:\wa501gv1-en-up.bin
2008-10-07 12:27 . 2007-01-28 05:03 90,112 --a------ C:\tftpd32.exe
2008-10-07 01:14 . 2008-10-07 01:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-06 22:26 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-06 22:26 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-06 22:26 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-06 17:26 . 2008-08-26 13:52 <DIR> d-------- C:\Documents and Settings\Administrator\ff_temp
2008-10-06 17:26 . 2008-09-16 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives
2008-10-06 17:26 . 2008-08-26 13:52 <DIR> d-------- C:\Documents and Settings\Administrator\7zS183C.tmp
2008-10-06 17:26 . 2008-10-06 21:35 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-05 00:46 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-10-05 00:46 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-10-05 00:29 . 2008-10-06 22:26 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-05 00:28 . 2008-10-05 00:41 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:28 . 2008-10-07 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-05 00:28 . 2008-10-05 00:41 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:28 . 2008-10-05 00:41 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:28 . 2008-10-05 00:41 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-05 00:28 . 2008-10-05 00:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 00:27 . 2008-10-08 16:18 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-29 23:12 . 2008-09-29 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-22 11:55 . 2008-09-29 23:12 <DIR> d-------- C:\Program Files\Microids(2)
2008-09-18 18:27 . 2008-09-18 18:27 <DIR> d-------- C:\Program Files\Funcom
2008-09-18 03:02 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\DllCache\fltmgr.sys
2008-09-18 03:02 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\DllCache\fltmc.exe
2008-09-18 03:02 . 2006-08-21 14:21 16,896 --------- C:\WINDOWS\system32\DllCache\fltlib.dll
2008-09-17 20:07 . 2007-07-09 15:16 582,656 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
2008-09-16 20:49 . 2008-09-16 20:49 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Leadertech
2008-09-16 20:48 . 2008-09-16 21:13 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Desperate Housewives
2008-09-16 20:47 . 2008-09-16 20:47 <DIR> d-------- C:\Program Files\Buena Vista Games
2008-09-16 20:47 . 2008-09-16 20:49 1,175 --a------ C:\WINDOWS\disney.ini
2008-09-16 20:47 . 2008-09-16 20:47 186 --a------ C:\WINDOWS\disneysy.ini
2008-09-16 20:28 . 2008-09-16 20:28 <DIR> d-------- C:\Program Files\Pro Pinball
2008-09-15 18:09 . 2007-12-21 05:09 368,640 -ra------ C:\WINDOWS\system32\SET30.tmp
2008-09-15 18:07 . 2008-09-15 18:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-15 18:07 . 2008-09-15 18:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-15 16:03 . 2008-09-16 16:08 <DIR> d-------- C:\Program Files\ATI
2008-09-15 16:01 . 2008-09-15 16:01 <DIR> d-------- C:\ATI
2008-09-15 15:56 . 2008-09-15 15:56 <DIR> d-------- C:\Program Files\Softland
2008-09-15 15:56 . 2008-07-21 14:10 21,656 --a------ C:\WINDOWS\system32\dopdfmn6.dll
2008-09-15 15:56 . 2008-07-21 14:10 18,072 --a------ C:\WINDOWS\system32\dopdfmi6.dll
2008-09-15 15:56 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\dopdf6.ctm
2008-09-15 15:55 . 2008-09-15 15:55 <DIR> d-------- C:\WINDOWS\speech
2008-09-15 15:55 . 2008-09-15 15:55 <DIR> d-------- C:\WINDOWS\Lhsp
2008-09-15 15:55 . 2008-09-15 15:55 <DIR> d-------- C:\Program Files\Di recnik
2008-09-15 15:55 . 2002-02-01 19:00 1,497,088 --a------ C:\WINDOWS\system32\cc3260mt.dll
2008-09-15 15:55 . 2003-01-30 05:04 1,412,608 --a------ C:\WINDOWS\system32\cc3260.dll
2008-09-15 15:55 . 2002-02-01 18:00 1,326,080 --a------ C:\WINDOWS\system32\vcl60.bpl
2008-09-15 15:55 . 2002-02-01 17:00 148,992 --a------ C:\WINDOWS\system32\adortl60.bpl
2008-09-15 15:55 . 2002-02-01 18:00 22,016 --a------ C:\WINDOWS\system32\Borlndmm.dll
2008-09-15 15:53 . 2008-09-15 15:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-15 15:52 . 2008-09-15 15:52 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-15 15:52 . 2008-09-15 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-15 15:50 . 2008-09-15 15:50 <DIR> d-------- C:\Program Files\CCleaner
2008-09-15 15:48 . 2008-09-15 15:48 <DIR> d-------- C:\Program Files\Winamp
2008-09-15 15:48 . 2008-09-15 18:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-15 15:48 . 2008-09-15 15:48 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Winamp
2008-09-15 15:47 . 2008-10-02 09:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-15 15:47 . 2008-10-02 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 15:44 . 2008-09-15 15:44 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 15:44 . 2008-09-15 15:45 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\BSplayer Pro
2008-09-15 15:43 . 2008-09-15 15:43 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-15 15:43 . 2008-09-15 15:43 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-15 15:43 . 2008-09-15 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-15 15:42 . 2008-09-15 15:42 <DIR> d-------- C:\Program Files\Skype
2008-09-15 15:42 . 2008-09-15 15:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-15 15:42 . 2008-09-15 18:02 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Skype
2008-09-15 15:42 . 2008-09-15 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-15 15:36 . 2008-09-15 15:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-15 15:10 . 2008-09-15 15:10 <DIR> d-------- C:\Program Files\Sparkle
2008-09-10 23:35 . 2008-09-10 23:36 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-09-10 23:35 . 2008-09-10 23:36 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-09-08 01:03 . 2008-09-15 15:09 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Lavasoft
2008-09-08 00:56 . 1999-07-22 18:14 306,688 --a------ C:\WINDOWS\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 18:45 --------- d-----w C:\Program Files\Hard Disk Sentinel
2008-09-18 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 17:27 --------- d-----w C:\Program Files\Unlocker
2008-09-15 13:45 --------- d-----w C:\Program Files\PowerISO
2008-09-07 21:55 --------- d-----w C:\Program Files\Runtime Software
2008-09-07 21:27 --------- d-----w C:\Documents and Settings\Tanja\Application Data\EPSON
2008-09-03 10:26 275,458 ----a-w C:\WINDOWS\StrongDC++ Uninstaller.exe
2008-09-03 00:24 --------- d-----w C:\Program Files\MSI
2008-09-02 23:58 --------- d-----w C:\Documents and Settings\Tanja\Application Data\Talkback
2008-09-02 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-02 21:24 --------- d-----w C:\Program Files\ESET
2008-09-02 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-02 14:00 --------- d-----w C:\Program Files\Alwil Software
2008-09-02 13:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-02 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-09-02 13:31 --------- d-----w C:\Program Files\epson
2008-09-02 13:31 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-09-02 13:27 --------- d-----w C:\Documents and Settings\Tanja\Application Data\InstallShield
2008-09-02 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-02 12:54 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-02 12:54 --------- d-----w C:\Program Files\Realtek
2008-09-02 12:52 --------- d-----w C:\Program Files\Intel
2008-09-02 12:49 --------- d-----w C:\Documents and Settings\Tanja\Application Data\ATI
2008-09-02 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-09-02 12:46 --------- d-----w C:\Program Files\ATI Technologies
2008-09-02 12:43 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-09-02 07:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-02 07:37 --------- d-----w C:\Documents and Settings\Tanja\Application Data\Nero
2008-09-02 07:36 --------- d-----w C:\Program Files\Nero
2008-09-02 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-02 07:31 --------- d-----w C:\Documents and Settings\Tanja\Application Data\DeepBurner
2008-09-02 06:06 --------- d-----w C:\Program Files\Astonsoft
2008-08-26 13:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-26 11:52 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-08-26 11:52 --------- d-----w C:\Program Files\QuickTime Alternative
2008-08-26 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-26 11:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 11:45 --------- d-----w C:\Program Files\MSN Messenger
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Hard Disk Sentinel"="C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" [2008-09-02 3256320]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-01-06 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\MSI\Bluetooth Software\BTTray.exe [2004-03-31 507965]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
C:\Program Files\Di recnik [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
--a------ 2007-04-12 08:00 182272 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-12-14 13:13 7095344 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 02:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 18:19 21741864 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\BEOGRID\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2001-10-17 25434]
S1 tvtool;tvtool;C:\Program Files\TVTool 9.5\tvtool.sys [ ]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 39424]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-04 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tanja.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 03:09]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tanja\Application Data\Mozilla\Firefox\Profiles\2da0mdam.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-08 17:06:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-08 17:07:16
ComboFix-quarantined-files.txt 2008-10-08 15:07:10
ComboFix2.txt 2008-10-08 15:02:19

Pre-Run: 145,168,465,920 bytes free
Post-Run: 145,156,177,920 bytes free

222 --- E O F --- 2008-09-18 01:06:57

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Da li je negde pisalo da se postavi ComboFix logfile?



Šta tačno NIS prijavljuje (zanima me tačan naziv bar jednog od detektovanih file-ova)?

offline
  • Pridružio: 22 Dec 2005
  • Poruke: 5

Nije pisalo,izvinjavam se mislila sam da ce pomoci.Kada sam radila scan NIS je nasao virus W32.Rontokbro.B@mm i na c i na d(nazalost ne secam se vise nijedne putanje).Sada kada skeniram ne nalazi nista i kaze da je kompjuter cist ali non stop mi izbacuje poruke da ga blokira na sledecim mestima
D/Filmovi/2 Days in Paris/Data Maja.exe
D/Filmovi/2 Days in Paris/2 Days in Paris.exe
D/Filmovi/THE contractor(DVDrip)/THE contractor(DVDrip).exe
D/Filmovi/THE contractor(DVDrip)/THE contractor(DVDrip).Data Maja.exe
D/Filmovi/3.Pigs.And.A.Baby.2008.DVDrip.XviD-VoMIT/Data Maja.exe
D/Filmovi/3.Pigs.And.A.Baby.2008.DVDrip.XviD-VoMIT/3.Pigs.And.A.Baby.2008.DVDrip.XviD-VoMIT.exe
i tako za skoro sve filmove t.j. skoro svaki folder sa filmom.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Sledi download od 25 MB, čisto da znaš.



Preuzmi Norman Malware Cleaner na Desktop.

Uraditi sledeće:
Restartovati kompjuter u Safe Mode (uputstvo)
Dvoklikom pokrenuti Norman_Malware_Cleaner.exe
Kliknuti Accept da bi prešli na sledeći ekran
Pokrenuti skeniranje klikom na Start Scan i sačekati da se završi
Ukoliko se pojavi upit o restartovanju kompjutera:

Kliknuti Yes
Nakon restarta, skeniranje/čišćenje će biti nastavljeno

Kada proces bude završen, zatvoriti program klikom na Quit

Uz iduću poruku priložiti logfile NFix_datum_vreme.log koji će se nalaziti na Desktop-u.

offline
  • Pridružio: 22 Dec 2005
  • Poruke: 5

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/10/01 00:27:52

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/10/01 00:27:52, Variants: 2064523

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: 0F130830B196458\Tanja


Scan started: 08/10/2008 23:19:46


Scanning running processes and process memory...

Number of processes/threads found: 497
Number of processes/threads scanned: 497
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 13s


Scanning file system...

Scanning: C:\*.*

C:\D\W\SE\2\PRISMSVR.EXE (Infected with W32/Smalltroj.DGTX)
Deleted file

C:\Program Files\ACD Systems\ACDSee\9.0\bin\sample.wma (Error whilst scanning file: I/O Error (0x00000000))

C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error (0x0022000A))
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

C:\System Volume Information\_restore{699A6530-D36F-4FC0-974D-9D50D055C8F3}\RP2\A0000137.EXE (Infected with W32/Smalltroj.DGTX)
Deleted file

Scanning: D:\*.*

D:\BEOGRID\StrongDC++\Downloads\Luxor 2\Luxor 2 from gamehouse by TFT-TEAM.exe (Infected with W32/Packed_NsPack.I)
Deleted file

D:\BEOGRID\StrongDC++\Downloads\Vista Certified Programs -12in1- Must Have (AIO)\Vista Certified.exe (Infected with W32/Smalltroj.CRAU)
Deleted file

D:\System Volume Information\_restore{699A6530-D36F-4FC0-974D-9D50D055C8F3}\RP2\A0000138.exe (Infected with W32/Packed_NsPack.I)
Deleted file

D:\System Volume Information\_restore{699A6530-D36F-4FC0-974D-9D50D055C8F3}\RP2\A0000139.exe (Infected with W32/Smalltroj.CRAU)
Deleted file

Scanning: E:\*.*

E:\programi\Nero.8.2.8.0.KeyGen.Only.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

E:\programi\DivFix 1.10\DivFix110.exe (Infected with W32/Smalldrp.IXA)
Deleted file

E:\programi\Nero Burning ROM 8.2.8.0\Nero.8.2.8.0.KeyGen.Only.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

E:\programi\TVTool v9.6.3 FULL\KeyGen\keygen.exe (Infected with W32/Packed_FSG.C)
Deleted file

E:\programi\TVTool v9.6.3 FULL - NVIDIA\KeyGen\keygen.exe (Infected with W32/Packed_FSG.C)
Deleted file

E:\programi\TVTool.v9.7.Incl.Keygen-ORiON\keygen.exe (Infected with W32/Packed/FSG_2.A)
Deleted file

E:\programi\TVTool.v9.7.Incl.Keygen-ORiON\TVTool_v9[1].7.zip/TVTool.v9.7.Incl.Keygen-ORiON/keygen.exe (Infected with W32/Packed/FSG_2.A)
Deleted file

E:\programi\TVTool.v9.7.Incl.Keygen-ORiON\TVTool_v9[2].71.zip/TVTool.v9.7.Incl.Keygen-ORiON/keygen.exe (Infected with W32/Packed/FSG_2.A)
Deleted file

E:\System Volume Information\_restore{699A6530-D36F-4FC0-974D-9D50D055C8F3}\RP2\A0000140.exe (Infected with W32/Smalldrp.IXA)
Deleted file

E:\System Volume Information\_restore{699A6530-D36F-4FC0-974D-9D50D055C8F3}\RP2\A0000141.exe (Infected with W32/Packed_FSG.C)
Deleted file

E:\System Volume Information\_restore{699A6530-D36F-4FC0-974D-9D50D055C8F3}\RP2\A0000142.exe (Infected with W32/Packed_FSG.C)
Deleted file

E:\System Volume Information\_restore{699A6530-D36F-4FC0-974D-9D50D055C8F3}\RP2\A0000143.exe (Infected with W32/Packed/FSG_2.A)
Deleted file

Scanning: F:\*.*

F:\BACKUP\N81\EHandySoft.CoolSMSPlus.v1.1.S60v3.SymbianOS9.1.Unsigned.Retail-SyMPDA.rar/EHandySoft.CoolSMSPlus.v1.1.S60v3.SymbianOS9.1.Unsigned.Retail-SyMPDA\sym-1413.zip/sym-1413.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

F:\Fles\Slike1\Downloads\Portable USB Safely Remove v3.3.0.611.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

Scanning: c:\System Volume Information\*.*

Scanning: d:\System Volume Information\*.*

Scanning: e:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 116719
Number of archives unpacked: 946
Number of files scanned: 116671
Number of files not scanned: 48
Number of files skipped due to exclude list: 0
Number of infected files found: 17
Number of infected files repaired/deleted: 16
Number of infections removed: 16
Total scanning time: 45m 55s

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje?

Detektuje li NIS nešto? Ako da, šta uradi sa tim što detektuje?

Jesi li pokušala da skeniraš taj ''problematični'' folder NIS-om? Kakav je rezultat bio?

offline
  • Pridružio: 22 Dec 2005
  • Poruke: 5

Cini mi se da je sada sve u redu NIS mi nije prijavljivao da blokira nesto od kada sam ukljucila racunar.Kada skeniram NIS ne nalazi nista.
Mnogo hvala na pomoci!

Ko je trenutno na forumu
 

Ukupno su 657 korisnika na forumu :: 40 registrovanih, 9 sakrivenih i 608 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aerofreak, Apok, bankulen, bojank, brundo65, BSD, Buzdovan, cikadeda, dankisha, darkstar101, djboj, Doca, Dorcolac, Drug pukovnik, h8propaganda, Kiki2004, kovinacc, liman, MarKhan, marsovac 2, MB120mm, Mercury, mnn2, nobutado, pedjolino76, Polemarchoi, renoje2, Rosen Rusev, sabros, sakota79, segax1, Skijavoneska, StefanNBG90, t84dar, TetkaPersa, VP3987, zajcev1, zlatkovuka, 79693