MyCity » Ambulanta -> Arhiva Ambulante » ako moze da se proveri ovo

ako moze da se proveri ovo

Napisano na dan: 6.10.2008

Strana:
1
2

ako moze da se proveri ovo

Sledeća strana

Pagination

Odgovori

Strana:
1
2

mczans Poslao: 06 Okt 2008 00:06 Idi na vrh
offline mczans Građanin Pridružio: 03 Okt 2008 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! jel moze da se proveri ovo dal nema nekih virusa ili trojanaca??Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:09 AM, on 10/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ThreatFire\TFTray.exe C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe C:\Program Files\Sonique\sqstart.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\user\Desktop\TR3.exe\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll (file missing) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MSN] C:\Windows\svrse.exe O4 - HKLM\..\Run: [FixBluetooth] C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DU Meter] C:\DOCUME~1\user\LOCALS~1\Temp\is-UPT0Q.tmp\DUMeter.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleiI.lnk = C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe -- End of file - 6508 bytes

Profil

dr_Bora Poslao: 06 Okt 2008 16:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Zašto nemaš instaliran (klasičan) antivirus? Privremeno isključi ThreatFire (desni klik na ikonicu u system tray-u i izaberi Suspend). Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

mczans Poslao: 06 Okt 2008 19:58 Idi na vrh
offline mczans Građanin Pridružio: 03 Okt 2008 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-05.11 - user 2008-10-06 19:49:29.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.73 [GMT 2:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . /wow section not completed ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 ))))))))))))))))))))))))))))))) . 2008-10-06 17:51 . 2008-10-06 17:51 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta 2008-10-06 17:51 . 2008-10-06 19:05 <DIR> d-------- C:\Documents and Settings\user\Application Data\Audacity 2008-10-06 10:09 . 2008-10-06 10:09 <DIR> d-------- C:\Program Files\HooTech 2008-10-06 10:05 . 2008-10-06 10:05 <DIR> d-------- C:\DVDVideoSoft 2008-10-06 00:22 . 2008-10-06 01:16 <DIR> d-------- C:\Program Files\Achilles-Script 3.7 2008-10-05 23:36 . 2008-10-05 23:36 <DIR> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software 2008-10-05 23:36 . 2008-10-05 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\DVDVideoSoft 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\AskSearch 2008-10-03 18:25 . 2008-10-03 18:25 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-10-02 15:47 . 2008-10-02 15:47 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-10-02 13:20 . 2008-10-02 13:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\Teleca 2008-10-02 13:20 . 2008-10-02 13:20 <DIR> d-------- C:\Documents and Settings\user\Application Data\Sony Ericsson 2008-10-02 13:15 . 2008-10-02 13:15 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-10-02 13:15 . 2008-10-02 13:16 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-10-02 13:15 . 2008-10-02 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-10-02 13:15 . 2008-10-02 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-10-02 13:13 . 2008-10-02 13:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-10-01 19:49 . 2008-10-02 14:39 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2008-10-01 13:26 . 2008-10-01 13:26 <DIR> d-------- C:\Program Files\Ashampoo 2008-09-27 01:09 . 2008-09-27 01:09 <DIR> d-------- C:\WINDOWS\Sun 2008-09-22 15:32 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL 2008-09-22 15:32 . 2000-05-21 22:00 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx 2008-09-22 15:32 . 1998-06-23 22:00 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-09-22 15:32 . 2001-03-13 11:49 120,320 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-09-22 15:32 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.ocx 2008-09-21 17:50 . 2008-04-08 01:16 9,200 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-21 17:50 . 2008-04-08 01:16 9,072 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-21 17:49 . 2008-09-21 17:49 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS 2008-09-21 14:27 . 2008-09-21 14:33 <DIR> d-------- C:\Documents and Settings\user\DoctorWeb 2008-09-21 12:01 . 2008-09-21 12:01 <DIR> d-------- C:\Program Files\ESTsoft 2008-09-21 12:01 . 2008-09-27 19:02 <DIR> d-------- C:\Documents and Settings\user\Application Data\ESTsoft 2008-09-21 12:01 . 2008-09-27 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESTsoft 2008-09-19 22:49 . 2003-08-15 14:55 348,160 --a------ C:\WINDOWS\system32\eSellerateEngine.dll 2008-09-19 21:56 . 2008-09-19 21:56 <DIR> d-------- C:\WINDOWS\system32\P2P Networking 2008-09-19 17:05 . 2008-09-19 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-19 12:24 . 2008-09-19 12:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-19 12:19 . 2008-09-19 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-09-19 12:17 . 2008-09-19 12:18 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-09-18 18:44 . 2008-09-18 18:44 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr 2008-09-18 10:55 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-09-17 15:51 . 2008-06-02 14:10 1,363,968 --a------ C:\WINDOWS\system32\HDX4H263Decoder.ax 2008-09-17 15:51 . 2008-06-02 14:10 167,936 --a------ C:\WINDOWS\system32\HDX4FlashDemuxer.ax 2008-09-12 09:51 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-12 09:51 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-12 09:51 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-11 20:13 . 2008-09-11 20:13 <DIR> d-------- C:\Program Files\Windows Live 2008-09-11 20:13 . 2008-09-11 20:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-11 20:07 . 2008-09-11 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-11 17:42 . 2008-10-05 23:11 <DIR> d-------- C:\downloads 2008-09-11 17:42 . 2008-09-11 17:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\GrabPro 2008-09-10 21:35 . 2008-09-10 21:35 <DIR> d-------- C:\Program Files\ThreatFire 2008-09-10 21:35 . 2008-09-10 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-09-10 21:35 . 2008-04-24 16:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys 2008-09-10 21:06 . 2008-09-10 21:06 <DIR> d---s---- C:\Documents and Settings\user\UserData 2008-09-10 21:05 . 2008-10-05 23:48 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-09-10 21:05 . 2008-10-06 19:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-10 17:08 . 2008-09-16 18:51 <DIR> d-------- C:\Documents and Settings\user\Contacts 2008-09-10 17:06 . 2008-10-02 13:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-09-10 17:06 . 2008-09-10 17:06 <DIR> d-------- C:\Program Files\MSN Messenger 2008-09-10 17:04 . 2004-07-15 00:24 155,648 --a------ C:\WINDOWS\system32\TBD75.tmp 2008-09-10 11:55 . 2008-09-10 11:55 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-09-10 11:55 . 2008-09-10 11:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\Talkback 2008-09-10 11:54 . 2008-09-10 11:54 <DIR> d-------- C:\Program Files\Real 2008-09-10 11:54 . 2008-09-10 11:55 <DIR> d-------- C:\Program Files\Common Files\Real 2008-09-10 11:34 . 2008-09-16 11:13 <DIR> d-------- C:\Temp 2008-09-09 21:16 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-09-09 21:16 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-09 21:02 . 2008-09-11 10:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-09-09 21:02 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-09-09 20:15 . 2008-09-09 20:15 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-09-07 20:54 . 2008-09-08 19:11 <DIR> d-------- C:\Documents and Settings\My Pictures 2008-09-07 20:54 . 2008-09-08 19:11 <DIR> d-------- C:\Documents and Settings\My Music . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-06 15:58 --------- d-----w C:\Program Files\AIMP2 2008-10-02 11:13 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-25 12:57 --------- d-----w C:\Program Files\Sonique 2008-09-21 15:49 --------- d-----w C:\Program Files\Google 2008-09-19 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-10 15:30 --------- d-----w C:\Documents and Settings\user\Application Data\MSNInstaller 2008-09-10 09:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-09-10 09:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-09-03 08:01 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-09-03 07:58 --------- d-----w C:\Program Files\Opera 2008-09-02 12:58 155,995 ----a-w C:\WINDOWS\java\Packages\C7XVP3FF.ZIP 2008-09-02 12:58 --------- d-----w C:\Program Files\Microsoft VM 2008-08-29 15:24 --------- d-----w C:\Documents and Settings\user\Application Data\CyberLink 2008-08-28 13:43 --------- d-----w C:\Program Files\GameHouse 2008-08-28 13:43 --------- d-----w C:\Documents and Settings\user\Application Data\GameHouse 2008-08-28 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2008-08-25 12:25 --------- d-----w C:\Program Files\Xilisoft 2008-08-12 14:17 --------- d-----w C:\Program Files\GNU 2008-08-12 14:16 --------- d-----w C:\Documents and Settings\user\Application Data\GRETECH 2008-08-12 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-08-12 14:15 --------- d-----w C:\Program Files\GRETECH 2008-08-12 13:40 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic 2008-08-08 10:38 --------- d-----w C:\Program Files\Webteh 2008-08-08 10:38 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-08 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-08 10:35 --------- d-----w C:\Program Files\CyberLink 2008-08-08 10:32 --------- d-----w C:\Program Files\Winamp 2008-08-08 10:29 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-08-08 10:28 --------- d-----w C:\Program Files\Common Files\L&H 2008-08-08 10:23 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-08 10:21 --------- d-----w C:\Program Files\Ahead 2008-08-08 09:44 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "SoniqueQuickStart"="C:\Program Files\Sonique\sqstart.exe" [2008-08-29 44832] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "FixBluetooth"="C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe" [2008-02-02 234271] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-10 185896] "ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 259392] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BlueSoleiI.lnk - C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe [2008-09-04 234271] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DWSHIELD.SYS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 51520] R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 38208] R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ] R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 33088] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-04 29744] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ] . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll HKCU-Run-DU Meter - C:\DOCUME~1\user\LOCALS~1\Temp\is-UPT0Q.tmp\DUMeter.exe MSConfigStartUp-ares vista - C:\Program Files\Ares Vista\Ares.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7ndyn3fh.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.orbitdownloader.com . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-06 19:50:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\C:\DOCUME~1\user\LOCALS~1\Temp\ASFWHide" . Completion time: 2008-10-06 19:53:34 ComboFix-quarantined-files.txt 2008-10-06 17:53:29 Pre-Run: 13,853,757,440 bytes free Post-Run: 13,843,279,872 bytes free 214 --- E O F --- 2008-10-03 16:25:55 avo jel to to??

Profil

dr_Bora Poslao: 06 Okt 2008 20:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe DirLook:: C:\WINDOWS\OPTIONS Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FixBluetooth"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

mczans Poslao: 06 Okt 2008 23:45 Idi na vrh
offline mczans Građanin Pridružio: 03 Okt 2008 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-05.11 - user 2008-10-06 23:40:23.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.79 [GMT 2:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe . /wow section not completed ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 ))))))))))))))))))))))))))))))) . 2008-10-06 17:51 . 2008-10-06 17:51 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta 2008-10-06 17:51 . 2008-10-06 19:05 <DIR> d-------- C:\Documents and Settings\user\Application Data\Audacity 2008-10-06 10:09 . 2008-10-06 10:09 <DIR> d-------- C:\Program Files\HooTech 2008-10-06 10:05 . 2008-10-06 10:05 <DIR> d-------- C:\DVDVideoSoft 2008-10-06 00:22 . 2008-10-06 01:16 <DIR> d-------- C:\Program Files\Achilles-Script 3.7 2008-10-05 23:36 . 2008-10-05 23:36 <DIR> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software 2008-10-05 23:36 . 2008-10-05 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\DVDVideoSoft 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\AskSearch 2008-10-03 18:25 . 2008-10-03 18:25 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-10-02 15:47 . 2008-10-02 15:47 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-10-02 13:20 . 2008-10-02 13:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\Teleca 2008-10-02 13:20 . 2008-10-02 13:20 <DIR> d-------- C:\Documents and Settings\user\Application Data\Sony Ericsson 2008-10-02 13:15 . 2008-10-02 13:15 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-10-02 13:15 . 2008-10-02 13:16 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-10-02 13:15 . 2008-10-02 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-10-02 13:15 . 2008-10-02 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-10-02 13:13 . 2008-10-02 13:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-10-01 19:49 . 2008-10-02 14:39 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2008-10-01 13:26 . 2008-10-01 13:26 <DIR> d-------- C:\Program Files\Ashampoo 2008-09-27 01:09 . 2008-09-27 01:09 <DIR> d-------- C:\WINDOWS\Sun 2008-09-22 15:32 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL 2008-09-22 15:32 . 2000-05-21 22:00 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx 2008-09-22 15:32 . 1998-06-23 22:00 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-09-22 15:32 . 2001-03-13 11:49 120,320 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-09-22 15:32 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.ocx 2008-09-21 17:50 . 2008-04-08 01:16 9,200 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-21 17:50 . 2008-04-08 01:16 9,072 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-21 17:49 . 2008-09-21 17:49 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS 2008-09-21 14:27 . 2008-09-21 14:33 <DIR> d-------- C:\Documents and Settings\user\DoctorWeb 2008-09-21 12:01 . 2008-09-21 12:01 <DIR> d-------- C:\Program Files\ESTsoft 2008-09-21 12:01 . 2008-09-27 19:02 <DIR> d-------- C:\Documents and Settings\user\Application Data\ESTsoft 2008-09-21 12:01 . 2008-09-27 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESTsoft 2008-09-19 22:49 . 2003-08-15 14:55 348,160 --a------ C:\WINDOWS\system32\eSellerateEngine.dll 2008-09-19 21:56 . 2008-09-19 21:56 <DIR> d-------- C:\WINDOWS\system32\P2P Networking 2008-09-19 17:05 . 2008-09-19 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-19 12:24 . 2008-09-19 12:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-19 12:19 . 2008-09-19 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-09-19 12:17 . 2008-09-19 12:18 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-09-18 18:44 . 2008-09-18 18:44 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr 2008-09-18 10:55 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-09-17 15:51 . 2008-06-02 14:10 1,363,968 --a------ C:\WINDOWS\system32\HDX4H263Decoder.ax 2008-09-17 15:51 . 2008-06-02 14:10 167,936 --a------ C:\WINDOWS\system32\HDX4FlashDemuxer.ax 2008-09-12 09:51 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-12 09:51 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-12 09:51 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-11 20:13 . 2008-09-11 20:13 <DIR> d-------- C:\Program Files\Windows Live 2008-09-11 20:13 . 2008-09-11 20:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-11 20:07 . 2008-09-11 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-11 17:42 . 2008-10-05 23:11 <DIR> d-------- C:\downloads 2008-09-11 17:42 . 2008-09-11 17:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\GrabPro 2008-09-10 21:35 . 2008-09-10 21:35 <DIR> d-------- C:\Program Files\ThreatFire 2008-09-10 21:35 . 2008-09-10 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-09-10 21:35 . 2008-04-24 16:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys 2008-09-10 21:06 . 2008-09-10 21:06 <DIR> d---s---- C:\Documents and Settings\user\UserData 2008-09-10 21:05 . 2008-10-05 23:48 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-09-10 21:05 . 2008-10-06 23:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-10 17:08 . 2008-09-16 18:51 <DIR> d-------- C:\Documents and Settings\user\Contacts 2008-09-10 17:06 . 2008-10-02 13:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-09-10 17:06 . 2008-09-10 17:06 <DIR> d-------- C:\Program Files\MSN Messenger 2008-09-10 17:04 . 2004-07-15 00:24 155,648 --a------ C:\WINDOWS\system32\TBD75.tmp 2008-09-10 11:55 . 2008-09-10 11:55 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-09-10 11:55 . 2008-09-10 11:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\Talkback 2008-09-10 11:54 . 2008-09-10 11:54 <DIR> d-------- C:\Program Files\Real 2008-09-10 11:54 . 2008-09-10 11:55 <DIR> d-------- C:\Program Files\Common Files\Real 2008-09-10 11:34 . 2008-09-16 11:13 <DIR> d-------- C:\Temp 2008-09-09 21:16 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-09-09 21:16 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-09 21:02 . 2008-09-11 10:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-09-09 21:02 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-09-09 20:15 . 2008-09-09 20:15 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-09-07 20:54 . 2008-09-08 19:11 <DIR> d-------- C:\Documents and Settings\My Pictures 2008-09-07 20:54 . 2008-09-08 19:11 <DIR> d-------- C:\Documents and Settings\My Music . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-06 15:58 --------- d-----w C:\Program Files\AIMP2 2008-10-02 11:13 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-25 12:57 --------- d-----w C:\Program Files\Sonique 2008-09-21 15:49 --------- d-----w C:\Program Files\Google 2008-09-19 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-10 15:30 --------- d-----w C:\Documents and Settings\user\Application Data\MSNInstaller 2008-09-10 09:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-09-10 09:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-09-03 08:01 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-09-03 07:58 --------- d-----w C:\Program Files\Opera 2008-09-02 12:58 155,995 ----a-w C:\WINDOWS\java\Packages\C7XVP3FF.ZIP 2008-09-02 12:58 --------- d-----w C:\Program Files\Microsoft VM 2008-08-29 15:24 --------- d-----w C:\Documents and Settings\user\Application Data\CyberLink 2008-08-28 13:43 --------- d-----w C:\Program Files\GameHouse 2008-08-28 13:43 --------- d-----w C:\Documents and Settings\user\Application Data\GameHouse 2008-08-28 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2008-08-25 12:25 --------- d-----w C:\Program Files\Xilisoft 2008-08-12 14:17 --------- d-----w C:\Program Files\GNU 2008-08-12 14:16 --------- d-----w C:\Documents and Settings\user\Application Data\GRETECH 2008-08-12 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-08-12 14:15 --------- d-----w C:\Program Files\GRETECH 2008-08-12 13:40 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic 2008-08-08 10:38 --------- d-----w C:\Program Files\Webteh 2008-08-08 10:38 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-08 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-08 10:35 --------- d-----w C:\Program Files\CyberLink 2008-08-08 10:32 --------- d-----w C:\Program Files\Winamp 2008-08-08 10:29 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-08-08 10:28 --------- d-----w C:\Program Files\Common Files\L&H 2008-08-08 10:23 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-08 10:21 --------- d-----w C:\Program Files\Ahead 2008-08-08 09:44 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\OPTIONS ---- 2008-09-21 10:55 28210 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\ODCB.INI 2008-09-09 00:02 12 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\addrbk.ini 2008-09-08 23:56 63 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\sysingB32.dll 2008-09-07 22:25 99 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\1855.reg 2008-08-17 05:51 21033 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\wtfs.pif 2008-08-05 19:38 40960 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\Sfwwin32.dll 2008-02-02 03:32 234271 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe 2007-11-03 09:17 10338 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\winregs.ocx 2007-10-26 07:57 3984 --a------ C:\WINDOWS\OPTIONS\CABS\CABI\Refix.ocx ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "SoniqueQuickStart"="C:\Program Files\Sonique\sqstart.exe" [2008-08-29 44832] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-10 185896] "ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 259392] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BlueSoleiI.lnk - C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe [2008-09-04 234271] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DWSHIELD.SYS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 51520] R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 38208] R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ] R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 33088] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-04 29744] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-06 23:40:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\C:\DOCUME~1\user\LOCALS~1\Temp\ASFWHide" . Completion time: 2008-10-06 23:43:41 ComboFix-quarantined-files.txt 2008-10-06 21:43:36 ComboFix2.txt 2008-10-06 17:53:37 Pre-Run: 13,869,572,096 bytes free Post-Run: 13,859,733,504 bytes free 216 --- E O F --- 2008-10-03 16:25:55

Profil

dr_Bora Poslao: 07 Okt 2008 16:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleiI.lnk Folder:: C:\WINDOWS\OPTIONS` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

mczans Poslao: 07 Okt 2008 16:42 Idi na vrh
offline mczans Građanin Pridružio: 03 Okt 2008 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-05.11 - user 2008-10-07 16:32:42.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.56 [GMT 2:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleiI.lnk . /wow section not completed ((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 ))))))))))))))))))))))))))))))) . 2008-10-06 17:51 . 2008-10-06 17:51 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta 2008-10-06 17:51 . 2008-10-06 19:05 <DIR> d-------- C:\Documents and Settings\user\Application Data\Audacity 2008-10-06 10:09 . 2008-10-06 10:09 <DIR> d-------- C:\Program Files\HooTech 2008-10-06 10:05 . 2008-10-06 10:05 <DIR> d-------- C:\DVDVideoSoft 2008-10-06 00:22 . 2008-10-06 01:16 <DIR> d-------- C:\Program Files\Achilles-Script 3.7 2008-10-05 23:36 . 2008-10-05 23:36 <DIR> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software 2008-10-05 23:36 . 2008-10-05 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\DVDVideoSoft 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft 2008-10-05 21:40 . 2008-10-05 21:40 <DIR> d-------- C:\Program Files\AskSearch 2008-10-03 18:25 . 2008-10-03 18:25 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-10-02 15:47 . 2008-10-02 15:47 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-10-02 13:20 . 2008-10-02 13:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\Teleca 2008-10-02 13:20 . 2008-10-02 13:20 <DIR> d-------- C:\Documents and Settings\user\Application Data\Sony Ericsson 2008-10-02 13:15 . 2008-10-02 13:15 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-10-02 13:15 . 2008-10-02 13:16 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-10-02 13:15 . 2008-10-02 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-10-02 13:15 . 2008-10-02 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-10-02 13:13 . 2008-10-02 13:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-10-01 19:49 . 2008-10-02 14:39 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2008-10-01 13:26 . 2008-10-07 12:43 <DIR> d-------- C:\Program Files\Ashampoo 2008-09-27 01:09 . 2008-09-27 01:09 <DIR> d-------- C:\WINDOWS\Sun 2008-09-22 15:32 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL 2008-09-22 15:32 . 2000-05-21 22:00 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx 2008-09-22 15:32 . 1998-06-23 22:00 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-09-22 15:32 . 2001-03-13 11:49 120,320 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-09-22 15:32 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.ocx 2008-09-21 17:50 . 2008-04-08 01:16 9,200 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-21 17:50 . 2008-04-08 01:16 9,072 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-21 17:49 . 2008-09-21 17:49 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS 2008-09-21 14:27 . 2008-09-21 14:33 <DIR> d-------- C:\Documents and Settings\user\DoctorWeb 2008-09-21 12:01 . 2008-09-21 12:01 <DIR> d-------- C:\Program Files\ESTsoft 2008-09-21 12:01 . 2008-09-27 19:02 <DIR> d-------- C:\Documents and Settings\user\Application Data\ESTsoft 2008-09-21 12:01 . 2008-09-27 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESTsoft 2008-09-19 22:49 . 2003-08-15 14:55 348,160 --a------ C:\WINDOWS\system32\eSellerateEngine.dll 2008-09-19 21:56 . 2008-09-19 21:56 <DIR> d-------- C:\WINDOWS\system32\P2P Networking 2008-09-19 17:05 . 2008-09-19 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-19 12:24 . 2008-09-19 12:24 <DIR> d-------- C:\Documents and Settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-19 12:19 . 2008-09-19 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-09-19 12:17 . 2008-09-19 12:18 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-09-18 18:44 . 2008-09-18 18:44 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr 2008-09-18 10:55 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-09-12 09:51 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-12 09:51 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-12 09:51 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-11 20:13 . 2008-09-11 20:13 <DIR> d-------- C:\Program Files\Windows Live 2008-09-11 20:13 . 2008-09-11 20:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-11 20:07 . 2008-09-11 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-11 17:42 . 2008-10-05 23:11 <DIR> d-------- C:\downloads 2008-09-11 17:42 . 2008-09-11 17:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\GrabPro 2008-09-10 21:35 . 2008-09-10 21:35 <DIR> d-------- C:\Program Files\ThreatFire 2008-09-10 21:35 . 2008-09-10 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-09-10 21:35 . 2008-04-24 16:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys 2008-09-10 21:35 . 2008-04-24 16:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys 2008-09-10 21:06 . 2008-09-10 21:06 <DIR> d---s---- C:\Documents and Settings\user\UserData 2008-09-10 21:05 . 2008-10-05 23:48 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-09-10 21:05 . 2008-10-07 16:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-10 17:08 . 2008-09-16 18:51 <DIR> d-------- C:\Documents and Settings\user\Contacts 2008-09-10 17:06 . 2008-10-02 13:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-09-10 17:06 . 2008-09-10 17:06 <DIR> d-------- C:\Program Files\MSN Messenger 2008-09-10 17:04 . 2004-07-15 00:24 155,648 --a------ C:\WINDOWS\system32\TBD75.tmp 2008-09-10 11:55 . 2008-09-10 11:55 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-09-10 11:55 . 2008-09-10 11:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\Talkback 2008-09-10 11:54 . 2008-09-10 11:54 <DIR> d-------- C:\Program Files\Real 2008-09-10 11:54 . 2008-09-10 11:55 <DIR> d-------- C:\Program Files\Common Files\Real 2008-09-10 11:34 . 2008-09-16 11:13 <DIR> d-------- C:\Temp 2008-09-09 21:16 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-09-09 21:16 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-09 21:02 . 2008-09-11 10:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-09-09 21:02 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-09-09 20:15 . 2008-09-09 20:15 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-09-07 20:54 . 2008-09-08 19:11 <DIR> d-------- C:\Documents and Settings\My Pictures 2008-09-07 20:54 . 2008-09-08 19:11 <DIR> d-------- C:\Documents and Settings\My Music . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-07 09:57 --------- d-----w C:\Program Files\AIMP2 2008-10-06 21:59 --------- d-----w C:\Program Files\Sonique 2008-10-02 11:13 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-21 15:49 --------- d-----w C:\Program Files\Google 2008-09-19 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-10 15:30 --------- d-----w C:\Documents and Settings\user\Application Data\MSNInstaller 2008-09-10 09:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-09-10 09:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-09-03 08:01 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-09-03 07:58 --------- d-----w C:\Program Files\Opera 2008-09-02 12:58 155,995 ----a-w C:\WINDOWS\java\Packages\C7XVP3FF.ZIP 2008-09-02 12:58 --------- d-----w C:\Program Files\Microsoft VM 2008-08-29 15:24 --------- d-----w C:\Documents and Settings\user\Application Data\CyberLink 2008-08-28 13:43 --------- d-----w C:\Program Files\GameHouse 2008-08-28 13:43 --------- d-----w C:\Documents and Settings\user\Application Data\GameHouse 2008-08-28 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2008-08-25 12:25 --------- d-----w C:\Program Files\Xilisoft 2008-08-12 14:17 --------- d-----w C:\Program Files\GNU 2008-08-12 14:16 --------- d-----w C:\Documents and Settings\user\Application Data\GRETECH 2008-08-12 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-08-12 14:15 --------- d-----w C:\Program Files\GRETECH 2008-08-12 13:40 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic 2008-08-08 10:38 --------- d-----w C:\Program Files\Webteh 2008-08-08 10:38 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-08 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-08 10:35 --------- d-----w C:\Program Files\CyberLink 2008-08-08 10:32 --------- d-----w C:\Program Files\Winamp 2008-08-08 10:29 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-08-08 10:28 --------- d-----w C:\Program Files\Common Files\L&H 2008-08-08 10:23 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-08 10:21 --------- d-----w C:\Program Files\Ahead 2008-08-08 09:44 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "SoniqueQuickStart"="C:\Program Files\Sonique\sqstart.exe" [2008-08-29 44832] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-10 185896] "ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 259392] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "FixBluetooth"="C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe" [2008-02-02 234271] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BlueSoleiI.lnk - C:\WINDOWS\OPTIONS\CABS\CABI\BluSoleiI.exe [2008-09-04 234271] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DWSHIELD.SYS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 51520] R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 38208] R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ] R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 33088] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-04 29744] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-07 16:33:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\C:\DOCUME~1\user\LOCALS~1\Temp\ASFWHide" . Completion time: 2008-10-07 16:35:58 ComboFix-quarantined-files.txt 2008-10-07 14:35:54 ComboFix2.txt 2008-10-06 21:43:44 ComboFix3.txt 2008-10-06 17:53:37 Pre-Run: 13,838,172,160 bytes free Post-Run: 13,829,009,408 bytes free 204 --- E O F --- 2008-10-03 16:25:55

Profil

dr_Bora Poslao: 07 Okt 2008 18:45 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program OTMoveIt2 na Desktop. Dvoklikom pokreni OTMoveIt2.exe U (levi) prozor programa (ispod Paste List of Files/Folders to Move) iskopiraj sve što se nalazi unutar Kod polja: `C:\WINDOWS\OPTIONS C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleiI.lnk` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu.

Profil

mczans Poslao: 07 Okt 2008 19:27 Idi na vrh
offline mczans Građanin Pridružio: 03 Okt 2008 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! C:\WINDOWS\OPTIONS\CABS\CABI\java moved successfully. C:\WINDOWS\OPTIONS\CABS\CABI moved successfully. C:\WINDOWS\OPTIONS\CABS moved successfully. C:\WINDOWS\OPTIONS moved successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleiI.lnk moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10072008_192418

Profil

dr_Bora Poslao: 07 Okt 2008 19:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ovo bi sada trebalo biti čisto. Uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » ako moze da se proveri ovo

Ko je trenutno na forumu

Ukupno su 833 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 829 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: draggan, MilosKop, Shilok, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by