MyCity » Ambulanta -> Arhiva Ambulante » antivirus360

antivirus360

Napisano na dan: 15.6.2009

antivirus360

Odgovori

\|_MeD_\| Poslao: 15 Jun 2009 15:12 Idi na vrh
offline \|_MeD_\| Zaslužni građanin PHP Developer Pridružio: 02 Okt 2005 Poruke: 546	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:09:45, on 15.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\SafeSignCertReg.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\PC\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CertificateRegistration] SafeSignCertReg.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TRUCK & CARGO Online] c:\tccargo\tccargo.exe --autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A846E0D2-CD93-4C49-AF2F-BE1072F85540}: NameServer = 194.247.192.1 194.247.192.33 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF11042.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 6744 bytes

Profil

dr_Bora Poslao: 15 Jun 2009 20:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Koristio si ComboFix? Iskopiraj ovde sadržaj file-a C:\ComboFix.txt.

Profil

\|_MeD_\| Poslao: 21 Jun 2009 22:23 Idi na vrh
offline \|_MeD_\| Zaslužni građanin PHP Developer Pridružio: 02 Okt 2005 Poruke: 546	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 21 Jun 2009 22:02 izvinjavam se zbog kasnjenja ComboFix 09-06-14.02 - Administrator 15.06.2009 13:56.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.388 [GMT 2:00] Running from: G:\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090611-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\System\Uninstall c:\program files\Common Files\System\Uninstall\Uninstall A360.lnk c:\windows\system32\burito.ini . ((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:52 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:52 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2004-08-03 21:17 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2004-08-03 22:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-15 518488] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-09-11 46592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] "CertificateRegistration"="SafeSignCertReg.exe" - c:\windows\system32\SafeSignCertReg.exe [2004-02-17 28672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-6-3 1205840] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\PC\\Desktop\\programi\\Valve\\hl.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.3.2009 13:01 64160] S0 Buu71;Buu71; [x] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 13:03 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 13:03 20560] S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [3.6.2007 21:51 56088] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1005904] S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [1.6.2007 11:43 23936] S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT.EXE [30.9.1996 1:00 120832] --- Other Services/Drivers In Memory --- NewlyCreated - ELOADER . Contents of the 'Scheduled Tasks' folder 2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 10:03] 2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-15 14:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2009-06-15 14:06 ComboFix-quarantined-files.txt 2009-06-15 12:04 Pre-Run: 14.658.748.416 bytes free Post-Run: 15.159.926.784 bytes free 89 --- E O F --- 2009-06-11 07:15 Dopuna: 21 Jun 2009 22:23 napravio sam danas jos 1 ComboFix 09-06-20.04 - PC 21.06.2009 22:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.252 [GMT 2:00] Running from: c:\documents and settings\PC\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090618-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 ))))))))))))))))))))))))))))))) . 2009-06-16 05:12 . 2009-06-16 05:12 -------- d-----w- c:\program files\Zone Labs 2009-06-15 13:39 . 2009-06-15 13:39 -------- d-----w- c:\documents and settings\PC\Application Data\Ahead 2009-06-15 12:54 . 2009-06-15 12:54 -------- d-----w- C:\ERDNT 2009-06-15 12:54 . 2009-06-15 12:54 -------- d-----w- c:\windows\ERUNT 2009-06-15 12:54 . 2009-06-15 12:54 -------- d-----w- C:\!FixIEDef 2009-06-15 12:09 . 2009-06-15 12:09 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:52 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:52 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2004-08-03 21:17 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2004-08-03 22:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "TRUCK & CARGO Online"="c:\tccargo\tccargo.exe" [2008-07-01 1122816] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-15 518488] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-09-11 46592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] "CertificateRegistration"="SafeSignCertReg.exe" - c:\windows\system32\SafeSignCertReg.exe [2004-02-17 28672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-6-3 1205840] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\PC\\Desktop\\programi\\Valve\\hl.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.3.2009 13:01 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 13:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 13:03 20560] R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [1.6.2007 11:43 23936] S0 Buu71;Buu71; [x] S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [3.6.2007 21:51 56088] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1005904] S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT.EXE [30.9.1996 1:00 120832] . Contents of the 'Scheduled Tasks' folder 2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 10:03] 2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {A846E0D2-CD93-4C49-AF2F-BE1072F85540} = 194.247.192.1 194.247.192.33 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-21 22:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(500) c:\program files\Common Files\Gemplus\Token API\GSafeCsp.dll c:\program files\Common Files\gemplus\token api\GSScard.dll c:\program files\Common Files\gemplus\token api\GSGUIRC.dll c:\program files\Common Files\gemplus\token api\GSPGPK.dll - - - - - - - > 'explorer.exe'(3832) c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\windows\system32\Msi.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\system32\shdoclc.dll . Completion time: 2009-06-21 22:18 ComboFix-quarantined-files.txt 2009-06-21 20:18 ComboFix2.txt 2009-06-15 12:06 Pre-Run: 16.514.125.824 bytes free Post-Run: 16.503.578.624 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 118 --- E O F --- 2009-06-15 13:02

Profil

dr_Bora Poslao: 21 Jun 2009 22:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Buu71` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

\|_MeD_\| Poslao: 22 Jun 2009 12:44 Idi na vrh
offline \|_MeD_\| Zaslužni građanin PHP Developer Pridružio: 02 Okt 2005 Poruke: 546	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-21.01 - PC 22.06.2009 12:31.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.206 [GMT 2:00] Running from: c:\documents and settings\PC\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\PC\Desktop\CFScript AV: avast! antivirus 4.8.1335 [VPS 090618-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BUU71 -------\Service_Buu71 ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 ))))))))))))))))))))))))))))))) . 2009-06-22 10:01 . 2009-06-22 10:01 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-06-22 10:01 . 2009-06-22 10:01 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-22 10:01 . 2009-06-22 10:01 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-22 10:01 . 2009-06-22 10:01 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-22 10:01 . 2009-06-22 10:01 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-22 10:01 . 2009-06-22 10:01 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-22 10:01 . 2009-06-22 10:01 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-22 10:01 . 2009-06-22 10:01 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-22 10:01 . 2009-06-22 10:01 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-16 05:12 . 2009-06-16 05:12 -------- d-----w- c:\program files\Zone Labs 2009-06-15 13:39 . 2009-06-15 13:39 -------- d-----w- c:\documents and settings\PC\Application Data\Ahead 2009-06-15 12:54 . 2009-06-15 12:54 -------- d-----w- C:\ERDNT 2009-06-15 12:54 . 2009-06-15 12:54 -------- d-----w- c:\windows\ERUNT 2009-06-15 12:54 . 2009-06-15 12:54 -------- d-----w- C:\!FixIEDef 2009-06-15 12:09 . 2009-06-15 12:09 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2009-06-15 10:03 . 2009-06-15 10:03 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-15 10:03 . 2009-06-15 10:03 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-06-15 10:03 . 2009-06-15 10:03 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-15 10:03 . 2009-06-15 10:03 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-15 10:03 . 2009-06-15 10:03 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-15 10:03 . 2009-06-15 10:03 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-15 10:03 . 2009-06-15 10:03 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-06-15 10:03 . 2009-06-15 10:03 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-15 10:03 . 2009-06-15 10:03 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-06-15 10:03 . 2009-06-15 10:03 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-22 09:09 . 2008-06-24 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-06-22 09:07 . 2007-06-03 19:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:52 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:52 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2004-08-03 21:17 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2004-08-03 22:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-21_20.16.00 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-22 10:36 . 2009-06-22 10:36 16384 c:\windows\temp\Perflib_Perfdata_41c.dat + 2009-06-22 07:22 . 2009-06-22 07:22 16384 c:\windows\temp\Perflib_Perfdata_410.dat + 2002-08-30 14:00 . 2009-06-22 09:12 62490 c:\windows\system32\perfc009.dat - 2002-08-30 14:00 . 2009-06-09 06:45 62490 c:\windows\system32\perfc009.dat + 2002-08-30 14:00 . 2009-06-22 09:12 400954 c:\windows\system32\perfh009.dat - 2002-08-30 14:00 . 2009-06-09 06:45 400954 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "TRUCK & CARGO Online"="c:\tccargo\tccargo.exe" [2008-07-01 1122816] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-15 518488] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-09-11 46592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] "CertificateRegistration"="SafeSignCertReg.exe" - c:\windows\system32\SafeSignCertReg.exe [2004-02-17 28672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-6-3 1205840] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\PC\\Desktop\\programi\\Valve\\hl.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.3.2009 13:01 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 13:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 13:03 20560] R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [1.6.2007 11:43 23936] S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [3.6.2007 21:51 56088] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1005904] S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT.EXE [30.9.1996 1:00 120832] . Contents of the 'Scheduled Tasks' folder 2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 10:03] 2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-22 12:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\program files\Common Files\Gemplus\Token API\GSafeCsp.dll c:\program files\Common Files\gemplus\token api\GSScard.dll c:\program files\Common Files\gemplus\token api\GSGUIRC.dll c:\program files\Common Files\gemplus\token api\GSPGPK.dll - - - - - - - > 'explorer.exe'(792) c:\windows\system32\shdoclc.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\program files\Opera\Opera.exe . ************************************************************************ . Completion time: 2009-06-22 12:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-22 10:41 ComboFix2.txt 2009-06-21 20:18 ComboFix3.txt 2009-06-15 12:06 Pre-Run: 17.085.739.008 bytes free Post-Run: 17.014.288.384 bytes free 167 --- E O F --- 2009-06-15 13:02

Profil

dr_Bora Poslao: 22 Jun 2009 16:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda ok. Postoji li sada neki problem? Ako ne, potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » antivirus360

Ko je trenutno na forumu

Ukupno su 1095 korisnika na forumu :: 35 registrovanih, 7 sakrivenih i 1053 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, anta, cavatina, CikaKURE, dijica, Dimitrise93, Djokislav, Griffon vulture, helen1, ikan, Ilija Cvorovic, Karla, Krvava Devetka, kubura91, kybonacci, Leonov, mercedesamg, Mercury, mikrimaus, MiroslavD, nemkea71, nenad81, ObelixSRB, opt1, Pikac-47, procesor, Srle993, stalja, stegonosa, suton, Trpe Grozni, Vladko, VP6919, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by