Možda tražite i:
Detektovana tamna materija?
Moguca infekcija
Infekcija kao u igrici, mislim da je stigla sa FB
Moguca infekcija

MyCity » Ambulanta -> Arhiva Ambulante » infekcija detektovana

infekcija detektovana

Napisano na dan: 14.3.2008

Strana:
1
2
3
4

infekcija detektovana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

petar1975 Poslao: 14 Mar 2008 20:58 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! skener pošte detektuje infekciju (puno mailova za slanje ), firefox nestabilan, i inače čudno ponašanje računara. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:50:10, on 14.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DVB-S PowerInstall\PSU.EXE C:\Program Files\Common Files\Sonic Shared\cinetray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live Toolbar\ComponentManager.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Petar\My Documents\programi\sorry.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\fcccbyy.dll O2 - BHO: {387f990f-2e06-ea1b-89f4-296cd2de98d8} - {8d89ed2d-c692-4f98-b1ae-60e2f099f783} - C:\WINDOWS\system32\fibgblsq.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA7D75CB-A770-4436-9FFA-B922AE08D969} - C:\WINDOWS\system32\vturr.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: e404 helper - {D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46} - C:\Program Files\Helper\1205522538.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BM73f50f8e] Rundll32.exe "C:\WINDOWS\system32\xtlstuea.dll",s O4 - HKLM\..\Run: [70c63c12] rundll32.exe "C:\WINDOWS\system32\xcrmavrj.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerInstall Key Updater.lnk = C:\Program Files\DVB-S PowerInstall\PSU.EXE O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ? O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]* O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2d15d7526dd74ba185585bcfe79ab988 O8 - Extra context menu item: Open in new foreground tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2d15d7526dd74ba185585bcfe79ab988 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: fcccbyy - C:\WINDOWS\SYSTEM32\fcccbyy.dll O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll O21 - SSODL: bxlrvps - {B4C5266E-3F3E-4291-87A4-A4ED66E8F894} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - IVT Corporation. - (no file) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - (no file) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe -- End of file - 8348 bytes

Profil

dr_Bora Poslao: 14 Mar 2008 21:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

petar1975 Poslao: 14 Mar 2008 21:45 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo i combofix ComboFix 08-03-14.2 - Petar 2008-03-14 21:06:41.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.453 [GMT 1:00] Running from: C:\Documents and Settings\Petar\Desktop\ComboFix_2.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\kl.exe C:\kmd.exe C:\Program Files\Helper C:\Program Files\Helper\1205522538.dll C:\WINDOWS\BM73f50f8e.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aoajnftd.dll C:\WINDOWS\system32\drivers\Rse17.sys C:\WINDOWS\system32\fcccbyy.dll C:\WINDOWS\system32\fibgblsq.dll C:\WINDOWS\system32\gksxhdue.dll C:\WINDOWS\system32\gtelbacw.dll C:\WINDOWS\system32\jlfbbqmr.ini C:\WINDOWS\system32\jrvamrcx.ini C:\WINDOWS\system32\lorxapge.dll C:\WINDOWS\system32\rmqbbflj.dll C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\rrutv.ini2 C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\wcabletg.ini C:\WINDOWS\system32\xcrmavrj.dll C:\WINDOWS\system32\xtlstuea.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_RSE17 -------\Rse17 ((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))) . 2008-03-14 20:44 . 2008-03-14 21:14 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_ 2008-03-14 20:23 . 2008-03-14 20:23 63 --a------ C:\WINDOWS\system32\70c62e9c 2008-03-14 20:22 . 2008-03-14 20:43 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll 2008-03-14 18:13 . 2008-03-14 20:21 58,368 --a------ C:\onhtp.exe 2008-03-14 18:13 . 2008-03-14 20:21 6,144 --a------ C:\ffdcahl.exe 2008-03-14 18:13 . 2008-03-14 20:22 2 --a------ C:\1892039869 2008-03-13 14:13 . 2008-03-13 14:35 <DIR> d-------- C:\Program Files\AIMP2 2008-03-12 21:53 . 2008-03-12 21:53 253,360 --a------ C:\WINDOWS\ProgDVB Uninstaller.exe 2008-03-12 21:18 . 2008-03-12 22:12 <DIR> d-------- C:\Program Files\SkyView 2008-03-11 12:06 . 2008-03-13 11:35 <DIR> d-------- C:\Program Files\David J Taylor 2008-03-10 18:54 . 2008-03-13 14:41 <DIR> d-------- C:\Program Files\ProgDVB 2008-03-10 17:15 . 2008-03-14 20:18 <DIR> d-------- C:\Program Files\DVB-S PowerInstall 2008-03-10 17:09 . 2008-03-10 17:21 <DIR> d-------- C:\Program Files\vPlug Files Center 2008-03-10 16:45 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\WinPcap 2008-03-10 16:44 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\SkyGrabber 2008-03-10 11:59 . 2008-03-10 12:12 <DIR> d-------- C:\Program Files\DVBViewerTE 2008-03-10 11:58 . 2008-03-10 11:59 <DIR> d-------- C:\Program Files\TechniSat DVB 2008-03-10 11:58 . 2008-03-10 11:58 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2008-03-10 11:57 . 2008-03-10 11:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-10 11:57 . 2008-03-10 11:57 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-09 21:37 . 2008-03-09 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft 2008-03-09 21:04 . 2008-03-12 22:14 34 --a------ C:\ProgDVB.ini 2008-03-09 20:57 . 2006-03-14 02:22 349,184 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys 2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Program Files\VIA 2008-03-04 16:53 . 2002-12-11 18:09 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll 2008-03-04 16:53 . 2002-12-11 17:34 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll 2008-03-04 11:25 . 2008-03-04 11:25 0 --a------ C:\WINDOWS\system32\BSPRINT.INI 2008-03-03 01:17 . 2008-03-03 01:17 5,863 --a------ C:\WINDOWS\system32\ubuntu tema.Theme 2008-03-02 21:51 . 2008-03-02 22:17 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\VoipBuster 2008-03-02 21:48 . 2008-03-02 21:48 <DIR> d-------- C:\Program Files\VoipBuster.com 2008-03-01 02:30 . 2008-03-01 02:30 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-03-01 02:30 . 2008-03-01 02:34 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-03-01 02:08 . 2002-12-27 04:41 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2008-03-01 01:35 . 2008-03-01 01:35 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Uniblue 2008-03-01 00:01 . 2008-03-01 00:01 <DIR> d-------- C:\Program Files\Shock Utility 2008-03-01 00:01 . 2008-03-01 00:01 65,536 --a------ C:\WINDOWS\IFinst27.exe 2008-02-28 19:45 . 2008-02-28 19:45 <DIR> d-------- C:\Program Files\Vasilios Applications 2008-02-28 19:29 . 2008-03-13 11:36 <DIR> d-------- C:\Program Files\Zortam Mp3 Media Studio 2008-02-28 19:20 . 2008-02-28 19:20 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-02-28 19:18 . 2008-02-28 19:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX 2008-02-28 19:13 . 2008-02-28 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2008-02-28 18:31 . 2002-11-22 14:46 554,776 --a------ C:\WINDOWS\system32\olelib.tlb 2008-02-28 18:17 . 2008-03-03 01:19 <DIR> d-------- C:\WINDOWS\Super Turbo Tango Patcher 2008-02-28 17:40 . 2005-03-24 13:24 153,718 --a------ C:\WINDOWS\boot.bmp 2008-02-28 17:35 . 2008-02-28 19:50 <DIR> d-------- C:\Program Files\Slimm Boot-Logo 2008-02-27 11:14 . 2008-02-27 11:14 250 --a------ C:\WINDOWS\gmer.ini 2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\SUPERAntiSpyware.com 2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-27 09:52 . 2008-02-27 09:56 <DIR> d-------- C:\fixwareout 2008-02-26 23:52 . 2008-03-14 18:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-02-26 22:58 . 2008-02-26 22:58 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Lavasoft 2008-02-26 22:31 . 2008-02-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-26 19:59 . 2008-02-26 20:10 8,192 --a------ C:\WINDOWS\Rpoint.exe 2008-02-26 19:58 . 2008-02-26 22:25 <DIR> d-------- C:\spywarebegone 2008-02-26 19:58 . 2008-02-26 19:58 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html 2008-02-26 15:27 . 2008-02-26 15:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-02-26 15:00 . 2002-11-22 01:00 221,184 --a------ C:\WINDOWS\system32\DartSock.dll 2008-02-26 15:00 . 2002-11-25 01:00 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2008-02-26 15:00 . 2000-10-10 01:00 49,152 --a------ C:\WINDOWS\system32\DartObjects.dll 2008-02-26 14:56 . 2008-02-26 14:56 <DIR> d-------- C:\Program Files\Stardock 2008-02-26 14:56 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll 2008-02-25 15:55 . 2008-02-12 00:54 309,916 --a------ C:\WINDOWS\wall8_2.jpg 2008-02-25 15:50 . 2008-02-25 15:50 <DIR> d-------- C:\Program Files\TGTSoft 2008-02-25 15:22 . 2008-02-25 15:22 <DIR> d-------- C:\Program Files\VirtuallTek 2008-02-25 08:01 . 2008-03-01 03:51 <DIR> d-------- C:\Program Files\nLite 2008-02-16 00:55 . 2008-02-16 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-02-16 00:54 . 2008-02-16 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-02-16 00:49 . 2008-02-26 21:14 <DIR> d-------- C:\Program Files\NSS 2008-02-16 00:49 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-14 20:14 26,240 ----a-w C:\WINDOWS\system32\drivers\Beh41.sys 2008-03-14 20:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-13 13:30 294,929 ---h--w C:\Documents and Settings\Petar\Application Data\TurboLaunch_IconCache.dat 2008-03-11 11:09 678,746 ----a-w C:\WINDOWS\unins000.exe 2008-03-11 07:33 --------- d-----w C:\Documents and Settings\Petar\Application Data\Azureus 2008-03-11 07:00 --------- d-----w C:\Program Files\Azureus 2008-03-10 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-09 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-04 09:25 --------- d-----w C:\Program Files\SpeedFan 2008-03-02 21:38 --------- d-----w C:\Documents and Settings\Petar\Application Data\Skype 2008-03-01 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-01 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-28 19:05 --------- d-----w C:\Program Files\RocketReader KidsV3 2008-02-28 19:05 --------- d-----r C:\Program Files\TypingMaster 2008-02-28 17:21 --------- d-----w C:\Program Files\Winamp 2008-02-28 17:19 2,320,384 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-02-28 17:19 2,187,264 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-02-27 12:58 --------- d-----w C:\Program Files\PowerISO 2008-02-27 10:03 --------- d-----w C:\Program Files\Nokia 2008-02-27 10:03 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-26 20:41 --------- d-----w C:\Program Files\Bonjour 2008-02-26 20:23 --------- d-----w C:\Program Files\NeuroTran 2008-02-26 20:16 --------- d-----w C:\Program Files\TP 2008-02-26 20:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-26 20:06 --------- d-----w C:\Program Files\Morgan 2008-02-26 20:05 --------- d-----w C:\Program Files\mIRC 2008-02-26 20:02 --------- d-----w C:\Program Files\Hunting Unlimited 2 2008-02-26 19:53 --------- d-----w C:\Program Files\Free Audio Pack 2008-02-26 19:53 --------- d-----w C:\Program Files\eMule 2008-02-26 19:52 --------- d-----w C:\Program Files\DivX 2008-02-26 19:45 --------- d-----w C:\Documents and Settings\Petar\Application Data\BSplayer 2008-02-26 19:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-26 18:58 724,992 ----a-w C:\WINDOWS\iun6002.exe 2008-02-14 19:50 --------- d-----w C:\Documents and Settings\Petar\Application Data\Metacafe 2008-02-11 23:31 --------- d-----w C:\Program Files\ASUS 2008-02-11 17:56 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-02-11 17:42 --------- d-----w C:\Program Files\Activision 2008-02-10 23:12 --------- d-----w C:\Program Files\Common Files\SWF Studio 2008-02-08 10:13 --------- d-----w C:\Program Files\VirtualDJ 2008-02-08 10:13 --------- d-----w C:\Program Files\Folder Marker 2008-02-08 10:13 --------- d-----w C:\Program Files\Cheatbook Database 2006 2008-02-08 10:12 --------- d-----w C:\Program Files\Solways Task Scheduler 2008-01-28 21:35 --------- d-----w C:\Program Files\SourceTec 2008-01-28 21:35 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\MicroSoftOcx 2008-01-15 13:55 --------- d-----w C:\Program Files\D-Tools 2008-01-14 21:15 --------- d-----w C:\Program Files\Free DVD Ripper 2008-01-14 20:52 --------- d-----w C:\Program Files\uplink 2008-01-08 21:58 47,360 ----a-w C:\Documents and Settings\Petar\Application Data\pcouffin.sys 2006-05-24 15:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-18 16:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 13:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-05-18 15:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 11:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 17:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 10:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 10:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 10:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 10:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2004-08-03 22:56 93,184 --sha-w C:\WINDOWS\Super Turbo Tango Patcher\Backup\iexplore.exe . ------- Sigcheck ------- 2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll 2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll 2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\user32.dll 2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\user32.dll 2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll 2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll 2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2gdr\user32.dll 2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\user32.dll 2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\Super Turbo Tango Patcher\Backup\user32.dll 2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\user32.dll 2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\dllcache\user32.dll 2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe 2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntkrnlpa.exe 2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntkrnlpa.exe 2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntkrnlpa.exe 2004-08-04 00:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe 2008-02-28 18:19 2187264 adb6cf9a8a0bbaf5f18c22179e93c380 C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-04 00:05 2187264 83a784e2516c022a4e27736605818339 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2007-02-28 10:55 2182144 19d249958ca4b26ec0e2b472a54286af C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe 2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe 2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe 2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntoskrnl.exe 2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntoskrnl.exe 2004-08-03 22:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntoskrnl.exe 2008-02-28 18:19 2320384 66b5883ab972da755ee6ca4663fa3bb0 C:\WINDOWS\system32\ntoskrnl.exe 2004-08-03 22:18 2320384 e82797f423fa850f04d042df08227b4e C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\explorer.exe 2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\Super Turbo Tango Patcher\Backup\explorer.exe 2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 14:55 339968] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\Petar\Start Menu\Programs\Startup\ PowerInstall Key Updater.lnk - C:\Program Files\DVB-S PowerInstall\PSU.EXE [2008-02-06 21:05:40 52094] Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 14:16:30 98304] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Super Turbo Tango Patcher Reloader.lnk - C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe [2007-05-21 03:37:38 108398] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-10-18 19:47 75064 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32] WLCtrl32.dll 2008-03-14 20:43 11776 C:\WINDOWS\system32\WLCtrl32.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background "Web Video Downloader"="C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" "Slawdog Smart Shutdown"=C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 "snpstd3"=C:\WINDOWS\vsnpstd3.exe "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UACDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\SIERRA\\Half-Life\\hl.exe"= "C:\\SIERRA\\Half-Life\\hlds.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "C:\\Program Files\\My Drivers\\MyDrivers.exe"= "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\ProgDVB\\ProgDvbNet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "86:TCP"= 86:TCP:BroadCam Web Server R0 Beh41;Beh41;C:\WINDOWS\system32\Drivers\Beh41.sys [2008-03-14 21:14] R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07] R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 09:20] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-09-23 20:21] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-14 02:22] S1 StarPortLite;StarPort Storage Controller (Lite);C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05] S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-26 16:26] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb01b14d-60ce-11dc-ab2e-806d6172696f}] \Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7c9c5aa-8a05-11dc-b161-0017319b95e3}] \Shell\AutoRun\command - H:\.\Start.exe Newly Created Service - BEH41 . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-14 21:14:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aiqpbter] "ImagePath"="\??\C:\WINDOWS\Help\aiqpbter.chm" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\WLCtrl32.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\system32\BsLangInDepRes.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe . ********************************************************************** . Completion time: 2008-03-14 21:18:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-14 20:18:48 . 2007-09-13 08:16:44 --- E O F --- Dopuna: 14 Mar 2008 21:45 evo poruke avasta Ima previše identičnih e-poruka u zakazanom vremenu Šalje: "Kolja Guimont" <49-54946@afj.lk> Prima: [Link mogu videti samo ulogovani korisnici] Naslov: Watch Hayden moan in pleasureIma previše identičnih e-poruka u zakazanom vremenu Šalje: "quran Blaskie" <quran-5630794@afj.lk> Prima: [Link mogu videti samo ulogovani korisnici]; [Link mogu videti samo ulogovani korisnici]** Naslov: Watch Hayden moan in pleasure

Profil

dr_Bora Poslao: 14 Mar 2008 22:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih/sistemskih file-ova/foldera: [Link mogu videti samo ulogovani korisnici] Upload-uj file: C:\WINDOWS\system32\drivers\Beh41.sys preko sledećeg linka: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- Nakon izvršenog upload-a... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\system32\70c62e9c C:\WINDOWS\system32\WLCtrl32.dll C:\onhtp.exe C:\ffdcahl.exe C:\1892039869 C:\WINDOWS\system32\drivers\Beh41.sys C:\WINDOWS\Help\aiqpbter.chm Driver:: Beh41 Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32] [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aiqpbter]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

petar1975 Poslao: 15 Mar 2008 09:52 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne mogu uploadovati beh41.sys javlja da je fajl prevevik, mada je njegova veličina 25.6 kb. Da uradim ostalo preko cf ili da probam nešto drugo?

Profil

dr_Bora Poslao: 15 Mar 2008 10:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isprati uputstvo za ComboFix...

Profil

petar1975 Poslao: 15 Mar 2008 10:25 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-14.2 - Petar 2008-03-15 10:11:49.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.541 [GMT 1:00] Running from: C:\Documents and Settings\Petar\Desktop\ComboFix_2.exe Command switches used :: C:\Documents and Settings\Petar\Desktop\CFScript * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\1892039869 C:\ffdcahl.exe C:\onhtp.exe C:\WINDOWS\Help\aiqpbter.chm C:\WINDOWS\system32\70c62e9c C:\WINDOWS\system32\drivers\Beh41.sys C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\system32\WLCtrl32.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1892039869 C:\ffdcahl.exe C:\onhtp.exe C:\WINDOWS\Help\aiqpbter.chm C:\WINDOWS\system32\70c62e9c C:\WINDOWS\system32\drivers\Beh41.sys C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\system32\WLCtrl32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_BEH41 -------\Beh41 ((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))) . 2008-03-13 14:13 . 2008-03-13 14:35 <DIR> d-------- C:\Program Files\AIMP2 2008-03-12 21:53 . 2008-03-12 21:53 253,360 --a------ C:\WINDOWS\ProgDVB Uninstaller.exe 2008-03-12 21:18 . 2008-03-12 22:12 <DIR> d-------- C:\Program Files\SkyView 2008-03-11 12:06 . 2008-03-13 11:35 <DIR> d-------- C:\Program Files\David J Taylor 2008-03-10 18:54 . 2008-03-13 14:41 <DIR> d-------- C:\Program Files\ProgDVB 2008-03-10 17:15 . 2008-03-15 09:43 <DIR> d-------- C:\Program Files\DVB-S PowerInstall 2008-03-10 17:09 . 2008-03-10 17:21 <DIR> d-------- C:\Program Files\vPlug Files Center 2008-03-10 16:45 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\WinPcap 2008-03-10 16:44 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\SkyGrabber 2008-03-10 11:59 . 2008-03-10 12:12 <DIR> d-------- C:\Program Files\DVBViewerTE 2008-03-10 11:58 . 2008-03-10 11:59 <DIR> d-------- C:\Program Files\TechniSat DVB 2008-03-10 11:58 . 2008-03-10 11:58 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2008-03-10 11:57 . 2008-03-10 11:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-10 11:57 . 2008-03-10 11:57 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-09 21:37 . 2008-03-09 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft 2008-03-09 21:04 . 2008-03-12 22:14 34 --a------ C:\ProgDVB.ini 2008-03-09 20:57 . 2006-03-14 02:22 349,184 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys 2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Program Files\VIA 2008-03-04 16:53 . 2002-12-11 18:09 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll 2008-03-04 16:53 . 2002-12-11 17:34 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll 2008-03-04 11:25 . 2008-03-04 11:25 0 --a------ C:\WINDOWS\system32\BSPRINT.INI 2008-03-03 01:17 . 2008-03-03 01:17 5,863 --a------ C:\WINDOWS\system32\ubuntu tema.Theme 2008-03-02 21:51 . 2008-03-02 22:17 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\VoipBuster 2008-03-02 21:48 . 2008-03-02 21:48 <DIR> d-------- C:\Program Files\VoipBuster.com 2008-03-01 02:30 . 2008-03-01 02:30 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-03-01 02:30 . 2008-03-01 02:34 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-03-01 02:08 . 2002-12-27 04:41 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2008-03-01 01:35 . 2008-03-01 01:35 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Uniblue 2008-03-01 00:01 . 2008-03-01 00:01 <DIR> d-------- C:\Program Files\Shock Utility 2008-03-01 00:01 . 2008-03-01 00:01 65,536 --a------ C:\WINDOWS\IFinst27.exe 2008-02-28 19:45 . 2008-02-28 19:45 <DIR> d-------- C:\Program Files\Vasilios Applications 2008-02-28 19:29 . 2008-03-13 11:36 <DIR> d-------- C:\Program Files\Zortam Mp3 Media Studio 2008-02-28 19:20 . 2008-02-28 19:20 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-02-28 19:18 . 2008-02-28 19:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX 2008-02-28 19:13 . 2008-02-28 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2008-02-28 18:31 . 2002-11-22 14:46 554,776 --a------ C:\WINDOWS\system32\olelib.tlb 2008-02-28 18:17 . 2008-03-03 01:19 <DIR> d-------- C:\WINDOWS\Super Turbo Tango Patcher 2008-02-28 17:40 . 2005-03-24 13:24 153,718 --a------ C:\WINDOWS\boot.bmp 2008-02-28 17:35 . 2008-02-28 19:50 <DIR> d-------- C:\Program Files\Slimm Boot-Logo 2008-02-27 11:14 . 2008-02-27 11:14 250 --a------ C:\WINDOWS\gmer.ini 2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\SUPERAntiSpyware.com 2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-27 09:52 . 2008-02-27 09:56 <DIR> d-------- C:\fixwareout 2008-02-26 23:52 . 2008-03-14 21:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-02-26 22:58 . 2008-02-26 22:58 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Lavasoft 2008-02-26 22:31 . 2008-02-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-26 19:59 . 2008-02-26 20:10 8,192 --a------ C:\WINDOWS\Rpoint.exe 2008-02-26 19:58 . 2008-02-26 22:25 <DIR> d-------- C:\spywarebegone 2008-02-26 19:58 . 2008-02-26 19:58 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html 2008-02-26 15:27 . 2008-02-26 15:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-02-26 15:00 . 2002-11-22 01:00 221,184 --a------ C:\WINDOWS\system32\DartSock.dll 2008-02-26 15:00 . 2002-11-25 01:00 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2008-02-26 15:00 . 2000-10-10 01:00 49,152 --a------ C:\WINDOWS\system32\DartObjects.dll 2008-02-26 14:56 . 2008-02-26 14:56 <DIR> d-------- C:\Program Files\Stardock 2008-02-26 14:56 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll 2008-02-25 15:55 . 2008-02-12 00:54 309,916 --a------ C:\WINDOWS\wall8_2.jpg 2008-02-25 15:50 . 2008-02-25 15:50 <DIR> d-------- C:\Program Files\TGTSoft 2008-02-25 15:22 . 2008-02-25 15:22 <DIR> d-------- C:\Program Files\VirtuallTek 2008-02-25 08:01 . 2008-03-01 03:51 <DIR> d-------- C:\Program Files\nLite 2008-02-16 00:55 . 2008-02-16 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-02-16 00:54 . 2008-02-16 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-02-16 00:49 . 2008-02-26 21:14 <DIR> d-------- C:\Program Files\NSS 2008-02-16 00:49 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-14 20:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-13 13:30 294,929 ---h--w C:\Documents and Settings\Petar\Application Data\TurboLaunch_IconCache.dat 2008-03-11 11:09 678,746 ----a-w C:\WINDOWS\unins000.exe 2008-03-11 07:33 --------- d-----w C:\Documents and Settings\Petar\Application Data\Azureus 2008-03-11 07:00 --------- d-----w C:\Program Files\Azureus 2008-03-10 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-09 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-04 09:25 --------- d-----w C:\Program Files\SpeedFan 2008-03-02 21:38 --------- d-----w C:\Documents and Settings\Petar\Application Data\Skype 2008-03-01 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-01 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-28 19:05 --------- d-----w C:\Program Files\RocketReader KidsV3 2008-02-28 19:05 --------- d-----r C:\Program Files\TypingMaster 2008-02-28 17:21 --------- d-----w C:\Program Files\Winamp 2008-02-28 17:19 2,320,384 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-02-28 17:19 2,187,264 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-02-27 12:58 --------- d-----w C:\Program Files\PowerISO 2008-02-27 10:03 --------- d-----w C:\Program Files\Nokia 2008-02-27 10:03 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-26 20:41 --------- d-----w C:\Program Files\Bonjour 2008-02-26 20:23 --------- d-----w C:\Program Files\NeuroTran 2008-02-26 20:16 --------- d-----w C:\Program Files\TP 2008-02-26 20:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-26 20:06 --------- d-----w C:\Program Files\Morgan 2008-02-26 20:05 --------- d-----w C:\Program Files\mIRC 2008-02-26 20:02 --------- d-----w C:\Program Files\Hunting Unlimited 2 2008-02-26 19:53 --------- d-----w C:\Program Files\Free Audio Pack 2008-02-26 19:53 --------- d-----w C:\Program Files\eMule 2008-02-26 19:52 --------- d-----w C:\Program Files\DivX 2008-02-26 19:45 --------- d-----w C:\Documents and Settings\Petar\Application Data\BSplayer 2008-02-26 19:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-26 18:58 724,992 ----a-w C:\WINDOWS\iun6002.exe 2008-02-14 19:50 --------- d-----w C:\Documents and Settings\Petar\Application Data\Metacafe 2008-02-11 23:31 --------- d-----w C:\Program Files\ASUS 2008-02-11 17:56 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-02-11 17:42 --------- d-----w C:\Program Files\Activision 2008-02-10 23:12 --------- d-----w C:\Program Files\Common Files\SWF Studio 2008-02-08 10:13 --------- d-----w C:\Program Files\VirtualDJ 2008-02-08 10:13 --------- d-----w C:\Program Files\Folder Marker 2008-02-08 10:13 --------- d-----w C:\Program Files\Cheatbook Database 2006 2008-02-08 10:12 --------- d-----w C:\Program Files\Solways Task Scheduler 2008-01-28 21:35 --------- d-----w C:\Program Files\SourceTec 2008-01-28 21:35 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\MicroSoftOcx 2008-01-15 13:55 --------- d-----w C:\Program Files\D-Tools 2008-01-08 21:58 47,360 ----a-w C:\Documents and Settings\Petar\Application Data\pcouffin.sys 2006-05-24 15:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-18 16:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 13:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-05-18 15:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 11:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 17:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 10:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 10:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 10:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 10:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2004-08-03 22:56 93,184 --sha-w C:\WINDOWS\Super Turbo Tango Patcher\Backup\iexplore.exe . ------- Sigcheck ------- 2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll 2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll 2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\user32.dll 2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\user32.dll 2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll 2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll 2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2gdr\user32.dll 2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\user32.dll 2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\Super Turbo Tango Patcher\Backup\user32.dll 2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\user32.dll 2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\dllcache\user32.dll 2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe 2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntkrnlpa.exe 2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntkrnlpa.exe 2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntkrnlpa.exe 2004-08-04 00:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe 2008-02-28 18:19 2187264 adb6cf9a8a0bbaf5f18c22179e93c380 C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-04 00:05 2187264 83a784e2516c022a4e27736605818339 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2007-02-28 10:55 2182144 19d249958ca4b26ec0e2b472a54286af C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe 2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe 2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe 2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntoskrnl.exe 2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntoskrnl.exe 2004-08-03 22:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntoskrnl.exe 2008-02-28 18:19 2320384 66b5883ab972da755ee6ca4663fa3bb0 C:\WINDOWS\system32\ntoskrnl.exe 2004-08-03 22:18 2320384 e82797f423fa850f04d042df08227b4e C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\explorer.exe 2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\Super Turbo Tango Patcher\Backup\explorer.exe 2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-14 19:45:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-15 09:02:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-14 19:45:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-03-15 09:07:51 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-03-14 19:47:45 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat + 2008-03-14 22:10:05 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat + 2008-03-15 09:07:44 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat - 2008-03-14 19:51:16 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-15 09:09:20 327,680 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-15 09:16:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 14:55 339968] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\Petar\Start Menu\Programs\Startup\ PowerInstall Key Updater.lnk - C:\Program Files\DVB-S PowerInstall\PSU.EXE [2008-02-06 21:05:40 52094] Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 14:16:30 98304] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Super Turbo Tango Patcher Reloader.lnk - C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe [2007-05-21 03:37:38 108398] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-10-18 19:47 75064 C:\WINDOWS\system32\LMIinit.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background "Web Video Downloader"="C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" "Slawdog Smart Shutdown"=C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 "snpstd3"=C:\WINDOWS\vsnpstd3.exe "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UACDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\SIERRA\\Half-Life\\hl.exe"= "C:\\SIERRA\\Half-Life\\hlds.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "C:\\Program Files\\My Drivers\\MyDrivers.exe"= "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\ProgDVB\\ProgDvbNet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "86:TCP"= 86:TCP:BroadCam Web Server R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07] R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 09:20] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-09-23 20:21] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-14 02:22] S1 StarPortLite;StarPort Storage Controller (Lite);C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05] S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-26 16:26] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb01b14d-60ce-11dc-ab2e-806d6172696f}] \Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7c9c5aa-8a05-11dc-b161-0017319b95e3}] \Shell\AutoRun\command - H:\.\Start.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-15 10:17:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\system32\BsLangInDepRes.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************ . Completion time: 2008-03-15 10:21:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-15 09:21:22 ComboFix2.txt 2008-03-14 20:18:52 . 2007-09-13 08:16:44 --- E O F ---

Profil

dr_Bora Poslao: 15 Mar 2008 10:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipuj/raruj kompletan sledeći folder: C:\QooBox\Quarantine ( <--- Quarantine folder ) i uploaduj ga: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Save ... dugme ispod i sačuvaj logfile. Priloži sačuvani logfile uz poruku (koristi opciju Prikači fajl)

Profil

petar1975 Poslao: 15 Mar 2008 11:03 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: .rar je poslan, log prikačen. [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 15 Mar 2008 19:22 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini file mbr.exe sa ovog linka i sačuvaj ga na Desktopu. - Dvoklikom pokreni mbr.exe - Crni prozor će se na kratko otvoriti - Iskopiraj ovde sadržaj file-a mbr.log koji će se nalaziti na Desktopu. ------------------------------------------------------------------------------------- Preuzmi Dr.Web CureIt (~9 MB). Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » infekcija detektovana

Ko je trenutno na forumu

Ukupno su 2442 korisnika na forumu :: 88 registrovanih, 12 sakrivenih i 2342 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 4719 - dana 07 Dec 2025 13:00

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 4. Ozrenska, 6.5lapua, A.R.Chafee.Jr., advokat84, airliners, AleksSE, ALEXV, Apok, Aster Blistok, BaneM75, boracbl1389, Borski1977, brufen, buducnost, Centauro, Crazzer, Daba75, Django777, Djota1, DonRumataEstorski, Dovla 1980, draganl, Dvogled, Džordžino, eighty-one, Electron, Feller, foka106, Gall, Georgius, goran.vvv, goranvas, Great White, HrcAk47, Jakonjveliki, Jeremiah, Joint Chief, Kajzer Soze, Komentator, Konda, krkalon, lima, MaRtInsrbija1993, MB120mm, Mercury, Metanoja, miki kv, Milometer, milos97, minke, MK10, mm1811, Moldovan, monomah, Musklfiber, Nemanja Opalić, NiKoLa27, novator, nsharambasa, Orc, Panter, Papadubi, pein, Pekman, pirke96, radovanstojkov023, Ray1973, Remarqe, samojednoimeznam, scout81, sekretar, Sevetar, Shinobi, Simulink11000, Sledge Hammer, Srpska zauvjek, styg, theNedjeljko, tubular, ulogovan, vaci, vidra boy, virked, vjetar, VX1, Weah88, x011, zastavnik

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by