pogledajte ok jer ima. v

1

pogledajte ok jer ima. v

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:57, on 17.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)A
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\x\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [searching] Search from the Address bar
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6293 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Opet nisi ispratio uputstvo za otvaranje teme. Zašto? Koliko tema treba da ti obrišem da bi postalo jasno da je obavezno pratiti uputstvo za otvaranje teme?

Gde je opis problema zbog kojeg si otvorio temu? Kako neko da zna šta ti ustvari želiš?

Možda iz naslova treba da se zaključi:
Citat: pogledajte ok jer ima. v



Još jednom postavi ovakvu temu i biće ti onemogućeno dalje pisanje u forumu Ambulanta.


-------------------------------------------------------------------------------------





Počni sa obrazlaganjem problema, pa ćemo videti šta dalje.

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

ok nisam vas svatio . znači trebam da ovako sve uradim ali i da napisem problem. ako sam upravu. ima virusa na ovom kompu sto je njegov tekst

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi program RootRepeal sa jednog od sledećih linkova na Desktop:

http://rootrepeal.googlepages.com/RootRepeal.zip
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Raspakuj RootRepeal.zip u neki folder (uputstvo), a zatim:
dvoklikom pokreni RootRepeal.exe;

pređi na Report karticu (klikom na Report taster, dole, desno);

klikni Scan taster;

u prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK;

u narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.

po završetku, izveštaj (log) (koji će biti automatski sačuvan na sistemskom disku kao RootRepeal report datum (vreme).txt) će se otvoriti u Notepad-u.


Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

Napomena: tipična lokacija izveštaja je C:\RootRepeal report datum (vreme).txt [datum (vreme) - datum i vreme skeniranja)].

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

na sve nacine smo probali ali ovaj program RootRepeal neće da
otvori na ovom kompu sto je njegov problem.

ad13.geekstogo.com/RootRepeal.zip ovaj smo skinuli.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi SysProt AntiRootkit sa sledeće stranice:

SysProt downlaod

Na strani koja se otvori treba kliknuti "here" link.



Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;

štikliraj svih osam stavki i klikni Create log;

nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;

po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;

izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.



Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

Boro ni ovaj program ne može da pokrene zaštopa komp i mora ga resetovati da bi se u normalu vratio.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

ComboFix 09-08-10.06 - x 13.08.2009 16:29.8.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.130 [GMT 2:00]
Running from: c:\documents and settings\x\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-07-17 10:15 . 2009-07-17 10:15 -------- d-----w- c:\documents and settings\x\Application Data\Apple Computer
2009-07-16 18:16 . 2009-07-16 18:16 -------- d-----w- c:\program files\Zoner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 11:59 . 2007-07-15 21:46 10 ----a-w- c:\windows\popcinfo.dat
2009-07-17 10:06 . 2008-05-24 16:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-16 19:13 . 2008-10-23 20:00 -------- d-----w- c:\documents and settings\x\Application Data\Skype
2009-07-16 18:37 . 2008-10-24 18:41 -------- d-----w- c:\documents and settings\x\Application Data\skypePM
2009-06-28 09:19 . 2007-08-08 18:33 327664 ----a-w- c:\documents and settings\x\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 13:42 . 2009-06-24 21:02 1878984 ----a-w- c:\documents and settings\x\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-27 12:31 . 2007-03-12 01:08 1161 ----a-w- c:\program files\Yurecnik.ini
2009-06-26 13:46 . 2009-06-26 13:46 -------- d-----w- c:\documents and settings\x\Application Data\AdobeUM
2009-06-24 21:21 . 2009-06-24 21:18 -------- d-----w- c:\program files\QuickTime
2009-06-24 21:18 . 2009-06-24 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-24 21:13 . 2009-06-24 21:13 -------- d-----w- c:\program files\Apple Software Update
2009-06-24 21:13 . 2009-06-24 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-21 14:28 . 2009-06-21 14:28 -------- d-----w- c:\program files\Avira
2009-06-21 14:28 . 2009-06-21 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-16 14:55 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-03 22:56 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-06 22:10 . 1999-08-02 09:47 391680 ----a-w- c:\program files\YuRecnik.exe
2009-05-06 22:10 . 1999-08-02 09:40 224256 ----a-w- c:\program files\MiniYuRecnik.exe
2009-05-06 22:10 . 1999-01-25 04:27 29184 ----a-w- c:\program files\Uninstal.exe
2009-01-07 11:54 . 2007-03-12 01:08 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2007-08-07 21:20 . 2004-10-08 04:05 778240 ----a-w- c:\program files\Mv2Player.exe
2007-03-12 01:07 . 2007-03-12 01:06 10819 ---ha-w- c:\program files\Yurecnik.GID
2007-03-12 01:06 . 2007-03-12 01:06 1909 ----a-w- c:\program files\uninstal.log
2007-02-17 23:17 . 2005-05-11 00:02 313 ----a-w- c:\program files\MV2Player.rcn
2007-02-17 23:17 . 2005-05-11 00:02 10751 ----a-w- c:\program files\MV2Player.ini
2007-02-17 23:17 . 2005-05-11 00:02 36 ----a-w- c:\program files\LastSet.mv2
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 -c--a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^x^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.6.2009 16:28 108289]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.12.2008 19:51 29744]
S3 ISOUSB;Vimicro UVC generic driver;c:\windows\system32\drivers\vgeneric.sys [28.10.2008 22:20 64000]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\x\Desktop\SysProt\SysProt\SysProtDrv.sys [12.8.2009 15:11 44288]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [29.10.2008 21:04 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [29.10.2008 21:04 476032]
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)


.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=%s
IE: &Search - ?p=ZCfox000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Application Data\Mozilla\Firefox\Profiles\255yjv76.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\Npindeo.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-13 16:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(960)
c:\windows\System32\btneighborhood.dll
c:\windows\System32\wbtapi.dll
c:\windows\System32\msi.dll
c:\windows\System32\btwpimif.dll
c:\windows\System32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\BtXpPanel.Dll
.
Completion time: 2009-08-13 17:03
ComboFix-quarantined-files.txt 2009-08-13 15:03
ComboFix2.txt 2009-08-13 12:16
ComboFix3.txt 2009-06-22 21:28
ComboFix4.txt 2009-06-19 09:56
ComboFix5.txt 2009-08-13 14:28

Pre-Run: 776.642.560 bytes free
Post-Run: 761.360.384 bytes free

158 --- E O F --- 2009-07-15 22:47

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovde nigde ni traga malware-u.

Podseti me u čemu beše problem...

Ko je trenutno na forumu
 

Ukupno su 971 korisnika na forumu :: 25 registrovanih, 2 sakrivenih i 944 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, babaroga, Bobrock1, brundo65, cemix, darkangel, Futog 74, ILGromovnik, Kriglord, krkalon, LUDI, m0nstrum_, milenko crazy north, Mixelotti, mkukoleca, Nemanja.M, paja69, Parker, pein, powSrb, sabros, Shilok, slonic_tonic, sovanova95, tubular