MyCity » Ambulanta -> Arhiva Ambulante » proveraa

proveraa

Napisano na dan: 25.9.2008

Strana:
1
2

proveraa

Sledeća strana

Pagination

Odgovori

Strana:
1
2

nepoznatomesto Poslao: 25 Sep 2008 18:38 Idi na vrh
offline nepoznatomesto Novi MyCity građanin Pridružio: 25 Sep 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! cao predpostavljam da mu treba veliko ciscenje evo loga Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:15:10, on 25.9.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\Crawler\CToolbar.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\SS\Desktop\New Folder\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {35134B5E-62A1-4F3B-AEFF-3982CFD4FDE1} - C:\WINDOWS\System32\vtuts.dll (file missing) O2 - BHO: Internet Explorer Plugin - {42E8CF0E-948C-4FBE-B0CB-A39AD4304C28} - C:\WINDOWS\System32\PluginE.dll (file missing) O2 - BHO: (no name) - {6CEFFF01-916F-4CD1-A665-5FE8E5E81D13} - C:\WINDOWS\System32\tusqo.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Game Device] C:\PROGRA~1\Genius\G-08GA~1\JoyUpDrv.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O20 - Winlogon Notify: mljggge - C:\WINDOWS\ O20 - Winlogon Notify: tusqo - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: WinVideoDriver (WinVideo16) - Unknown owner - C:\WINDOWS\test16.exe (file missing) -- End of file - 6722 bytes

Profil

dr_Bora Poslao: 25 Sep 2008 19:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Pa, čišćenje mu treba. No, treba mu i Service Pack 3. Moraš da shvatiš da je čišćenje ovoga čisto gubljenje vremena ukoliko odmah nakon završetka procesa ne instaliraš SP3. ------------------------------------------------------------------------------------- Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. Takođe, potrebno je deaktivirati Spyware Terminator. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

nepoznatomesto Poslao: 25 Sep 2008 21:15 Idi na vrh
offline nepoznatomesto Novi MyCity građanin Pridružio: 25 Sep 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-25.03 - SS 2008-09-25 20:50:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.102 [GMT 2:00] Running from: C:\Documents and Settings\SS\Desktop\New Folder\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Program Files\network monitor C:\WINDOWS\keyboard1.dat C:\WINDOWS\newname.dat C:\WINDOWS\system32\bvrdirdf.ini C:\WINDOWS\system32\ciwnlhle.ini C:\WINDOWS\system32\eyxqrxqm.ini C:\WINDOWS\system32\gbwljmlt.ini C:\WINDOWS\system32\gfxfkjxp.ini C:\WINDOWS\system32\ghyrdbjf.ini C:\WINDOWS\system32\gshwuxdx.ini C:\WINDOWS\system32\jbbvdkpt.ini C:\WINDOWS\system32\jjhpxyfy.ini C:\WINDOWS\system32\kfkcoefx.ini C:\WINDOWS\system32\kgklaeuu.ini C:\WINDOWS\system32\leptcvut.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mnoniylr.ini C:\WINDOWS\system32\mqyjfxcg.ini C:\WINDOWS\system32\msvgyvel.ini C:\WINDOWS\system32\ovwcmnfm.ini C:\WINDOWS\system32\pqcvpxhu.ini C:\WINDOWS\system32\qpmqbfls.ini C:\WINDOWS\system32\ribavulp.ini C:\WINDOWS\system32\srbfjkcg.ini C:\WINDOWS\system32\trrcgalv.ini C:\WINDOWS\system32\txjmalqy.ini C:\WINDOWS\system32\uhfwwekc.ini C:\WINDOWS\system32\vkfwdcdt.ini C:\WINDOWS\system32\wbyxxrin.ini C:\WINDOWS\system32\wowdbcdx.ini C:\WINDOWS\system32\wyrjfuda.ini C:\WINDOWS\system32\ymliciuf.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR ((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 ))))))))))))))))))))))))))))))) . 2008-09-25 15:10 . 2008-09-25 15:10 <DIR> d-------- C:\Program Files\Alwil Software 2008-09-25 10:46 . 2008-09-25 10:46 244 --ah----- C:\sqmnoopt02.sqm 2008-09-25 10:46 . 2008-09-25 10:46 232 --ah----- C:\sqmdata02.sqm 2008-09-24 20:23 . 2008-09-24 20:23 244 --ah----- C:\sqmnoopt01.sqm 2008-09-24 20:23 . 2008-09-24 20:23 232 --ah----- C:\sqmdata01.sqm 2008-09-23 12:31 . 2008-09-23 12:31 268 --ah----- C:\sqmdata00.sqm 2008-09-23 12:31 . 2008-09-23 12:31 244 --ah----- C:\sqmnoopt00.sqm 2008-09-22 19:14 . 2008-09-22 19:14 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-09-21 15:56 . 2008-09-21 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-21 15:56 . 2008-09-21 15:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-20 18:24 . 2008-09-20 18:24 <DIR> d-------- C:\Program Files\FreshDevices 2008-09-19 11:49 . 2008-09-19 11:50 <DIR> d-------- C:\Program Files\Kiran's Typing Tutor 2008-09-17 17:07 . 2008-09-25 20:57 <DIR> d-------- C:\Program Files\Crawler 2008-09-17 16:44 . 2008-09-25 20:17 <DIR> d-------- C:\Program Files\WinClamAVShield 2008-09-17 16:42 . 2008-09-20 16:40 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-09-17 16:42 . 2008-09-25 20:16 <DIR> d-------- C:\Documents and Settings\SS\Application Data\Spyware Terminator 2008-09-17 16:42 . 2008-09-25 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-09-17 16:42 . 2008-09-17 16:42 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys 2008-09-16 12:13 . 2008-07-18 22:09 563,912 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll 2008-09-16 12:13 . 2008-07-18 22:09 325,832 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll 2008-09-16 12:13 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl 2008-09-16 12:13 . 2008-07-18 22:09 205,000 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll 2008-09-16 12:13 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll 2008-09-16 12:13 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe 2008-09-16 12:13 . 2008-07-18 22:10 36,552 --a------ C:\WINDOWS\SYSTEM32\wups.dll 2008-09-15 21:49 . 2008-09-20 18:47 406 --a------ C:\WINDOWS\SYSTEM32\ioloBootDefrag.cfg 2008-09-15 21:48 . 2008-09-15 21:48 <DIR> d-------- C:\Program Files\iolo 2008-09-15 21:48 . 2008-09-21 13:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo 2008-09-15 21:48 . 2008-09-09 10:15 922,464 --a------ C:\WINDOWS\SYSTEM32\Incinerator.dll 2008-09-15 21:48 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\SYSTEM32\iolobtdfg.exe 2008-09-15 21:48 . 2008-09-09 16:45 8,192 --a------ C:\WINDOWS\SYSTEM32\smrgdf.exe 2008-09-15 21:47 . 2008-09-19 15:35 <DIR> d-------- C:\Documents and Settings\SS\Application Data\iolo 2008-09-15 21:47 . 2008-09-15 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-09-15 21:47 . 2008-09-15 21:47 74,703 --a------ C:\WINDOWS\SYSTEM32\mfc45.dll 2008-09-15 12:51 . 2008-09-15 19:52 <DIR> d-------- C:\Program Files\Pure Sudoku 2008-09-15 10:56 . 2008-09-15 10:56 <DIR> d-------- C:\WINDOWS\zy_tmp 2008-09-15 10:56 . 2007-08-10 16:05 27,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rndismpk.sys 2008-09-15 10:56 . 2007-08-10 16:05 11,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usb8023k.sys 2008-09-15 10:56 . 2007-08-10 16:05 5,120 --a------ C:\WINDOWS\SYSTEM32\tcusbdrv.dll 2008-09-09 13:41 . 2008-06-24 07:22 477 --a------ C:\ma477.bin 2008-09-01 19:47 . 2008-09-01 19:47 <DIR> d-------- C:\Documents and Settings\SS\Application Data\DivX 2008-09-01 19:41 . 2008-09-01 19:46 <DIR> d-------- C:\Program Files\MPlayer for Windows 2008-09-01 19:39 . 2008-09-01 19:39 <DIR> d-------- C:\Program Files\Codec 2008-09-01 19:38 . 2008-09-01 19:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-01 19:38 . 2003-06-23 02:44 1,415,680 --a------ C:\WINDOWS\SYSTEM32\WMV9VCM.dll 2008-08-28 19:13 . 2008-08-28 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-08-28 18:37 . 2008-08-28 19:05 <DIR> d-------- C:\Program Files\F-Secure Internet Security . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 20:10 --------- d-----w C:\Documents and Settings\SS\Application Data\Skype 2008-09-19 18:05 --------- d-----w C:\Program Files\pdfTextReader 2008-09-17 14:36 --------- d-----w C:\Program Files\Lavasoft 2008-09-15 08:57 2,572 ----a-w C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP 2008-09-15 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-01 17:39 --------- d-----w C:\Program Files\DivX Total Pack 2008-08-28 16:33 --------- d-----w C:\Program Files\ESET 2008-08-17 16:36 566,784 ----a-w C:\WINDOWS\~de74bc.tmp 2008-08-13 17:20 --------- d-----w C:\Program Files\Star Defender 3 2008-08-05 17:59 --------- d-----w C:\Program Files\Call of Duty 2008-07-29 09:42 --------- d-----w C:\Program Files\Startup Mechanic 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll 2006-02-13 15:42 2,777,088 ----a-w C:\Program Files\FoxitReader.exe 2005-08-09 21:39 266 --sh--w C:\Program Files\desktop.ini 2005-08-09 21:39 11,079 ---ha-w C:\Program Files\folder.htt 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\INF\OTHER\AUDIO3D.DLL 2007-02-10 23:10 463,690 --sha-w C:\WINDOWS\SYSTEM32\jmnnn.bak1 2007-02-19 18:51 473,574 --sha-w C:\WINDOWS\SYSTEM32\jmnnn.bak2 2007-02-21 09:52 472,921 --sha-w C:\WINDOWS\SYSTEM32\jmnnn.ini2 2007-09-25 08:53 615,815 --sha-w C:\WINDOWS\SYSTEM32\oqsut.bak1 2008-05-05 10:31 199,208 --sha-w C:\WINDOWS\SYSTEM32\oqsut.bak2 2008-05-06 20:18 103,895 --sha-w C:\WINDOWS\SYSTEM32\oqsut.ini2 2008-05-08 12:07 8,177 --sha-w C:\WINDOWS\SYSTEM32\stutv.ini2 2002-08-29 04:41 1,336,832 --sha-r C:\WINDOWS\SYSTEM32\winsym16.exe 2005-07-29 14:24 472 --sha-r C:\WINDOWS\U1M\oYg.vbs . `<pre> ----a-w 992,100 2006-08-07 11:27:58 C:\Documents and Settings\SS\My Documents\My eBooks\downloads\cleancenter1.39.12 .exe </pre>` ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312] "NVIEW"="nview.dll" [2003-05-02 C:\WINDOWS\SYSTEM32\nview.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Game Device"="C:\PROGRA~1\Genius\G-08GA~1\JoyUpDrv.EXE" [2002-01-30 65617] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 4640768] "NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-10 77824] "Cmaudio"="cmicnfg.cpl" [N/A] "nwiz"="nwiz.exe" [2003-05-02 C:\WINDOWS\SYSTEM32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 13312] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-09 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax "VIDC.AP41"= APmpg4v1.dll "VIDC.ACDV"= ACDV.dll "msacm.divxa32"= msaud32_divx.acm "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416] R1 cdawdm;CDAWDM;C:\WINDOWS\System32\DRIVERS\CDAWDM.sys [2002-01-24 46735] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-09-17 141312] R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328] R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328] R3 VendorJoystickEnabler;Game device driver;C:\WINDOWS\System32\drivers\ghgame.sys [2002-01-07 65552] S2 WinVideo16;WinVideoDriver;C:\WINDOWS\test16.exe [ ] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\System32\DRIVERS\KS-959.sys [2005-08-31 19034] S3 SmartCd;SmartCd;C:\WINDOWS\System32\Drivers\SmartCd.sys [2002-01-19 6356] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{35134B5E-62A1-4F3B-AEFF-3982CFD4FDE1} - C:\WINDOWS\System32\vtuts.dll BHO-{6CEFFF01-916F-4CD1-A665-5FE8E5E81D13} - C:\WINDOWS\System32\tusqo.dll Notify-= - (no file) Notify-mljggge - (no file) Notify-tusqo - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank R1 -: HKCU-SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Crawler Search - tbr:iemenu O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O16 -: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\WINDOWS\Java\classes\dajava.cab C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {8731163E-77B9-4F91-9122-F112521C28AF} - [Link mogu videti samo ulogovani korisnici] C:\WINDOWS\Downloaded Program Files\SMILViewer_DX6.inf C:\WINDOWS\System32\l3codecx.ax C:\WINDOWS\System32\QEdit.dll C:\WINDOWS\scroll.bmp C:\WINDOWS\System32\Pal.dll C:\WINDOWS\System32\ErrorHandler.dll C:\WINDOWS\System32\MCS.dll C:\WINDOWS\Downloaded Program Files\xmltok.dll C:\WINDOWS\Downloaded Program Files\xmlparse.dll C:\WINDOWS\Downloaded Program Files\coltrans.ax C:\WINDOWS\Downloaded Program Files\WBMPSource.ax C:\WINDOWS\Downloaded Program Files\PNGSource.ax C:\WINDOWS\System32\Mpeg4DSF.dll C:\WINDOWS\System32\Mpeg4Tools.dll C:\WINDOWS\System32\Mpeg4System.dll C:\WINDOWS\Downloaded Program Files\MelodySourceParser.ax C:\WINDOWS\System32\AMRDSF.dll C:\WINDOWS\System32\AMR.dll C:\WINDOWS\Downloaded Program Files\scg.ax C:\WINDOWS\Downloaded Program Files\HtmlParser.dll C:\WINDOWS\Downloaded Program Files\HTMLSourceFilter.ax C:\WINDOWS\Downloaded Program Files\VideoCompositor.ax C:\WINDOWS\Downloaded Program Files\StreamControl.ax C:\WINDOWS\Downloaded Program Files\DownloadersWI.dll C:\WINDOWS\Downloaded Program Files\Parsers.dll C:\WINDOWS\Downloaded Program Files\PlayerServer.dll C:\WINDOWS\Downloaded Program Files\MPO.dll C:\WINDOWS\Downloaded Program Files\CoreExecutive.dll C:\WINDOWS\Downloaded Program Files\SMILInetCtrl.dll C:\WINDOWS\Downloaded Program Files\RegType_IE.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-25 20:59:22 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\SYSTEM32\imapi.exe C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe . ************************************************************************ . Completion time: 2008-09-25 21:08:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-25 19:07:04 Pre-Run: 4.383.928.320 bytes free Post-Run: 4,653,289,472 bytes free 265

Profil

dr_Bora Poslao: 25 Sep 2008 21:59 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih file-ova: [Link mogu videti samo ulogovani korisnici] Spakuj u zip (ili rar) sledeći file: C:\WINDOWS\SYSTEM32\winsym16.exe i uploaduj ga preko ovog linka: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\SYSTEM32\jmnnn.bak1 C:\WINDOWS\SYSTEM32\jmnnn.bak2 C:\WINDOWS\SYSTEM32\jmnnn.ini2 C:\WINDOWS\SYSTEM32\oqsut.bak1 C:\WINDOWS\SYSTEM32\oqsut.bak2 C:\WINDOWS\SYSTEM32\oqsut.ini2 C:\WINDOWS\SYSTEM32\stutv.ini2 DirLook: C:\WINDOWS\U1M Driver:: WinVideo16` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nepoznatomesto Poslao: 25 Sep 2008 23:21 Idi na vrh
offline nepoznatomesto Novi MyCity građanin Pridružio: 25 Sep 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uploadovao sam onaj fajl i evo novog loga : ComboFix 08-09-25.03 - SS 2008-09-25 22:58:07.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.101 [GMT 2:00] Running from: C:\Documents and Settings\SS\Desktop\New Folder\ComboFix.exe Command switches used :: C:\Documents and Settings\SS\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\SYSTEM32\jmnnn.bak1 C:\WINDOWS\SYSTEM32\jmnnn.bak2 C:\WINDOWS\SYSTEM32\jmnnn.ini2 C:\WINDOWS\SYSTEM32\oqsut.bak1 C:\WINDOWS\SYSTEM32\oqsut.bak2 C:\WINDOWS\SYSTEM32\oqsut.ini2 C:\WINDOWS\SYSTEM32\stutv.ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SYSTEM32\jmnnn.bak1 C:\WINDOWS\SYSTEM32\jmnnn.bak2 C:\WINDOWS\SYSTEM32\jmnnn.ini2 C:\WINDOWS\SYSTEM32\oqsut.bak1 C:\WINDOWS\SYSTEM32\oqsut.bak2 C:\WINDOWS\SYSTEM32\oqsut.ini2 C:\WINDOWS\SYSTEM32\stutv.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINVIDEO16 -------\Service_WinVideo16 ((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 ))))))))))))))))))))))))))))))) . 2008-09-25 22:45 . 2008-09-25 22:45 1,302,743 --a------ C:\WINDOWS\SYSTEM32\winsym16.zip 2008-09-25 15:10 . 2008-09-25 15:10 <DIR> d-------- C:\Program Files\Alwil Software 2008-09-25 10:46 . 2008-09-25 10:46 244 --ah----- C:\sqmnoopt02.sqm 2008-09-25 10:46 . 2008-09-25 10:46 232 --ah----- C:\sqmdata02.sqm 2008-09-24 20:23 . 2008-09-24 20:23 244 --ah----- C:\sqmnoopt01.sqm 2008-09-24 20:23 . 2008-09-24 20:23 232 --ah----- C:\sqmdata01.sqm 2008-09-23 12:31 . 2008-09-23 12:31 268 --ah----- C:\sqmdata00.sqm 2008-09-23 12:31 . 2008-09-23 12:31 244 --ah----- C:\sqmnoopt00.sqm 2008-09-22 19:14 . 2008-09-22 19:14 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-09-21 15:56 . 2008-09-21 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-21 15:56 . 2008-09-21 15:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-20 18:24 . 2008-09-20 18:24 <DIR> d-------- C:\Program Files\FreshDevices 2008-09-19 11:49 . 2008-09-19 11:50 <DIR> d-------- C:\Program Files\Kiran's Typing Tutor 2008-09-17 17:07 . 2008-09-25 22:56 <DIR> d-------- C:\Program Files\Crawler 2008-09-17 16:44 . 2008-09-25 20:17 <DIR> d-------- C:\Program Files\WinClamAVShield 2008-09-17 16:42 . 2008-09-20 16:40 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-09-17 16:42 . 2008-09-25 20:16 <DIR> d-------- C:\Documents and Settings\SS\Application Data\Spyware Terminator 2008-09-17 16:42 . 2008-09-25 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-09-17 16:42 . 2008-09-17 16:42 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys 2008-09-16 12:13 . 2008-07-18 22:09 563,912 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll 2008-09-16 12:13 . 2008-07-18 22:09 325,832 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll 2008-09-16 12:13 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl 2008-09-16 12:13 . 2008-07-18 22:09 205,000 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll 2008-09-16 12:13 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll 2008-09-16 12:13 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe 2008-09-16 12:13 . 2008-07-18 22:10 36,552 --a------ C:\WINDOWS\SYSTEM32\wups.dll 2008-09-15 21:49 . 2008-09-20 18:47 406 --a------ C:\WINDOWS\SYSTEM32\ioloBootDefrag.cfg 2008-09-15 21:48 . 2008-09-15 21:48 <DIR> d-------- C:\Program Files\iolo 2008-09-15 21:48 . 2008-09-21 13:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo 2008-09-15 21:48 . 2008-09-09 10:15 922,464 --a------ C:\WINDOWS\SYSTEM32\Incinerator.dll 2008-09-15 21:48 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\SYSTEM32\iolobtdfg.exe 2008-09-15 21:48 . 2008-09-09 16:45 8,192 --a------ C:\WINDOWS\SYSTEM32\smrgdf.exe 2008-09-15 21:47 . 2008-09-19 15:35 <DIR> d-------- C:\Documents and Settings\SS\Application Data\iolo 2008-09-15 21:47 . 2008-09-15 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-09-15 21:47 . 2008-09-15 21:47 74,703 --a------ C:\WINDOWS\SYSTEM32\mfc45.dll 2008-09-15 12:51 . 2008-09-15 19:52 <DIR> d-------- C:\Program Files\Pure Sudoku 2008-09-15 10:56 . 2008-09-15 10:56 <DIR> d-------- C:\WINDOWS\zy_tmp 2008-09-15 10:56 . 2007-08-10 16:05 27,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rndismpk.sys 2008-09-15 10:56 . 2007-08-10 16:05 11,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usb8023k.sys 2008-09-15 10:56 . 2007-08-10 16:05 5,120 --a------ C:\WINDOWS\SYSTEM32\tcusbdrv.dll 2008-09-09 13:41 . 2008-06-24 07:22 477 --a------ C:\ma477.bin 2008-09-01 19:47 . 2008-09-01 19:47 <DIR> d-------- C:\Documents and Settings\SS\Application Data\DivX 2008-09-01 19:41 . 2008-09-01 19:46 <DIR> d-------- C:\Program Files\MPlayer for Windows 2008-09-01 19:39 . 2008-09-01 19:39 <DIR> d-------- C:\Program Files\Codec 2008-09-01 19:38 . 2008-09-01 19:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-01 19:38 . 2003-06-23 02:44 1,415,680 --a------ C:\WINDOWS\SYSTEM32\WMV9VCM.dll 2008-08-28 19:13 . 2008-08-28 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-08-28 18:37 . 2008-08-28 19:05 <DIR> d-------- C:\Program Files\F-Secure Internet Security . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-25 20:38 --------- d-----w C:\Documents and Settings\SS\Application Data\Skype 2008-09-19 18:05 --------- d-----w C:\Program Files\pdfTextReader 2008-09-17 14:36 --------- d-----w C:\Program Files\Lavasoft 2008-09-15 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-01 17:39 --------- d-----w C:\Program Files\DivX Total Pack 2008-08-28 16:33 --------- d-----w C:\Program Files\ESET 2008-08-17 16:36 566,784 ----a-w C:\WINDOWS\~de74bc.tmp 2008-08-13 17:20 --------- d-----w C:\Program Files\Star Defender 3 2008-08-05 17:59 --------- d-----w C:\Program Files\Call of Duty 2008-07-29 09:42 --------- d-----w C:\Program Files\Startup Mechanic 2006-02-13 15:42 2,777,088 ----a-w C:\Program Files\FoxitReader.exe 2005-08-09 21:39 266 --sh--w C:\Program Files\desktop.ini 2005-08-09 21:39 11,079 ---ha-w C:\Program Files\folder.htt 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\INF\OTHER\AUDIO3D.DLL 2002-08-29 04:41 1,336,832 --sh--r C:\WINDOWS\SYSTEM32\winsym16.exe 2005-07-29 14:24 472 --sha-r C:\WINDOWS\U1M\oYg.vbs . `<pre> ----a-w 992,100 2006-08-07 11:27:58 C:\Documents and Settings\SS\My Documents\My eBooks\downloads\cleancenter1.39.12 .exe </pre>` (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\U1M ---- 2005-07-29 16:24 472 -rahs---- C:\WINDOWS\U1M\oYg.vbs ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-25 21:03:23 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312] "NVIEW"="nview.dll" [2003-05-02 C:\WINDOWS\SYSTEM32\nview.dll] "Symantec16"="winsym16.exe" [2002-08-29 C:\WINDOWS\SYSTEM32\winsym16.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Game Device"="C:\PROGRA~1\Genius\G-08GA~1\JoyUpDrv.EXE" [2002-01-30 65617] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 4640768] "NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-10 77824] "Cmaudio"="cmicnfg.cpl" [N/A] "nwiz"="nwiz.exe" [2003-05-02 C:\WINDOWS\SYSTEM32\nwiz.exe] "Symantec16"="winsym16.exe" [2002-08-29 C:\WINDOWS\SYSTEM32\winsym16.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Symantec16"="winsym16.exe" [2002-08-29 C:\WINDOWS\SYSTEM32\winsym16.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 13312] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-09 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax "VIDC.AP41"= APmpg4v1.dll "VIDC.ACDV"= ACDV.dll "msacm.divxa32"= msaud32_divx.acm "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416] R1 cdawdm;CDAWDM;C:\WINDOWS\System32\DRIVERS\CDAWDM.sys [2002-01-24 46735] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-09-17 141312] R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328] R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328] R3 VendorJoystickEnabler;Game device driver;C:\WINDOWS\System32\drivers\ghgame.sys [2002-01-07 65552] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\System32\DRIVERS\KS-959.sys [2005-08-31 19034] S3 SmartCd;SmartCd;C:\WINDOWS\System32\Drivers\SmartCd.sys [2002-01-19 6356] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - Notify-= - (no file) ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-25 23:04:14 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe . ************************************************************************ . Completion time: 2008-09-25 23:13:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-25 21:12:52 ComboFix2.txt 2008-09-25 19:08:16 Pre-Run: 4.627.369.984 bytes free Post-Run: 4,621,561,856 bytes free 192

Profil

dr_Bora Poslao: 26 Sep 2008 13:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\SYSTEM32\winsym16.zip C:\WINDOWS\SYSTEM32\winsym16.exe Folder:: C:\WINDOWS\U1M Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec16"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec16"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Symantec16"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nepoznatomesto Poslao: 26 Sep 2008 14:22 Idi na vrh
offline nepoznatomesto Novi MyCity građanin Pridružio: 25 Sep 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-25.05 - SS 2008-09-26 14:06:56.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.93 [GMT 2:00] Running from: C:\Documents and Settings\SS\Desktop\New Folder\ComboFix.exe Command switches used :: C:\Documents and Settings\SS\Desktop\CFScript.txt.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\SYSTEM32\winsym16.exe C:\WINDOWS\SYSTEM32\winsym16.zip . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SYSTEM32\winsym16.exe C:\WINDOWS\SYSTEM32\winsym16.zip C:\WINDOWS\U1M C:\WINDOWS\U1M\oYg.vbs . ((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-25 15:10 . 2008-09-25 15:10 <DIR> d-------- C:\Program Files\Alwil Software 2008-09-25 10:46 . 2008-09-25 10:46 244 --ah----- C:\sqmnoopt02.sqm 2008-09-25 10:46 . 2008-09-25 10:46 232 --ah----- C:\sqmdata02.sqm 2008-09-24 20:23 . 2008-09-24 20:23 244 --ah----- C:\sqmnoopt01.sqm 2008-09-24 20:23 . 2008-09-24 20:23 232 --ah----- C:\sqmdata01.sqm 2008-09-23 12:31 . 2008-09-23 12:31 268 --ah----- C:\sqmdata00.sqm 2008-09-23 12:31 . 2008-09-23 12:31 244 --ah----- C:\sqmnoopt00.sqm 2008-09-22 19:14 . 2008-09-22 19:14 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-09-21 15:56 . 2008-09-21 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-21 15:56 . 2008-09-21 15:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-20 18:24 . 2008-09-20 18:24 <DIR> d-------- C:\Program Files\FreshDevices 2008-09-19 11:49 . 2008-09-19 11:50 <DIR> d-------- C:\Program Files\Kiran's Typing Tutor 2008-09-17 17:07 . 2008-09-26 14:03 <DIR> d-------- C:\Program Files\Crawler 2008-09-17 16:44 . 2008-09-25 20:17 <DIR> d-------- C:\Program Files\WinClamAVShield 2008-09-17 16:42 . 2008-09-20 16:40 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-09-17 16:42 . 2008-09-25 20:16 <DIR> d-------- C:\Documents and Settings\SS\Application Data\Spyware Terminator 2008-09-17 16:42 . 2008-09-25 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-09-17 16:42 . 2008-09-17 16:42 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys 2008-09-16 12:13 . 2008-07-18 22:09 563,912 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll 2008-09-16 12:13 . 2008-07-18 22:09 325,832 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll 2008-09-16 12:13 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl 2008-09-16 12:13 . 2008-07-18 22:09 205,000 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll 2008-09-16 12:13 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll 2008-09-16 12:13 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe 2008-09-16 12:13 . 2008-07-18 22:10 36,552 --a------ C:\WINDOWS\SYSTEM32\wups.dll 2008-09-15 21:49 . 2008-09-20 18:47 406 --a------ C:\WINDOWS\SYSTEM32\ioloBootDefrag.cfg 2008-09-15 21:48 . 2008-09-15 21:48 <DIR> d-------- C:\Program Files\iolo 2008-09-15 21:48 . 2008-09-21 13:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo 2008-09-15 21:48 . 2008-09-09 10:15 922,464 --a------ C:\WINDOWS\SYSTEM32\Incinerator.dll 2008-09-15 21:48 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\SYSTEM32\iolobtdfg.exe 2008-09-15 21:48 . 2008-09-09 16:45 8,192 --a------ C:\WINDOWS\SYSTEM32\smrgdf.exe 2008-09-15 21:47 . 2008-09-19 15:35 <DIR> d-------- C:\Documents and Settings\SS\Application Data\iolo 2008-09-15 21:47 . 2008-09-15 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-09-15 21:47 . 2008-09-15 21:47 74,703 --a------ C:\WINDOWS\SYSTEM32\mfc45.dll 2008-09-15 12:51 . 2008-09-15 19:52 <DIR> d-------- C:\Program Files\Pure Sudoku 2008-09-15 10:56 . 2008-09-15 10:56 <DIR> d-------- C:\WINDOWS\zy_tmp 2008-09-15 10:56 . 2007-08-10 16:05 27,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rndismpk.sys 2008-09-15 10:56 . 2007-08-10 16:05 11,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usb8023k.sys 2008-09-15 10:56 . 2007-08-10 16:05 5,120 --a------ C:\WINDOWS\SYSTEM32\tcusbdrv.dll 2008-09-09 13:41 . 2008-06-24 07:22 477 --a------ C:\ma477.bin 2008-09-01 19:47 . 2008-09-01 19:47 <DIR> d-------- C:\Documents and Settings\SS\Application Data\DivX 2008-09-01 19:41 . 2008-09-01 19:46 <DIR> d-------- C:\Program Files\MPlayer for Windows 2008-09-01 19:39 . 2008-09-01 19:39 <DIR> d-------- C:\Program Files\Codec 2008-09-01 19:38 . 2008-09-01 19:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-01 19:38 . 2003-06-23 02:44 1,415,680 --a------ C:\WINDOWS\SYSTEM32\WMV9VCM.dll 2008-08-28 19:13 . 2008-08-28 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-08-28 18:37 . 2008-08-28 19:05 <DIR> d-------- C:\Program Files\F-Secure Internet Security . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-25 20:38 --------- d-----w C:\Documents and Settings\SS\Application Data\Skype 2008-09-25 19:01 2,572 ----a-w C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP 2008-09-19 18:05 --------- d-----w C:\Program Files\pdfTextReader 2008-09-17 14:36 --------- d-----w C:\Program Files\Lavasoft 2008-09-15 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-01 17:39 --------- d-----w C:\Program Files\DivX Total Pack 2008-08-28 16:33 --------- d-----w C:\Program Files\ESET 2008-08-17 16:36 566,784 ----a-w C:\WINDOWS\~de74bc.tmp 2008-08-13 17:20 --------- d-----w C:\Program Files\Star Defender 3 2008-08-05 17:59 --------- d-----w C:\Program Files\Call of Duty 2008-07-29 09:42 --------- d-----w C:\Program Files\Startup Mechanic 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll 2006-02-13 15:42 2,777,088 ----a-w C:\Program Files\FoxitReader.exe 2005-08-09 21:39 266 --sh--w C:\Program Files\desktop.ini 2005-08-09 21:39 11,079 ---ha-w C:\Program Files\folder.htt 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\INF\OTHER\AUDIO3D.DLL . `<pre> ----a-w 992,100 2006-08-07 11:27:58 C:\Documents and Settings\SS\My Documents\My eBooks\downloads\cleancenter1.39.12 .exe </pre>` ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-25 18:50:14 262,144 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\NtUser.dat + 2008-09-26 12:06:38 262,144 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\NtUser.dat + 2008-09-26 08:42:27 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_440.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312] "NVIEW"="nview.dll" [2003-05-02 C:\WINDOWS\SYSTEM32\nview.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Game Device"="C:\PROGRA~1\Genius\G-08GA~1\JoyUpDrv.EXE" [2002-01-30 65617] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 4640768] "NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-10 77824] "Cmaudio"="cmicnfg.cpl" [N/A] "nwiz"="nwiz.exe" [2003-05-02 C:\WINDOWS\SYSTEM32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 13312] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-09 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax "VIDC.AP41"= APmpg4v1.dll "VIDC.ACDV"= ACDV.dll "msacm.divxa32"= msaud32_divx.acm "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416] R1 cdawdm;CDAWDM;C:\WINDOWS\System32\DRIVERS\CDAWDM.sys [2002-01-24 46735] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-09-17 141312] R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328] R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328] R3 VendorJoystickEnabler;Game device driver;C:\WINDOWS\System32\drivers\ghgame.sys [2002-01-07 65552] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\System32\DRIVERS\KS-959.sys [2005-08-31 19034] S3 SmartCd;SmartCd;C:\WINDOWS\System32\Drivers\SmartCd.sys [2002-01-19 6356] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - Notify-= - (no file) ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-26 14:10:13 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-26 14:15:54 ComboFix-quarantined-files.txt 2008-09-26 12:15:49 ComboFix2.txt 2008-09-25 21:13:04 ComboFix3.txt 2008-09-25 19:08:16 Pre-Run: 4.549.238.784 bytes free Post-Run: 4,564,164,608 bytes free 161

Profil

dr_Bora Poslao: 26 Sep 2008 14:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

nepoznatomesto Poslao: 26 Sep 2008 14:53 Idi na vrh
offline nepoznatomesto Novi MyCity građanin Pridružio: 25 Sep 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 26 Sep 2008 14:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Neki problem?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » proveraa

Ko je trenutno na forumu

Ukupno su 1465 korisnika na forumu :: 103 registrovanih, 6 sakrivenih i 1356 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 19602 - dana 30 Mar 2026 00:11

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _stipa_, AMCXXL, amstel, ArchaBasha, Arsenije, Aska, Asparagus, Ba4e, bigbear, blatruc82, bokisha253, Bosnjo, BZ, cifra, Civa, cvrle312, cyprus, darionis, darkojovxp, delrey, draganl, Dukelander, eagle.rs, Ercomero, FOX, Fulcrum-A, gale48, Georgius, Gogi_avio, goran.vvv, hologram, Igor Antonic, K-1A, Kajzer Soze, kreker, Kruger, Kukuvaja, Lep1na, Lieutenant, loon123, M74AB3, Marko1238, MarkoDzimi, maxim_von_burdengate, Mcdado, Medojed, menk, mikelija, MIKI63, Milan1996, milanpb, Miler88, Milos ZA, milos.cbr, Mirsen, Misirac, Mitraljeta, mkukoleca, mocnijogurt, Nebojsa81, Niki1995, niksa517, nnovakis, nobutado, obsc, Oklopnjak, paladin71, pein, Podljub, procesor, Radoslava, raf87, RajkoB, rambod, raptorsi, raster12, Remain, repac, Rupert, Sass Drake, Shoja, skok, Smiljkovich, Srky Boy, sspp, stagezin, Tastatura ratnik, toni061, TripleMMM, tvlada, Uros Cuore Sportivo, Velizar Laro, vensla, xoxxvelja, YFSS33, Zandar, Zec, ZetaMan, zlatkoa987, zokilivac, zule2, Zvone, Žoržo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by