upomoc!

upomoc!

offline
  • Chao 
  • Novi MyCity građanin
  • Pridružio: 04 Dec 2008
  • Poruke: 4

Logfile of Spyware Terminator v2.5.0.567 (db:2.012.004.000)
Scan Time: 4.12.2008 19:35:12 length: 107 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 48948 (Critical:3)
Filter: No System items, No Safe items, No Invalid items

Running Processes
OpwareSE4.exe [ScanSoft, Inc.] : C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
SafeSignCertReg.exe [A.E.T. Europe B.V.] : C:\WINDOWS\system32\SafeSignCertReg.exe
DrgToDsc.exe [Roxio] : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
Monitor.exe [PixArt Imaging Incorporation] : C:\WINDOWS\PixArt\PAC207\Monitor.exe
egui.exe [ESET] : C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
TJEnder.exe [ISecSoft] : C:\Program Files\Anti Trojan Elite\TJEnder.exe
PCTAV.exe [PC Tools Research Pty Ltd] : C:\Program Files\PC Tools AntiVirus\PCTAV.exe
Playlist.exe [Roxio, Inc.] : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
AppleMobileDeviceService.exe [Apple, Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
ekrn.exe [ESET] : C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
PCTAVSvc.exe [PC Tools Research Pty Ltd] : C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
PnkBstrA.exe : C:\WINDOWS\system32\PnkBstrA.exe
PnkBstrB.exe : C:\WINDOWS\system32\PnkBstrB.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SSBkgdUpdate : [Nuance Communications, Inc.] : C:\Program Files\Common Files\SCANSOFT SHARED\SSBKGDUPDATE\SSBKGDUPDATE.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, OpwareSE4 : [ScanSoft, Inc.] : C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CertificateRegistration : [A.E.T. Europe B.V.] : C:\WINDOWS\system32\SafeSignCertReg.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RoxioEngineUtility : [Roxio] : C:\Program Files\Common Files\ROXIO SHARED\SYSTEM\ENGUTIL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RoxioDragToDisc : [Roxio] : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Monitor : [PixArt Imaging Incorporation] : C:\WINDOWS\PixArt\PAC207\Monitor.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, egui : [ESET] : C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Anti Trojan Elite : [ISecSoft] : C:\Program Files\Anti Trojan Elite\TJEnder.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PCTAVApp : [PC Tools Research Pty Ltd] : C:\Program Files\PC Tools AntiVirus\PCTAV.exe

Shell Extensions
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
Roxio DragToDisc Shell Extension - {5E44E225-A408-11CF-B581-008029601108} - [Roxio] : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll
My Media - {A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} - [Roxio, Inc.] : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll
Eset Smart Security - Context Menu Shell Extension - {B089FE88-FB52-11D3-BDF1-0050DA34150D} - [ESET] : C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll

Protocol Handler
IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [Skype Technologies] : C:\Program Files\Common Files\Skype\Skype4COM.dll

Services
23 - [Apple, Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - : C:\Program Files\Anti Trojan Elite\ATEPMon.sys
23 - [PC Tools Research Pty Ltd] : C:\WINDOWS\system32\drivers\AVFilter.sys
23 - [PC Tools Research Pty Ltd.] : C:\WINDOWS\system32\drivers\AVHook.sys
23 - [PC Tools Research Pty Ltd] : C:\WINDOWS\system32\drivers\AVRec.sys
23 - [IVT Corporation.] : C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
23 - [IVT Corporation.] : C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
23 - [IVT Corporation.] : C:\WINDOWS\system32\Drivers\vbtenum.sys
23 - [IVT Corporation.] : C:\WINDOWS\system32\Drivers\BTHidMgr.sys
23 - [OMNIKEY] : C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
23 - : C:\WINDOWS\system32\Drivers\dtscsi.sys
23 - [ESET] : C:\WINDOWS\system32\DRIVERS\eamon.sys
23 - [ESET] : C:\WINDOWS\system32\DRIVERS\easdrv.sys
23 - [ESET] : C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23 - : C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [LT] : C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - [PC Tools Research Pty Ltd] : C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
23 - : C:\WINDOWS\system32\PnkBstrA.exe
23 - : C:\WINDOWS\system32\PnkBstrB.exe
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
23 - [IVT Corporation.] : C:\WINDOWS\system32\DRIVERS\VComm.sys
23 - [IVT Corporation.] : C:\WINDOWS\system32\Drivers\VcommMgr.sys

Threat Files
<Backdoor.TDSS.atb> [Microsoft Corporation] : C:\WINDOWS\system32\TDSSriqp.dll
<Backdoor.TDSS.aru> [Microsoft Corporation] : C:\WINDOWS\system32\TDSSoiqh.dll

Advanced Files Report
%PROGRAMFILES%\PC Tools AntiVirus\PCTAVHook.dll [PC Tools Research Pty Ltd] [PCTAVHook Dynamic Link Library] MD5=638008CB678D0F6F643F1D21166D17D0 SIZE=190352
%SYSDIR%\aetcsss1.dll [A.E.T. Europe B.V.] [SafeSign] MD5=479A1F2D9B021F9AD27C0BD1CE7D518C SIZE=131072
%SYSDIR%\aetdlss1.dll [A.E.T. Europe B.V.] [SafeSign] MD5=9EDDDDD9B349B8AB43DB4523477D73FC SIZE=651264
%SYSDIR%\aetpkss1.dll [A.E.T. Europe B.V.] [SafeSign] MD5=006F49ACDB0940C12B31521DEB3D64D0 SIZE=499712
%COMMONFILES%\PC Tools\Lsp\PCTLsp.dll [PC Tools Research Pty Ltd.] [PC Tools Content Filter] MD5=65CCD937502870F0464582B190571E34 SIZE=190360
%SYSDIR%\CnAS0MMK.DLL [Canon Inc.] [Canon CP Language Monitor 3] MD5=C75F10ABB740D1FD5E8C3A0A53DB2F2E SIZE=53248
%PROGRAMFILES%\ScanSoft\OmniPageSE4.0\OpHookSE4.dll [ScanSoft, Inc.] [OmniPage] MD5=4118E67555A6927789EAAA43BD855FA3 SIZE=144936
%SYSDIR%\nvwddi.dll [NVIDIA Corporation] [NVIDIA nView Display Driver Interface Lib, Version 158.27] MD5=D6485A6F897C9A1FB036AF686804132A SIZE=81920
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=C42671F177940F17AF1079F935FC9F8C SIZE=352256
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 110.92] MD5=76DD76CAAEA90E5C12B32D2A3484496C SIZE=466944
%COMMONFILES%\Roxio Shared\DLLShared\apm.dll [APM Module] MD5=3745E5510EB76DB9182D22392B5DC89A SIZE=40960
%SYSDIR%\CDRTC.DLL [Roxio] [Drag-to-Disc] MD5=1593490F5E8CBE5CA59CF9E872FBE33E SIZE=61440
%SYSDIR%\cdral.DLL [Roxio] [Drag-to-Disc] MD5=A5F798B76495C7B02E794C9907AFFFDE SIZE=45056
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXAudioCodec.dll [Roxio, Inc.] [AudioCentral Codec] MD5=78E1CF5DB60C4BA140C0F2B51A561CF4 SIZE=147456
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXACCD.dll [Roxio, Inc.] [AudioCentral Codec] MD5=22FF13E651ED5B3C490CD2B3BB684D25 SIZE=49152
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXACMP3.dll [Roxio, Inc.] [AudioCentral Codec] MD5=88EB2DE27052367EAC8DE6BE2B6D6D04 SIZE=274432
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\Playlistps.dll MD5=E9E2BD338F652BDB701B2E9B9C789723 SIZE=24576
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXACMP3Q.dll [Roxio, Inc.] [AudioCentral Codec] MD5=B43B57C95851497B28565D1B18CB2E9C SIZE=270336
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXACOGG.dll [Roxio, Inc.] [AudioCentral Codec] MD5=52A2EAE417B67FD9C3D6A62E99A46D4A SIZE=1024000
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXACRXS.dll [Roxio, Inc.] [AudioCentral Codec] MD5=E0FCEF8B4BBE906F919C6E9878CE783C SIZE=61440
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXACWAV.dll [Roxio, Inc.] [AudioCentral Codec] MD5=EA52CEC0F1EC6C862ADD86E76F39F40D SIZE=135168
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\RXACWMA.dll [Roxio, Inc.] [AudioCentral Codec] MD5=D57FAC0EB0AF5E4E28D97C984AF84064 SIZE=143360
%COMMONFILES%\Roxio Shared\CDEngine\CDEngine.dll [Roxio] [Easy CD Creator Engine] MD5=D1B9D0A9E8C85A4CAD501F9A54E9C2BC SIZE=765952
%COMMONFILES%\Roxio Shared\CDEngine\TRKWRITE.dll [Roxio] [Easy CD Creator Engine] MD5=667CB2BC26639F2BC28A2469FB3430EA SIZE=90112
%COMMONFILES%\Roxio Shared\CDEngine\ACMWrapperV2.dll [Roxio] [Easy CD Creator Engine] MD5=426D07040B8AC7170BF39B52943896A1 SIZE=389120
%COMMONFILES%\Roxio Shared\CDEngine\driversV2.dll [Roxio] [Easy CD Creator Engine] MD5=3DBC12EDC8CA1378363443768301138E SIZE=917611
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiScan.dll [ESET] [ESET Smart Security] MD5=823E2B68AA19A6AD3B14CBD8C0D638FF SIZE=275712
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiAmon.dll [ESET] [ESET Smart Security] MD5=1D976CEF0161623E127192F9C07F2A5C SIZE=103680
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiEmon.dll [ESET] [ESET Smart Security] MD5=A24E7E522DA6C7F0351B652F3D5FBAFC SIZE=107776
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiEpfw.dll [ESET] [ESET Smart Security] MD5=283E914B0F87BC08CC0DB0FF1090D74C SIZE=771328
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiUpdate.dll [ESET] [ESET Smart Security] MD5=6CFD487BD226963A69C4D848A59952D7 SIZE=226560
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll [ESET] [ESET Smart Security] MD5=E42742248D4D834CB27ABFEB1CCFC07A SIZE=91392
%PROGRAMFILES%\Anti Trojan Elite\BORLNDMM.DLL [Borland Software Corporation] [Borland Memory Manager] MD5=0CF6C24C611C58FE8B85DA545DD68364 SIZE=22016
%PROGRAMFILES%\Anti Trojan Elite\CC3260MT.DLL [Borland Corporation] [Borland C++ Builder 6.0] MD5=0DF3473346769C1C732222C2664E65FE SIZE=1497088
%PROGRAMFILES%\Anti Trojan Elite\HELPER.DLL [TestDLL Dynamic Link Library] MD5=72EB78753126ED8E28ED140A105E0E30 SIZE=69632
%PROGRAMFILES%\Anti Trojan Elite\MLGU.DLL [????] [????] MD5=39732B89C4A7E1C1871FF4B7797F0EE4 SIZE=72192
%PROGRAMFILES%\Anti Trojan Elite\TROJANSCAN.DLL MD5=D1CEE5059ADBA68A7298ED62A219F9BA SIZE=61440
%PROGRAMFILES%\Anti Trojan Elite\UNRARSCAN.DLL MD5=5AF8BE32B6ADC185509C1AED17741590 SIZE=28672
%PROGRAMFILES%\Anti Trojan Elite\unrar.dll MD5=E63D2649DCE54CC0BCBC8110FDF775B5 SIZE=157696
%PROGRAMFILES%\Anti Trojan Elite\SysLoader.dll MD5=4DE45D4900F567788DBF184A66FF8D26 SIZE=28672
%PROGRAMFILES%\PC Tools AntiVirus\xerdom.dll MD5=52D92DC73C8272C9DC8498C599143DC1 SIZE=321432
%PROGRAMFILES%\PC Tools AntiVirus\Xerces.dll [Apache Software Foundation] [Xerces-C Version 2.7.0] MD5=1D5FDBCDC25F2D3287DEBDBDCDF1B2C6 SIZE=1812376
%PROGRAMFILES%\PC Tools AntiVirus\Language\Language.dll [Language Dynamic Link Library] MD5=AB50A152C3498A3086EAA109BAF1A6E2 SIZE=3098512
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe [Roxio, Inc.] [AudioCentral Media Manager] MD5=630A418167431771CDFD4AD8D5AC1BDF SIZE=114688
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple, Inc.] [Apple Mobile Device Service] MD5=1961CB10BB48EB4D97E37DB6373E9E63 SIZE=110592
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrn.exe [ESET] [ESET Smart Security] MD5=C19C068C388A10972111BD92761A4C22 SIZE=468224
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnScan.dll [ESET] [ESET Smart Security] MD5=86B7D3062DA58DAB15AE6E46377ACAC5 SIZE=156928
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnAmon.dll [ESET] [ESET Smart Security] MD5=CAD1E03F735C7E1984DDA820CBF16A77 SIZE=136448
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnEmon.dll [ESET] [ESET Smart Security] MD5=CF3AD0655216B32DD4407C5DD57B581C SIZE=103680
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll [ESET] [ESET Smart Security] MD5=39BC13CEB235B5D1CFAD1FC9B53A9CB4 SIZE=259328
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll [ESET] [ESET Smart Security] MD5=6CD143B6939588AB3145AE3B2BDF24C7 SIZE=132352
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\updater.dll [ESET] [ESET Smart Security] MD5=1E9C75CAC06B841909762ABD7D9D5A76 SIZE=173312
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll [ESET] [ESET Smart Security] MD5=DD2E9E122EF80B312C2BDF0984F92E75 SIZE=103680
%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 158.27] MD5=DF6FD57D6807AE459B3463FBFDA02D49 SIZE=163908
%PROGRAMFILES%\PC Tools AntiVirus\PCTAVSvc.exe [PC Tools Research Pty Ltd] [PC Tools AntiVirus Engine] MD5=AD57035F23B62735361CD3CE16B5387D SIZE=995520
%PROGRAMFILES%\PC Tools AntiVirus\PCTCFilter.dll [PCTOOLS AV Content Filter Wrapper DLL] MD5=33FC3D13F13B7537E1639095F25089AF SIZE=83864
%PROGRAMFILES%\PC Tools AntiVirus\engine.dll [PC Tools Research Pty Ltd] [PC Tools Engine DLL for Windows NT/2000/XP] MD5=4701AD16BB6D611FD921DFE5B951BC2D SIZE=956312
%PROGRAMFILES%\PC Tools AntiVirus\refdb.dll MD5=21BAE2C469EC1BF208CAE0B288AB381F SIZE=92056
%PROGRAMFILES%\PC Tools AntiVirus\PCTWSC.dll [PC Tools] [PCTWSC Dynamic Link Library] MD5=A58EDA9494A7EF54F3B9628BA9087CC0 SIZE=182160
%SYSDIR%\PnkBstrA.exe MD5=831883B107684301F48ACE752C963984 SIZE=66872
%SYSDIR%\PnkBstrB.exe MD5=530A1B78873D391E2983EBF30C171D68 SIZE=201872
%SYSDIR%\CNCC3200.DLL [CANON INC.] [WIA Scanner Driver] MD5=31AAB012D7AAECEE986551701EFDA3FC SIZE=196608
%SYSDIR%\CNCL3200.DLL [CANON INC.] [ScanGear MF] MD5=B9980ECB331B928664A794F03CE03A55 SIZE=69632
%SYSDIR%\CNCLSI21.DLL [Canon Inc.] [Canon MF] MD5=E9C1EB1EB65E2DB94A1E41970E799C3F SIZE=110592
%SYSDIR%\CNCLSU21.DLL [Canon Inc.] [Canon MF] MD5=789011E318FDAF9F8FD4EA5CCE07CCA2 SIZE=98304
%SYSDIR%\CNCLSD21.DLL [Canon Inc.] [Canon MF] MD5=9FAFA40D39545F0F00130450DE7DC4F0 SIZE=131072
%SYSDIR%\CNCLSC21.DLL [Canon Inc.] [Canon MF] MD5=A78985FA92E6330259F995ED78D706FA SIZE=77824
%SYSDIR%\CNCLST21.DLL [Canon Inc.] [Canon MF] MD5=CA3095A31CE7034A38118AD09655F166 SIZE=110592
%PROGRAMFILES%\Skype\Plugin Manager\ezPMUtils.dll [EasyBits Media AS] MD5=35876F2E9AB7981F1C6E45AF67BFC371 SIZE=3279816
%PROGRAMFILES%\Spyware Destroyer\SpywareDestroyer.exe
deskpan.dll
%PROGRAMFILES%\WinRAR\rarext.dll MD5=023707D932BA31314210E6844D33D500 SIZE=129024
%PROGRAMFILES%\Softwin\BitDefender Professional Edition\bdshelxt.dll
%PROGRAMFILES%\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll [Roxio] [Drag-to-Disc] MD5=32761913F7A9D9A770B04BE1B2F41FDA SIZE=262144
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll [Roxio, Inc.] [AudioCentral Media Manager] MD5=A3A0D5784AF705158A5592AE99C63FC4 SIZE=962560
%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET] [ESET Smart Security] MD5=2DF2EDEBC4FBA180E831B9E16F7AC221 SIZE=169216
%PROGRAMFILES%\Anti Trojan Elite\ATEPMon.sys MD5=8D798D918A1AAE3257C84D96BE65DE57 SIZE=5969
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\drivers\AVFilter.sys [PC Tools Research Pty Ltd] [AVFilter Device Driver] MD5=1E238735F42CFA3429BEE1E7C52D360F SIZE=21904
%SYSDIR%\drivers\AVHook.sys [PC Tools Research Pty Ltd.] [PC Tools AntiVirus] MD5=C7D6AEAE29826584CC24A10ADAFF86FC SIZE=28568
%SYSDIR%\drivers\AVRec.sys [PC Tools Research Pty Ltd] [PC Tools AntiVirus] MD5=D38DD9338AE5038833E1308D84418708 SIZE=21912
%SYSDIR%\DRIVERS\blueletaudio.sys [IVT Corporation.] [Bluelet Audio Driver] MD5=1D866FAF96D7369A1817AB208C04CF55 SIZE=34576
%SYSDIR%\DRIVERS\BlueletSCOAudio.sys [IVT Corporation.] [Bluelet Audio Driver] MD5=8FC27B12A02B43947787F0EF1885DF9B SIZE=27792
%SYSDIR%\Drivers\vbtenum.sys [IVT Corporation.] [Bluetooth HID Enumerator Driver] MD5=CE643D0918123D76A5CAAB008FCA9663 SIZE=20880
%SYSDIR%\Drivers\BTHidMgr.sys [IVT Corporation.] [Bluetooth HID Manager Device Driver] MD5=DFCA4FE4C8AEC786B4D0F432EB730F48 SIZE=35600
%SYSDIR%\DRIVERS\cxbu0wdm.sys [OMNIKEY] [PC/SC IFD handler for CCID compliant CardMan] MD5=B3DB68FC2A9BEB5F36403ABC35D5ABDC SIZE=84608
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\Drivers\dtscsi.sys SIZE=223128
%SYSDIR%\DRIVERS\eamon.sys [ESET] [ESET Smart Security] MD5=6489B01AC51C921632556CD507E63F70 SIZE=39944
%SYSDIR%\DRIVERS\easdrv.sys [ESET] [ESET Smart Security] MD5=4C3B7DE2E4620489DF9015F7EA9E7E5F SIZE=53256
%SYSDIR%\DRIVERS\epfwtdir.sys MD5=1786BFDBF32BFD042E074EA699B8E254 SIZE=34312
%SYSDIR%\drivers\RtkHDAud.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab)] MD5=E37589414437A60797E94C0F57C546DB SIZE=4402176
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\ltmdmnt.sys [LT] [LT V.92 Data+Fax Modem Version 8.28] MD5=9EE18A5A45552673A67532EA37370377 SIZE=606684
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\Rtenicxp.sys [Realtek Semiconductor Corporation] [Realtek 10/100/1000 NIC Family all in one NDIS Driver] MD5=098DE621085D7F922871A99B0EC7DDD6 SIZE=90496
%SYSDIR%\Drivers\sptd.sys SIZE=685816
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\VComm.sys [IVT Corporation.] [Bluetooth Serial Port Driver] MD5=51750B0539986186C6931FC40D171521 SIZE=34448
%SYSDIR%\Drivers\VcommMgr.sys [IVT Corporation.] [Bluetooth VcommMgr Driver] MD5=6D9C891C0A761AFED1F3609C2E56F2B9 SIZE=44304
%COMMONFILES%\Skype\Skype4COM.dll [Skype Technologies] [Skype4COM] MD5=2F7520EFE75CA986F9E41B53162B7144 SIZE=1942864
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ACE.dll [Adobe Systems Incorporated] [ACE] MD5=D61F276BF38D9A79E4D456BB40288DD3 SIZE=846336
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AGM.dll [Adobe Systems Incorporated] [AGM] MD5=0B6A7C548C07EE28AFE05E6ABB96CD2E SIZE=5345280
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeLM_libFNP.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=83B6363E16FB12C73A247CC779E74C04 SIZE=2531328
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeUpdater.dll [Adobe Systems Incorporated] [Adobe Updater Library] MD5=DFF59761DE2D1D00618F7CB0232108CA SIZE=496128
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=AF000DDB9802F88C3E40FA8378B835F7 SIZE=276480
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\FNP_Act_Installer.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=6F2E09108202E5EB008C69488FAFD27C SIZE=934400
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\MPS.dll [Adobe Systems Incorporated] [MPS] MD5=63FFF89A754FC2B2D9DC37320B04547B SIZE=3798016
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\OperaMgr.dll [Adobe Systems Incorporated] [Adobe Opera Manager] MD5=9F721E5F4AC8EE6DF92060902EE0F587 SIZE=73728
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Photodownloader.exe [Adobe Systems Incorporated] [Adobe Photo Downloader] MD5=FD9E1498650668A1808B8010156E344A SIZE=4937640
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\ASEFormat.8bi MD5=B13A5EBEEDF948B99F4817A7E4750579 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\MMXCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=202368DD475ACA1334C2D4E08715FD2A SIZE=245760
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\adobe_personalization.dll [Adobe Systems Incorporated] [Adobe EPIC Personalization] MD5=690C167A2CFCC36372706572932AA2F3 SIZE=346624
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagli18n28.dll [IBM Corporation and others] [International Components for Unicode] MD5=E110D3350932FD8F193AB3D8A75F51D4 SIZE=671744
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagluc28.dll [IBM Corporation and others] [International Components for Unicode] MD5=B9460E79EC16BE1416869EB13CE68D2C SIZE=589824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmmd.dll [Intel Corporation] [Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler] MD5=A8E9F6ED6912CE1B03A172DB99CC1823 SIZE=2797660
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmysqld.dll MD5=6A9DC6FB11A6BF111171AF8FADDC2809 SIZE=2748416
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ols.dll [Adobe Systems Incorporated] [Adobe Online Services] MD5=EC903FC197E43A61EC1B7B3B3C025584 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\pspluginsupport.dll [Adobe Systems Incorporated] [Adobe Photo Downloader 4.0 component] MD5=13C04334BB067006B72A0548795AEE72 SIZE=118784
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\zlib.dll [ZLib.DLL] MD5=038F501695724FF0A44A0129DE8279DE SIZE=618496
%PROGRAMFILES%\Adobe\Adobe Device Central CS3\SCL.dll [Adobe Systems Incorporated] [Adobe SCL] MD5=B0B5EE7E84A3558E56126B63483A56CF SIZE=1410048
%PROGRAMFILES%\Adobe\Adobe Stock Photos CS3\adobe_caps.dll [Adobe Systems Incorporated] [Adobe CAPS] MD5=C4A9FBE8B7D32E29880AE41738166C4B SIZE=220856
%COMMONFILES%\Adobe\Adobe Asset Services CS3\ARE.dll [Adobe Systems Incorporated] [ARE] MD5=8B507D67731B1C6244BD61E0E92621CD SIZE=319160
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AXE8SharedExpat.dll [Adobe Systems Incorporated] [AXE8SharedExpat] MD5=EF6873EF162288CD053C31EFAAF366AD SIZE=167936
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AdobeXMPFiles.dll [Adobe XMP Files] MD5=FD170B371BAD0B3B99FA5B318BE0B599 SIZE=339968
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=A864913759544CB26093B792206C0894 SIZE=282816
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIBUtils.dll [Adobe Systems Incorporated] [BIBUtils] MD5=2BD9F80EF217317935D9513320CF9CA6 SIZE=249552
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\FastCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=CB1EB482759B2C16A9112ABC1789BD01 SIZE=32768
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\PCX.8BI [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=65CFE9BE2452FC842B8EF107107972FC SIZE=22528
%COMMONFILES%\Adobe\Linguistics\Providers\Plugins\WRLiloPlugin1.0\NFTWin_MacEnc.dll [Winsoft SA - NeuroSoft SA] [NFTWin_MacEnc.dll Dynamic Link Library] MD5=167FC2C88CB8366C2189E82A70281162 SIZE=221184
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.ar_AE [Adobe Systems Incorporated] [Adobe Updater] MD5=37C241539946B96B1C3C83AE06F43079 SIZE=60608
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.bg_BG [Adobe Systems Incorporated] [Adobe Updater] MD5=9E888FA177852B86278AAC34B8D0FDDF SIZE=64704
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.et_EE [Adobe Systems Incorporated] [Adobe Updater] MD5=8973BF847409AE84191BBE8A24A4B167 SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.lt_LT [Adobe Systems Incorporated] [Adobe Updater] MD5=310EAE4D478D85DD6FBE0F05F42F2B2B SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.uk_UA [Adobe Systems Incorporated] [Adobe Updater] MD5=7766741BF52B87D901453EC62AE9EFCF SIZE=63680
%SYSDIR%\pxcpyi64.exe [Sonic Solutions] MD5=D08C30A3447B43DD3256F492C3F5F9EB SIZE=120056
%SYSDIR%\vxblock.dll [Sonic Solutions] MD5=830696C53228941926DE30B977869A53 SIZE=88824
%PROGRAMFILES%\Java\jre1.6.0_07\bin\JdbcOdbc.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=F708430AE09C4102933E24CD6D12780D SIZE=36352
%PROGRAMFILES%\Java\jre1.6.0_07\bin\dcpr.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=D6E7FFCD38ECDFE4BD8DCE29D8D1A654 SIZE=143360
%PROGRAMFILES%\Java\jre1.6.0_07\bin\ioser12.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=5CF15BC4493299F6645DB27B51278D2A SIZE=12800
%PROGRAMFILES%\Java\jre1.6.0_07\bin\javacpl.cpl [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=370716E3CA99E6A4346F272DA56017C1 SIZE=73728
%PROGRAMFILES%\Java\jre1.6.0_07\bin\policytool.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=1C0C6888952D9EC22A7B5C6FAD0E8160 SIZE=25600
%COMMONFILES%\Microsoft Shared\Smart Tag\FPERSON.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=B88AECBFC7434B37D6921199D9C47947 SIZE=179768
%SYSDIR%\SCP32.DLL [Microsoft Corporation] [Microsoft Visual Basic for Applications] MD5=781BB5095E39817469AB034138C07EBE SIZE=15872
%COMMONFILES%\Microsoft Shared\OFFICE11\1033\MSOINTL.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=C1AA3D8D5E20D231FDD502889FC20793 SIZE=1748536

End of Report


probao sam da preuzmem Hijack,ali kad sam kliknuo OVDE izbacuje me..isto mi ne da da se konektujem na bilo koji anti-virus sajt,niti da updejtujem postojece programe

Dopuna: 04 Dec 2008 22:19

sry..razorilo me ovo sa virusom pa zaboravih da kazem UNAPRED ZAHVALAN Smile

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Privremeno isključi zaštitni softver.


Skini ComboFix sa sledeceg linka na Desktop:

http://amf.mycity.rs/programs/mirrored/C-F.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Chao 
  • Novi MyCity građanin
  • Pridružio: 04 Dec 2008
  • Poruke: 4

cini mi se da je sad sve ok..
kao sto rekoh UNAPRED a i NAKNADNO(da ne kazem unazad)veoma ZAHVALAN
ComboFix 08-12-04.04 - Boban 2008-12-05 12:05:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1680 [GMT 1:00]
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\recover.reg
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\MSVolume.dll
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-04 14:08 . 2008-12-04 23:35 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-04 14:08 . 2008-12-04 14:08 <DIR> d-------- c:\program files\Crawler
2008-12-04 14:08 . 2008-12-04 23:33 <DIR> d-------- c:\documents and settings\Boban\Application Data\Spyware Terminator
2008-12-04 14:08 . 2008-12-04 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-04 14:08 . 2008-12-04 14:08 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-04 13:47 . 2008-12-04 13:55 <DIR> d-------- c:\program files\Download Direct
2008-12-04 13:47 . 2008-12-04 13:47 3,257,700 --a------ c:\documents and settings\Boban\Application Data\dldsetup.exe
2008-12-04 09:44 . 2008-12-04 09:44 <DIR> d-------- c:\documents and settings\Boban\Application Data\PC Tools
2008-12-04 09:44 . 2008-12-05 12:00 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 09:43 . 2008-12-05 12:04 <DIR> d-------- c:\program files\PC Tools AntiVirus
2008-12-04 09:43 . 2008-12-04 09:43 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-04 09:43 . 2008-12-04 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-12-04 09:43 . 2007-12-06 16:51 28,568 --a------ c:\windows\system32\drivers\AVHook.sys
2008-12-04 09:43 . 2007-12-06 16:51 21,912 --a------ c:\windows\system32\drivers\AVRec.sys
2008-12-04 09:43 . 2008-02-12 11:44 21,904 --a------ c:\windows\system32\drivers\AVFilter.sys
2008-12-03 16:09 . 2008-12-03 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-03 15:52 . 2008-12-04 19:31 <DIR> d-------- c:\program files\Spyware Destroyer
2008-12-03 15:03 . 2008-12-03 15:03 59 --a------ c:\windows\LAHBWN32.INI
2008-12-03 15:02 . 2008-12-03 15:14 <DIR> d-------- c:\program files\Hacker Eliminator
2008-12-03 15:02 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe
2008-12-03 14:32 . 2008-12-03 14:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-03 14:31 . 2008-12-03 14:31 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-12-03 14:31 . 2008-12-03 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-03 14:31 . 2008-12-03 16:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-12-03 13:14 . 2008-12-03 13:14 <DIR> d-------- c:\program files\ESET
2008-12-03 13:14 . 2008-12-03 13:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-26 10:56 . 2008-11-26 10:56 <DIR> d-------- c:\windows\Logs
2008-11-26 10:56 . 2008-11-26 10:56 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-11-26 09:59 . 2008-11-26 09:59 <DIR> d-------- c:\documents and settings\Boban\Application Data\Leadertech
2008-11-19 22:00 . 2008-11-19 22:00 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-19 21:59 . 2008-11-19 21:59 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 10:53 --------- d-----w c:\documents and settings\Boban\Application Data\skypePM
2008-12-04 21:56 138,896 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-04 21:55 201,872 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-03 18:00 --------- d-----w c:\documents and settings\Boban\Application Data\uTorrent
2008-12-03 15:57 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-03 11:58 --------- d-----w c:\program files\Common Files\Real
2008-12-03 11:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-03 11:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 14:11 --------- d-----w c:\documents and settings\Boban\Application Data\Skype
2008-11-27 12:10 960 --sha-w C:\vlojovma.sys
2008-11-26 09:56 22,328 ----a-w c:\documents and settings\Boban\Application Data\PnkBstrK.sys
2008-11-26 09:49 --------- d-----w c:\program files\Activision
2008-11-04 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-04 17:14 --------- d-----w c:\program files\IVT Corporation
2008-10-22 13:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-22 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2008-10-22 13:25 --------- d-----w c:\program files\KONAMI
2008-10-22 13:20 223,128 ----a-w c:\windows\system32\drivers\dtscsi.sys
2008-10-22 13:20 --------- d-----w c:\program files\DAEMON Tools
2008-10-22 13:00 --------- d-----w c:\documents and settings\Boban\Application Data\Roxio
2008-10-22 11:51 --------- d-----w c:\documents and settings\Boban\Application Data\FarStone
2008-10-22 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\farstone
2008-10-22 09:37 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-15 09:55 --------- d-----w c:\program files\Mv2Player
2008-10-15 09:48 --------- d-----w c:\program files\AC3Filter
2008-01-11 16:54 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Google Update"="c:\documents and settings\Boban\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-09-25 1370000]
"nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
"CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 c:\windows\system32\SafeSignCertReg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\freecell.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Boban\\Desktop\\utorrent-1.8-beta-10364.upx.exe"=
"d:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Documents and Settings\\Boban\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Boban\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-06-10 468224]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender Professional Edition\filespy.sys []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 PAC207;Eye 110;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbd916c-d804-11dc-b3e6-001a4d9ed078}]
\Shell\auto\command - F:\Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - F:\Knight.exe open
\Shell\find\command - F:\Knight.exe open
\Shell\install\command - F:\Knight.exe open
\Shell\open\command - F:\Knight.exe open

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-12-04 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Boban\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 14:21]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FireFox -: Profile - c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\4oznkq3b.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - c:\documents and settings\Boban\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\Boban\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-05 12:07:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmqlt.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\aetcsss1.dll
c:\windows\system32\aetdlss1.dll
c:\windows\system32\aetpkss1.dll
c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'lsass.exe'(912)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'csrss.exe'(832)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
.
Completion time: 2008-12-05 12:07:49
ComboFix-quarantined-files.txt 2008-12-05 11:07:47

Pre-Run: 42,059,579,392 bytes free
Post-Run: 44,474,191,872 bytes free

213

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Imaš dva antivirus programa - to nikako nije preporučljivo. Razmisli o tome...




Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\vlojovma.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbd916c-d804-11dc-b3e6-001a4d9ed078}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Chao 
  • Novi MyCity građanin
  • Pridružio: 04 Dec 2008
  • Poruke: 4

ComboFix 08-12-05.02 - Boban 2008-12-06 1:02:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1520 [GMT 1:00]
Running from: c:\documents and settings\Boban\Desktop\C-F.exe
Command switches used :: c:\documents and settings\Boban\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\vlojovma.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\vlojovma.sys

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-04 14:08 . 2008-12-05 12:11 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-04 14:08 . 2008-12-04 14:08 <DIR> d-------- c:\program files\Crawler
2008-12-04 14:08 . 2008-12-05 12:11 <DIR> d-------- c:\documents and settings\Boban\Application Data\Spyware Terminator
2008-12-04 14:08 . 2008-12-05 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-04 14:08 . 2008-12-04 14:08 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-04 13:47 . 2008-12-04 13:55 <DIR> d-------- c:\program files\Download Direct
2008-12-04 13:47 . 2008-12-04 13:47 3,257,700 --a------ c:\documents and settings\Boban\Application Data\dldsetup.exe
2008-12-04 09:44 . 2008-12-05 12:00 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 09:43 . 2008-12-04 09:43 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-03 16:09 . 2008-12-03 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-03 15:52 . 2008-12-04 19:31 <DIR> d-------- c:\program files\Spyware Destroyer
2008-12-03 15:03 . 2008-12-03 15:03 59 --a------ c:\windows\LAHBWN32.INI
2008-12-03 15:02 . 2008-12-03 15:14 <DIR> d-------- c:\program files\Hacker Eliminator
2008-12-03 15:02 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe
2008-12-03 14:32 . 2008-12-03 14:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-03 14:31 . 2008-12-03 14:31 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-12-03 14:31 . 2008-12-03 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-03 14:31 . 2008-12-03 16:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-12-03 13:14 . 2008-12-03 13:14 <DIR> d-------- c:\program files\ESET
2008-12-03 13:14 . 2008-12-03 13:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-26 10:56 . 2008-11-26 10:56 <DIR> d-------- c:\windows\Logs
2008-11-26 10:56 . 2008-11-26 10:56 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-11-26 09:59 . 2008-11-26 09:59 <DIR> d-------- c:\documents and settings\Boban\Application Data\Leadertech
2008-11-19 22:00 . 2008-11-19 22:00 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-19 21:59 . 2008-11-19 21:59 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 23:17 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-05 23:03 --------- d-----w c:\documents and settings\Boban\Application Data\skypePM
2008-12-05 13:03 138,896 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-05 13:02 201,872 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-03 18:00 --------- d-----w c:\documents and settings\Boban\Application Data\uTorrent
2008-12-03 11:58 --------- d-----w c:\program files\Common Files\Real
2008-12-03 11:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-03 11:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 14:11 --------- d-----w c:\documents and settings\Boban\Application Data\Skype
2008-11-26 09:56 22,328 ----a-w c:\documents and settings\Boban\Application Data\PnkBstrK.sys
2008-11-26 09:49 --------- d-----w c:\program files\Activision
2008-11-04 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-04 17:14 --------- d-----w c:\program files\IVT Corporation
2008-10-22 13:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-22 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2008-10-22 13:25 --------- d-----w c:\program files\KONAMI
2008-10-22 13:20 223,128 ----a-w c:\windows\system32\drivers\dtscsi.sys
2008-10-22 13:20 --------- d-----w c:\program files\DAEMON Tools
2008-10-22 13:00 --------- d-----w c:\documents and settings\Boban\Application Data\Roxio
2008-10-22 11:51 --------- d-----w c:\documents and settings\Boban\Application Data\FarStone
2008-10-22 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\farstone
2008-10-22 09:37 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-15 09:55 --------- d-----w c:\program files\Mv2Player
2008-10-15 09:48 --------- d-----w c:\program files\AC3Filter
2008-01-11 16:54 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Google Update"="c:\documents and settings\Boban\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
"CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 c:\windows\system32\SafeSignCertReg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\freecell.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Boban\\Desktop\\utorrent-1.8-beta-10364.upx.exe"=
"d:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Documents and Settings\\Boban\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Boban\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-06-10 468224]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender Professional Edition\filespy.sys []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 PAC207;Eye 110;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-12-05 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Boban\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 14:21]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FireFox -: Profile - c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\4oznkq3b.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - c:\documents and settings\Boban\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\Boban\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-06 01:03:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\aetcsss1.dll
c:\windows\system32\aetdlss1.dll
c:\windows\system32\aetpkss1.dll
c:\windows\system32\COMRes.dll
.
Completion time: 2008-12-06 1:04:06
ComboFix-quarantined-files.txt 2008-12-06 00:03:52
ComboFix2.txt 2008-12-05 18:57:18
ComboFix3.txt 2008-12-05 11:07:50

Pre-Run: 47.511.552.000 bytes free
Post-Run: 47,499,378,688 bytes free

176

evo,uradio sam kao sto si rekao
sto se tice 2 anti-virusa to je zato sto sam pokusavao da obrisem one viruse sa svim i svacim..inace sam koristio bitdefender professional edition([mod edit: uklonjena informacija koja je bila potpuno nepotrebna moderatoru foruma na kome je strogo zabranjena piraterija.])ali je poludeo usled napada virusa..btw imas li predlog sta u buducnosti da koristim..koja su ti iskustva itd
i naravno VELIKO HVALA za trud..pozz

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo izgleda ok.
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


-------------------------------------------------------------------------------------


Što se tiče preporuke za softver... Većina AV programa će sasvim solidno da odradi posao.

Naravno, savršena zaštita ne postoji. Bilo ko da krene da te ubeđuje da je ovo ili ono savršeno i da pruža 100% zaštitu, taj ili ne zna ili laže.

offline
  • Chao 
  • Novi MyCity građanin
  • Pridružio: 04 Dec 2008
  • Poruke: 4

ok..hvala puno jos jednom i pozz

Ko je trenutno na forumu
 

Ukupno su 802 korisnika na forumu :: 42 registrovanih, 6 sakrivenih i 754 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Rade, A.R.Chafee.Jr., Apok, aramis s, banebeograd, Battlehammer, chichabg, Dannyboy, dragan_mig31, draganl, Frunze, Istman, MarKhan, Marko Marković, MB120mm, mean_machine, mercedesamg, Milan A. Nikolic, Mimikrija, miodrag, MiroslavD, nenooo, niksa517, pceklic, procesor, promajauglavi, raptorsi, ras007, Regrut Boskica, Sale.S, Srle993, Steeeefan, stegonosa, stokssone, torlak 1, Van, Vlad000, voja64, vsn111, zastavnik, zixmix