MyCity » Ambulanta -> Arhiva Ambulante » Neki nepoznati procesi u Task Manager-u

Neki nepoznati procesi u Task Manager-u

Napisano na dan: 16.2.2010

Neki nepoznati procesi u Task Manager-u
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Feb 2010 14:44
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Nesto mi je cudno u poslednje vreme. KIS 7 malo malo pa mi prijavi blocked: phishing address [Link mogu videti samo ulogovani korisnici]*.guruman.cn/* URL: [Link mogu videti samo ulogovani korisnici] a pojavio mi se u task manageru ovaj proces kog ranije nisam sretao "setuper.exe"


DDS (Ver_09-12-01.01) - NTFSx86
Run by Sasa at 14:20:12,43 on uto 16.02.2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.17 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mv2Player\Mv2PlayerPlus.exe
C:\DOCUME~1\Sasa\LOCALS~1\Temp\setuper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Sasa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: klogon - c:\windows\system32\klogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sasa\applic~1\mozilla\firefox\profiles\2cv8dcm6.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\sasa\application data\mozilla\firefox\profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\sasa\application data\mozilla\firefox\profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-02-15 13:54:53 1047552 ----a-w- c:\windows\system\mfc71u.dll
2010-02-15 13:23:21 0 d-----w- c:\docume~1\sasa\applic~1\URSoft
2010-02-15 13:22:56 0 d-----w- c:\program files\Your Uninstaller 2006
2010-02-15 13:14:53 195 ----a-w- C:\dolphin_log.html
2010-02-15 13:14:04 161631 ----a-w- c:\windows\Animated Wallpaper Maker Uninstaller.exe
2010-02-15 13:13:51 0 d-----w- c:\program files\common files\Thraex Software
2010-02-15 08:38:43 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-15 08:38:39 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-15 08:38:32 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-15 08:38:32 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-14 00:03:05 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-02-14 00:03:04 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-02-14 00:01:04 0 d-----w- c:\program files\common files\Nitro PDF
2010-02-13 23:58:30 0 d-----w- c:\program files\Nitro PDF
2010-02-13 23:44:44 0 d-----w- c:\docume~1\sasa\applic~1\Downloaded Installations
2010-02-12 11:48:39 0 d-----w- c:\program files\BlazeVideo
2010-02-11 21:00:43 0 d-----w- c:\program files\History Sweeper
2010-02-11 17:51:04 0 d-----w- c:\program files\Sygate
2010-02-11 17:51:04 0 d-----w- c:\program files\QuickTime Alternative
2010-02-10 14:02:50 0 d-----w- c:\temp\installtemped
2010-02-10 14:02:50 0 d-----w- C:\Temp
2010-02-09 19:56:02 0 d-----w- c:\docume~1\sasa\applic~1\QuickScan
2010-02-09 12:31:44 0 d-----w- c:\program files\common files\Vbox
2010-02-09 12:31:10 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-02-09 11:15:37 73728 ----a-w- c:\windows\system\vdremote.dll
2010-02-09 11:15:37 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-02-08 22:07:15 0 d-----w- c:\program files\FreshDevices
2010-02-08 21:56:45 0 d-----w- c:\docume~1\sasa\applic~1\FreshDiagnose
2010-02-08 17:04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-08 15:44:59 0 d-----w- c:\windows\XSxS
2010-02-08 15:44:59 0 d-----w- c:\program files\Xenocode
2010-02-07 12:21:30 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-02-07 12:21:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-07 12:21:24 0 d-----w- c:\program files\ffdshow
2010-02-07 12:13:45 0 d-----w- c:\program files\Mv2Player
2010-02-07 11:41:55 0 d-----w- c:\docume~1\sasa\applic~1\Thinstall
2010-02-07 09:00:31 0 d-----w- c:\program files\CCleaner
2010-02-07 08:47:24 671744 ----a-r- c:\windows\system32\DolbyHph.dll
2010-02-07 08:47:24 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-07 08:47:23 24576 ----a-r- c:\windows\system32\msxml3a.dll
2010-02-06 20:33:59 258048 ----a-r- c:\windows\system32\nvwrsel.dll
2010-02-06 20:27:10 623 ----a-w- c:\windows\unins000.dat
2010-02-06 18:48:58 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caa75d0a3ad88a.mof
2010-02-06 18:46:31 376 ----a-w- c:\windows\ODBC.INI
2010-02-06 18:46:11 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-06 18:41:38 0 d-----w- c:\program files\Microsoft ActiveSync
2010-02-06 18:39:53 0 d-----w- c:\windows\SHELLNEW
2010-02-06 15:15:15 41984 ----a-r- c:\windows\system32\drivers\fetnd5b.sys
2010-02-06 15:00:20 4444 ----a-w- c:\windows\system32\pid.PNF
2010-02-06 14:55:41 0 d-----w- c:\program files\common files\ODBC
2010-02-06 14:55:35 0 d-----w- c:\program files\common files\SpeechEngines
2010-02-06 14:55:00 0 d-----r- c:\documents and settings\all users\Documents
2010-02-06 14:54:43 0 d-----w- c:\program files\common files\xing shared
2010-02-06 14:53:57 0 d-----w- c:\program files\common files\Real
2010-02-06 14:40:25 0 d-----w- c:\program files\VIA Technologies, Inc
2010-02-06 14:27:26 0 d-----w- c:\program files\Realtek Sound Manager
2010-02-06 14:27:24 0 d-----w- c:\program files\AvRack
2010-02-06 14:17:56 0 d-----w- c:\program files\Kaspersky Lab
2010-02-06 14:17:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-02-06 14:09:59 0 d-----w- c:\program files\msn gaming zone
2010-02-06 14:07:41 0 d-sh--w- c:\documents and settings\all users\DRM
2010-02-06 14:07:13 0 d--h--w- c:\program files\WindowsUpdate
2010-02-06 14:07:06 0 d-----w- c:\program files\Online Services
2010-02-06 14:06:25 0 d-----w- c:\program files\common files\MSSoap
2010-02-06 14:03:48 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-02-16 13:16:17 5105440 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-16 13:07:12 132128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-16 00:12:22 84440 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-16 00:12:22 17276 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-15 16:23:35 1248 --sha-w- C:\hvnjovma.sys
2010-02-06 15:13:52 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-06 15:13:52 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-06 14:54:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-06 14:54:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-06 14:04:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-04 18:22:46 6021120 ----a-w- c:\windows\system32\common_res.dll
2010-02-02 11:35:30 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 14:21:50,64 ===============

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]


Nadam se da sam ispostovao proceduru.



Poslao: 16 Feb 2010 15:08
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Poslao: 16 Feb 2010 21:02
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Napisano: 16 Feb 2010 15:14

Nesto nece

[Link mogu videti samo ulogovani korisnici]

404 - Not Found

Dopuna: 16 Feb 2010 21:02

Evo tek sad sam uspeo da skinem combo i da iskeniram komp.

Evo rezultata

ComboFix 10-02-12.01 - Sasa 16.02.2010 20:48:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.139 [GMT 1:00]
Running from: c:\documents and settings\Sasa\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Sasa\LOCALS~1\Temp\svhost.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-15 13:55 . 2010-02-15 13:55 -------- d-----w- c:\documents and settings\b
2010-02-15 13:54 . 2003-03-18 20:12 1047552 ----a-w- c:\windows\system\mfc71u.dll
2010-02-15 13:23 . 2010-02-15 13:23 -------- d-----w- c:\documents and settings\Sasa\Application Data\URSoft
2010-02-15 13:23 . 2010-02-15 13:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-15 13:22 . 2010-02-15 13:25 -------- d-----w- c:\program files\Your Uninstaller 2006
2010-02-15 13:14 . 2010-02-15 13:14 161631 ----a-w- c:\windows\Animated Wallpaper Maker Uninstaller.exe
2010-02-15 13:13 . 2010-02-15 13:13 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-02-15 08:38 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-15 08:38 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-15 08:38 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-15 08:38 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-14 00:06 . 2010-02-14 00:11 -------- d-----w- c:\documents and settings\Sasa\Application Data\Nitro PDF
2010-02-14 00:03 . 2010-02-02 11:33 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-02-14 00:03 . 2010-02-02 11:33 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-02-13 23:58 . 2010-02-13 23:58 -------- d-----w- c:\program files\Nitro PDF
2010-02-13 23:44 . 2010-02-13 23:44 -------- d-----w- c:\documents and settings\Sasa\Application Data\Downloaded Installations
2010-02-12 11:48 . 2010-02-12 11:48 -------- d-----w- c:\program files\BlazeVideo
2010-02-11 21:00 . 2010-02-11 21:00 -------- d-----w- c:\program files\History Sweeper
2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\Sygate
2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-10 14:02 . 2010-02-10 14:04 -------- d-----w- c:\temp\installtemped
2010-02-10 14:02 . 2010-02-10 14:02 -------- d-----w- C:\Temp
2010-02-09 19:56 . 2010-02-09 20:00 -------- d-----w- c:\documents and settings\Sasa\Application Data\QuickScan
2010-02-09 19:55 . 2010-01-11 16:32 698184 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-09 19:55 . 2010-01-11 16:33 789320 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-09 12:31 . 2010-02-09 12:31 -------- d-----w- c:\program files\Common Files\Vbox
2010-02-09 12:31 . 2004-06-03 18:25 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-02-09 11:15 . 2009-12-24 18:57 73728 ----a-w- c:\windows\system\vdremote.dll
2010-02-09 11:15 . 2009-12-24 18:56 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-02-08 22:07 . 2010-02-08 22:07 -------- d-----w- c:\program files\FreshDevices
2010-02-08 21:56 . 2010-02-08 21:56 -------- d-----w- c:\documents and settings\Sasa\Application Data\FreshDiagnose
2010-02-08 17:04 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-08 15:44 . 2010-02-08 15:46 -------- d-----w- c:\windows\XSxS
2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\program files\Xenocode
2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Xenocode
2010-02-07 12:21 . 2010-01-28 11:14 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-07 12:21 . 2010-02-07 12:21 -------- d-----w- c:\program files\ffdshow
2010-02-07 12:13 . 2010-02-07 12:26 -------- d-----w- c:\program files\Mv2Player
2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Thinstall
2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Application Data\Thinstall
2010-02-07 09:00 . 2010-02-07 09:00 -------- d-----w- c:\program files\CCleaner
2010-02-07 08:47 . 2010-02-07 08:47 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-07 08:47 . 2003-04-30 12:25 671744 ----a-r- c:\windows\system32\DolbyHph.dll
2010-02-07 08:47 . 2003-04-30 12:24 24576 ----a-r- c:\windows\system32\msxml3a.dll
2010-02-06 23:30 . 2010-02-06 23:30 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\WMTools Downloaded Files
2010-02-06 21:03 . 2010-02-06 21:04 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Adobe
2010-02-06 21:00 . 2010-02-09 12:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 20:36 . 2010-02-06 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-02-06 20:33 . 2003-09-24 11:32 258048 ----a-r- c:\windows\system32\nvwrsel.dll
2010-02-06 20:27 . 2010-02-06 20:27 623 ----a-w- c:\windows\unins000.dat
2010-02-06 18:46 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-06 18:46 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft.NET
2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-06 18:39 . 2010-02-06 18:41 -------- d-----w- c:\windows\SHELLNEW
2010-02-06 15:15 . 2003-04-24 03:28 41984 ----a-r- c:\windows\system32\drivers\fetnd5b.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 19:56 . 2010-02-06 14:17 5270304 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-16 19:56 . 2010-02-06 14:17 139040 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-16 19:55 . 2010-02-06 14:17 18260 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-16 19:55 . 2010-02-06 14:17 87248 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-16 18:54 . 2010-02-06 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-15 16:23 . 2010-02-06 14:09 1248 --sha-w- C:\hvnjovma.sys
2010-02-10 17:43 . 2010-02-06 14:22 42168 ----a-w- c:\documents and settings\Sasa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-09 12:22 . 2010-02-06 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 12:21 . 2010-02-06 14:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-06 18:48 . 2010-02-06 14:07 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 15:13 . 2010-02-06 14:22 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-06 15:13 . 2010-02-06 14:22 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-06 14:54 . 2010-02-06 14:54 -------- d-----w- c:\program files\Common Files\xing shared
2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Real
2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Common Files\Real
2010-02-06 14:54 . 2010-02-06 14:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-06 14:54 . 2010-02-06 14:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-06 14:40 . 2010-02-06 14:40 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\AvRack
2010-02-06 14:27 . 2010-02-06 14:27 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 14:17 . 2010-02-06 14:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-06 14:09 . 2010-02-06 14:09 -------- d-----w- c:\program files\microsoft frontpage
2010-02-06 14:04 . 2010-02-06 14:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-04 18:22 . 2009-10-03 17:36 6021120 ----a-w- c:\windows\system32\common_res.dll
2010-02-02 11:35 . 2010-02-02 11:35 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-01-05 10:00 . 2008-04-28 10:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2008-04-28 10:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2008-04-28 10:01 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2010-02-06 14:03 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2008-04-13 22:57 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2008-04-14 03:42 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2001-08-23 09:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2008-04-14 03:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-14 03:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 15:51 . 2008-04-14 03:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

------- Sigcheck -------

[-] 2008-04-28 . 2E7EA3E8D40C06F7D558E2485F8BD27E . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-01-05 124928]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-09-24 11:32 49152 ----a-r- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-06-10 11:12 55296 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe]
2006-06-02 22:42 176128 ----a-w- c:\program files\History Sweeper\sweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-06 14:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"nlsX86cc"=2 (0x2)
"NitroDriverReadSpool"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4.4.2007 14:58 24344]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2.2.2010 12:35 188736]
S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2.2.2010 12:35 65856]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Animated Wallpaper - c:\program files\Animated Wallpaper Maker\Wallpaper Manager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-02-16 20:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1028-)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(3300)
c:\windows\system32\WININET.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-16 20:59:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-16 19:59

Pre-Run: 7.838.060.544 bytes free
Post-Run: 7.918.051.328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 75431EF72CC6368402E35D4399C4A6E2

Poslao: 17 Feb 2010 15:12
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\hvnjovma.sys
 
DirLook::
c:\documents and settings\b

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 17 Feb 2010 17:38
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

ComboFix 10-02-16.03 - Sasa 17.02.2010 17:25:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.134 [GMT 1:00]
Running from: c:\documents and settings\Sasa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sasa\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"C:\hvnjovma.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\hvnjovma.sys

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-15 13:55 . 2010-02-15 13:55 -------- d-----w- c:\documents and settings\b
2010-02-15 13:54 . 2003-03-18 20:12 1047552 ----a-w- c:\windows\system\mfc71u.dll
2010-02-15 13:23 . 2010-02-15 13:23 -------- d-----w- c:\documents and settings\Sasa\Application Data\URSoft
2010-02-15 13:23 . 2010-02-17 10:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-15 13:22 . 2010-02-15 13:25 -------- d-----w- c:\program files\Your Uninstaller 2006
2010-02-15 13:14 . 2010-02-15 13:14 161631 ----a-w- c:\windows\Animated Wallpaper Maker Uninstaller.exe
2010-02-15 13:13 . 2010-02-15 13:13 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-02-15 08:38 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-15 08:38 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-15 08:38 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-15 08:38 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-14 00:06 . 2010-02-14 00:11 -------- d-----w- c:\documents and settings\Sasa\Application Data\Nitro PDF
2010-02-14 00:03 . 2010-02-02 11:33 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-02-14 00:03 . 2010-02-02 11:33 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-02-13 23:58 . 2010-02-13 23:58 -------- d-----w- c:\program files\Nitro PDF
2010-02-13 23:44 . 2010-02-13 23:44 -------- d-----w- c:\documents and settings\Sasa\Application Data\Downloaded Installations
2010-02-12 11:48 . 2010-02-12 11:48 -------- d-----w- c:\program files\BlazeVideo
2010-02-11 21:00 . 2010-02-11 21:00 -------- d-----w- c:\program files\History Sweeper
2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\Sygate
2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-10 14:02 . 2010-02-10 14:04 -------- d-----w- c:\temp\installtemped
2010-02-10 14:02 . 2010-02-10 14:02 -------- d-----w- C:\Temp
2010-02-09 19:56 . 2010-02-09 20:00 -------- d-----w- c:\documents and settings\Sasa\Application Data\QuickScan
2010-02-09 19:55 . 2010-01-11 16:32 698184 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-09 19:55 . 2010-01-11 16:33 789320 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-09 12:31 . 2010-02-09 12:31 -------- d-----w- c:\program files\Common Files\Vbox
2010-02-09 12:31 . 2004-06-03 18:25 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-02-09 11:15 . 2009-12-24 18:57 73728 ----a-w- c:\windows\system\vdremote.dll
2010-02-09 11:15 . 2009-12-24 18:56 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-02-08 22:07 . 2010-02-08 22:07 -------- d-----w- c:\program files\FreshDevices
2010-02-08 21:56 . 2010-02-08 21:56 -------- d-----w- c:\documents and settings\Sasa\Application Data\FreshDiagnose
2010-02-08 17:04 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-08 15:44 . 2010-02-08 15:46 -------- d-----w- c:\windows\XSxS
2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\program files\Xenocode
2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Xenocode
2010-02-07 12:21 . 2010-02-07 12:21 -------- d-----w- c:\program files\ffdshow
2010-02-07 12:13 . 2010-02-07 12:26 -------- d-----w- c:\program files\Mv2Player
2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Thinstall
2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Application Data\Thinstall
2010-02-07 09:00 . 2010-02-07 09:00 -------- d-----w- c:\program files\CCleaner
2010-02-07 08:47 . 2010-02-07 08:47 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-07 08:47 . 2003-04-30 12:25 671744 ----a-r- c:\windows\system32\DolbyHph.dll
2010-02-07 08:47 . 2003-04-30 12:24 24576 ----a-r- c:\windows\system32\msxml3a.dll
2010-02-06 23:30 . 2010-02-06 23:30 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\WMTools Downloaded Files
2010-02-06 21:03 . 2010-02-06 21:04 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Adobe
2010-02-06 21:00 . 2010-02-09 12:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 20:36 . 2010-02-06 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-02-06 20:33 . 2003-09-24 11:32 258048 ----a-r- c:\windows\system32\nvwrsel.dll
2010-02-06 20:27 . 2010-02-06 20:27 623 ----a-w- c:\windows\unins000.dat
2010-02-06 18:46 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-06 18:46 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft.NET
2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-06 18:39 . 2010-02-06 18:41 -------- d-----w- c:\windows\SHELLNEW
2010-02-06 15:15 . 2003-04-24 03:28 41984 ----a-r- c:\windows\system32\drivers\fetnd5b.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 16:31 . 2010-02-06 14:17 5435168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-17 16:31 . 2010-02-06 14:17 150560 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-17 07:03 . 2010-02-06 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-17 01:59 . 2010-02-06 14:17 87896 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-17 01:59 . 2010-02-06 14:17 18548 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-10 17:43 . 2010-02-06 14:22 42168 ----a-w- c:\documents and settings\Sasa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-09 12:22 . 2010-02-06 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 12:21 . 2010-02-06 14:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-06 18:48 . 2010-02-06 14:07 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 15:13 . 2010-02-06 14:22 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-06 15:13 . 2010-02-06 14:22 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-06 14:54 . 2010-02-06 14:54 -------- d-----w- c:\program files\Common Files\xing shared
2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Real
2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Common Files\Real
2010-02-06 14:54 . 2010-02-06 14:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-06 14:54 . 2010-02-06 14:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-06 14:40 . 2010-02-06 14:40 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\AvRack
2010-02-06 14:27 . 2010-02-06 14:27 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 14:17 . 2010-02-06 14:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-06 14:09 . 2010-02-06 14:09 -------- d-----w- c:\program files\microsoft frontpage
2010-02-06 14:04 . 2010-02-06 14:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-04 18:22 . 2009-10-03 17:36 6021120 ----a-w- c:\windows\system32\common_res.dll
2010-02-02 11:35 . 2010-02-02 11:35 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-01-05 10:00 . 2008-04-28 10:01 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2008-04-28 10:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2008-04-28 10:01 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2010-02-06 14:03 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2008-04-13 22:57 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2008-04-14 03:42 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2001-08-23 09:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2008-04-14 03:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-14 03:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 15:51 . 2008-04-14 03:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\b ----

2010-02-16 10:52 . 2010-02-16 10:56 5469 ----a-w- c:\documents and settings\b\Application Data\Camera Bits, Inc\Photo Mechanic\PM.log


------- Sigcheck -------

[-] 2008-04-28 . 2E7EA3E8D40C06F7D558E2485F8BD27E . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-23 08:11 . 2009-12-23 08:11 60273 c:\windows\system32\pthreadGC2.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 26624 c:\windows\system32\ff_wmv9.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 38400 c:\windows\system32\ff_unrar.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 79872 c:\windows\system32\ff_tremor.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 97280 c:\windows\system32\ff_realaac.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 40960 c:\windows\system32\ff_liba52.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 7680 c:\windows\system32\ff_vfw.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 662016 c:\windows\system32\xvidcore.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 200704 c:\windows\system32\TomsMoComp_ff.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 823296 c:\windows\system32\ppsynthesis.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 405504 c:\windows\system32\libmplayer.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 114688 c:\windows\system32\libmpeg2_ff.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 511488 c:\windows\system32\ff_x264.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 143360 c:\windows\system32\ff_theora.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 122880 c:\windows\system32\ff_samplerate.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 118784 c:\windows\system32\ff_libmad.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 245760 c:\windows\system32\ff_libfaad2.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 155648 c:\windows\system32\ff_libdts.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 221184 c:\windows\system32\ff_kernelDeint.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 741376 c:\windows\system32\audxlib.dll
+ 2008-03-26 06:16 . 2008-03-26 06:16 1060864 c:\windows\system32\mfc71.dll
+ 2009-12-23 08:11 . 2009-12-23 08:11 3190784 c:\windows\system32\libavcodec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-01-05 124928]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-09-24 11:32 49152 ----a-r- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-06-10 11:12 55296 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe]
2006-06-02 22:42 176128 ----a-w- c:\program files\History Sweeper\sweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-06 14:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"nlsX86cc"=2 (0x2)
"NitroDriverReadSpool"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4.4.2007 14:58 24344]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2.2.2010 12:35 188736]
S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2.2.2010 12:35 65856]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-02-17 17:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1028-)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Completion time: 2010-02-17 17:33:51
ComboFix-quarantined-files.txt 2010-02-17 16:33
ComboFix2.txt 2010-02-16 19:59

Pre-Run: 7.875.366.912 bytes free
Post-Run: 7.843.905.536 bytes free

- - End Of File - - 046438A9B38C2BD26B6B86E073C553CC

Poslao: 17 Feb 2010 17:40
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje?

Poslao: 17 Feb 2010 19:14
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

U Task Manager-u nemam vise setuper.exe a i ne pojavljuje mi se upozorenje blocked: phishing address...

Poslao: 17 Feb 2010 21:57
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok..ovde smo zavrsili..pozzz


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

MyCity » Ambulanta -> Arhiva Ambulante » Neki nepoznati procesi u Task Manager-u

Ko je trenutno na forumu
 

Ukupno su 1622 korisnika na forumu :: 96 registrovanih, 6 sakrivenih i 1520 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 04bokibole, AleksandarV, amaterSRB, Andrija357, Ba4e, bestguarder, Betty25, black sabah, boro975, brkan1, bufanje, Centauro, chitach, Cigi, cinoeye, Citalac, Denaya, doktor097, Dolinc, dragan_mig31, drimer, DrMrPr, Duh sa sekirom, Dzoni Stek, Dzoni2412, EXIT78, filip1326, Frunze, gasha, Gheljda, goran.vvv, h8propaganda, HrcAk47, istokzapad, jalos, JankoS, Jeremiah, jodzula, JOntra, Jozo74, kolle.the.kid, Kruger, Kubovac, kybonacci, Lazur_01, Lino, Lucije Kvint, luka35, Macalone, maksi007, Marko Marković, Marko1238, milenko crazy north, MiroslavD, moldway, N.e.m.a.nj.a., nebidrag, nisamBot, nnovakis, Nobunaga, Nomica, novator, OREMUS, Panter, PlayerOne, precan, Primus17, radionica1, raf87, Ravac, raykan, rodoljub, ruso, Saša1989, scout81, sekretar, Sir Budimir, sixpac, sluga, SOVO515, Stoorb, tenkiasta71, tubular, Tvrtko I, ujke, Underwood, uruk, vargas, vazduh, Vlada1389, witj123, x011, Zoran1959, zoran77, šumar bk2, 79693