MyCity » Ambulanta -> Arhiva Ambulante » Problem Total security

Problem Total security

Napisano na dan: 3.10.2009

Strana:
1
2

Problem Total security

Sledeća strana

Pagination

Odgovori

Strana:
1
2

marko84 Poslao: 03 Okt 2009 23:20 Idi na vrh
offline marko84 Novi MyCity građanin Pridružio: 03 Okt 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Instalirao sam neki program i od tada mi non stom se pojavljuje total security koji skenira i kao pronalazi viruse ali ih ne brise jer trazi licencu,pokusao sam da obrisem program ali mi ne dozvoljava.Kako da ga izbrisem? mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 03 Okt 2009 23:30 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, u uputstvu se trazi i DDS log koji mi nisi ovde postavio. Skeniraj i postavi ga.

Profil

marko84 Poslao: 04 Okt 2009 18:52 Idi na vrh
offline marko84 Novi MyCity građanin Pridružio: 03 Okt 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png DDS (Ver_09-09-29.01) - NTFSx86 Run by Administrator at 21:51:23.60 on Sat 10/03/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.327 [GMT 2:00] AV: Norton Internet Security 2006 On-access scanning enabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Worm Protection disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: Norton Internet Security 2006 enabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\Program Files\Common Files\Symantec Shared\ccProxy.exe D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\WINDOWS\system32\spoolsv.exe svchost.exe D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe D:\WINDOWS\system32\nvsvc32.exe svchost.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\ehome\ehtray.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\RTHDCPL.EXE D:\Program Files\Winamp\winampa.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\878RMT.exe D:\WINDOWS\eHome\ehmsas.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\TS\tsc.exe D:\Program Files\honestech\honestech TVR\scheduleTV.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE D:\Program Files\honestech\honestech TVR\honestechTV.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe D:\Program Files\Messenger\msmsgs.exe D:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.bearshare.com/ uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sp/http://www.yahoo.com uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll BHO: &IE Help: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - d:\windows\system32\iehelpmod.dll BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - d:\program files\bearshare applications\bearshare\BearShareIEHelper.dll BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - d:\program files\common files\symantec shared\adblocking\NISShExt.dll BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - d:\program files\norton internet security\norton antivirus\NavShExt.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - d:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - d:\program files\common files\symantec shared\adblocking\NISShExt.dll TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - d:\program files\norton internet security\norton antivirus\NavShExt.dll uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe uRun: [PopRock] d:\docume~1\admini~1\locals~1\temp\b.exe uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background uRun: [TS] d:\program files\ts\tsc.exe mRun: [ehTray] d:\windows\ehome\ehtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe mRun: [WinampAgent] "d:\program files\winamp\winampa.exe" mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime mRun: [TV Card Remote Control Applet] d:\windows\878RMT.exe mRun: [ccApp] "d:\program files\common files\symantec shared\ccApp.exe" mRun: [Symantec PIF AlertEng] "d:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "d:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\schedu~1.lnk - d:\program files\honestech\honestech tvr\scheduleTV.exe IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10 Notify: Antiwpa - wpa.dll ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\f7paq0sp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 ============= SERVICES / DRIVERS =============== R1 SAVRTPEL;SAVRTPEL;d:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896] R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [2009-7-27 196736] R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [2009-7-27 9216] R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [2009-7-27 8448] R2 ccEvtMgr;Symantec Event Manager;d:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104] R2 ccProxy;Symantec Network Proxy;d:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088] R2 ccSetMgr;Symantec Settings Manager;d:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576] R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 navapsvc;Norton AntiVirus Auto-Protect Service;d:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-7 139888] R2 Symantec Core LC;Symantec Core LC;d:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-9-29 1251720] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-29 102448] R3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20091003.004\NAVENG.Sys [2009-10-3 84912] R3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20091003.004\NavEx15.Sys [2009-10-3 1323568] R3 SAVRT;SAVRT;d:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984] S3 SAVScan;Symantec AVScan;d:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368] =============== Created Last 30 ================ 2009-10-03 16:41 <DIR> --d----- d:\program files\TS 2009-10-03 16:41 <DIR> --d----- d:\program files\common files\TSUninstall 2009-10-03 16:32 344,576 a------- d:\windows\system32\iehelpmod.dll 2009-10-03 14:30 10,635 a------- d:\windows\system32\drivers\SYMEVENT.CAT 2009-10-03 14:30 806 a------- d:\windows\system32\drivers\SYMEVENT.INF 2009-09-30 20:47 <DIR> --d----- d:\windows\system32\wbem\Repository 2009-09-30 20:10 <DIR> --d----- d:\docume~1\admini~1\applic~1\TuneUp Software 2009-09-30 20:10 <DIR> --d----- d:\docume~1\alluse~1\applic~1\TuneUp Software 2009-09-30 20:10 <DIR> --d----- d:\program files\TuneUp Utilities 2009 2009-09-30 20:09 <DIR> --dsh--- d:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-30 18:28 2,189,056 -c------ d:\windows\system32\dllcache\ntoskrnl.exe 2009-09-30 18:28 2,145,280 -c------ d:\windows\system32\dllcache\ntkrnlmp.exe 2009-09-30 18:28 2,023,936 -c------ d:\windows\system32\dllcache\ntkrpamp.exe 2009-09-30 17:43 2,560 -------- d:\windows\system32\xpsp4res.dll 2009-09-30 17:42 272,128 -c------ d:\windows\system32\dllcache\bthport.sys 2009-09-30 17:42 272,128 -------- d:\windows\system32\drivers\bthport.sys 2009-09-30 17:06 455,296 -c------ d:\windows\system32\dllcache\mrxsmb.sys 2009-09-30 00:10 <DIR> --d----- d:\windows\system32\PreInstall 2009-09-30 00:10 <DIR> --d-h--- d:\windows\$hf_mig$ 2009-09-29 23:50 <DIR> --d----- d:\windows\system32\SoftwareDistribution 2009-09-29 23:03 <DIR> -cd----- d:\docume~1\admini~1\applic~1\Symantec 2009-09-29 22:59 10,344 a------- d:\windows\system32\drivers\symlcbrd.sys 2009-09-29 22:59 <DIR> --d----- d:\program files\Norton Internet Security 2009-09-29 22:58 124,464 a------- d:\windows\system32\drivers\SYMEVENT.SYS 2009-09-29 22:58 60,808 a------- d:\windows\system32\S32EVNT1.DLL 2009-09-29 22:58 <DIR> --d----- d:\program files\Symantec 2009-09-29 22:58 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Symantec 2009-09-29 22:58 <DIR> --d----- d:\program files\common files\Symantec Shared 2009-09-29 22:55 4,716 a------- d:\windows\gdrv.sys 2009-09-29 20:08 390 a------- d:\windows\system32\%LocalXml% 2009-09-29 19:38 107,547 a------- d:\windows\system32\drivers\klin.dat 2009-09-29 19:38 95,259 a------- d:\windows\system32\drivers\klick.dat 2009-09-29 19:37 2,996,256 a--sh--- d:\windows\system32\drivers\fidbox.dat 2009-09-29 19:37 196,640 a--sh--- d:\windows\system32\drivers\fidbox2.dat 2009-09-29 19:37 27,632 a--sh--- d:\windows\system32\drivers\fidbox.idx 2009-09-29 19:37 4,896 a--sh--- d:\windows\system32\drivers\fidbox2.idx 2009-09-29 19:37 <DIR> --d----- d:\program files\Kaspersky Lab 2009-09-29 19:37 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-09-21 13:19 <DIR> --d----- D:\tasa 2009-09-10 23:18 286,720 a----r-- d:\windows\878RMT.exe 2009-09-10 23:18 <DIR> --d----- d:\windows\MyInstall 2009-09-10 23:17 299,520 a------- d:\windows\uninst.exe 2009-09-09 14:38 38 a------- d:\windows\avisplitter.INI 2009-09-09 14:32 <DIR> --d-h--- d:\windows\PIF 2009-09-06 21:43 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Anvsoft 2009-09-06 21:43 <DIR> -cd----- d:\docume~1\admini~1\applic~1\Photo DVD Maker 2009-09-06 21:43 <DIR> --d----- d:\program files\Photo DVD Maker Professional ==================== Find3M ==================== 2009-08-05 11:01 204,800 a------- d:\windows\system32\mswebdvd.dll 2009-07-29 17:29 16,365,056 a------- d:\program files\JDownloader_0.6.193.exe 2009-07-29 06:37 119,808 a------- d:\windows\system32\t2embed.dll 2009-07-29 06:37 81,920 a------- d:\windows\system32\fontsub.dll 2009-07-28 18:06 86,811 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat 2009-07-27 17:07 21,640 a------- d:\windows\system32\emptyregdb.dat 2009-07-25 05:23 411,368 a------- d:\windows\system32\deploytk.dll 2009-07-17 21:01 58,880 a------- d:\windows\system32\atl.dll 2009-07-12 12:21 233,472 a------- d:\windows\system32\wmpdxm.dll ============= FINISH: 21:51:42.45 ===============

Profil

helen1 Poslao: 04 Okt 2009 19:01 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

marko84 Poslao: 04 Okt 2009 23:29 Idi na vrh
offline marko84 Novi MyCity građanin Pridružio: 03 Okt 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png ComboFix 09-10-04.01 - Administrator 10/04/2009 19:27.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.484 [GMT 2:00] Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Norton Internet Security 2006 On-access scanning enabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 disabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Worm Protection disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\program files\TS\tsc.exe d:\windows\system32\iehelpmod.dll . ((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 ))))))))))))))))))))))))))))))) . 2009-10-03 14:41 . 2009-10-04 17:30 -------- d-----w- d:\program files\TS 2009-10-03 14:41 . 2009-10-03 14:41 -------- d-----w- d:\program files\Common Files\TSUninstall 2009-09-30 18:47 . 2009-09-30 18:47 -------- d-----w- d:\windows\system32\wbem\Repository 2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software 2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-30 18:10 . 2009-09-30 18:47 -------- d-----w- d:\program files\TuneUp Utilities 2009 2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe 2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe 2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe 2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll 2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys 2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys 2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys 2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$ 2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec 2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory 2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys 2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security 2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL 2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS 2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec 2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec 2009-09-29 20:58 . 2009-10-04 01:01 -------- d-----w- d:\program files\Common Files\Symantec Shared 2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys 2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat 2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat 2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat 2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-29 17:37 . 2009-09-29 17:37 -------- d-----w- d:\program files\Kaspersky Lab 2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft 2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko 2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa 2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe 2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall 2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe 2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe 2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer 2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft 2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Apple 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF 2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT 2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles 2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx 2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx 2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision 2009-08-22 23:29 . 2009-08-22 23:29 -------- d-----w- d:\program files\Activision 2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter 2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter 2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader 2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat 2009-08-05 19:58 . 2009-08-05 19:58 -------- dc----w- d:\documents and settings\Administrator\Application Data\Media Player Classic 2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll 2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe 2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll 2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat 2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat 2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll 2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720] "ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840] "Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616] "RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848] "SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360] d:\documents and settings\All Users\Start Menu\Programs\Startup\ ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"="" "AntiVirusOverride"="" "FirewallOverride"="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736] R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216] R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448] --- Other Services/Drivers In Memory --- NewlyCreated - COMHOST Deregistered - EraserUtilDrvI9 . Contents of the 'Scheduled Tasks' folder 2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job - d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job - d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10 FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll HKCU-Run-TS - d:\program files\TS\tsc.exe AddRemove-BearShare MediaBar - d:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe AddRemove-TS - d:\program files\TS\tsc.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-04 19:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????88????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????A~}(@?"?rU?(@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(760) d:\windows\system32\wpa.dll . Completion time: 2009-10-04 19:31 ComboFix-quarantined-files.txt 2009-10-04 17:31 Pre-Run: 51,522,502,656 bytes free Post-Run: 51,795,587,072 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 196 --- E O F --- 2009-10-01 01:09

Profil

helen1 Poslao: 05 Okt 2009 00:33 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sledeci put mi kopiraj log ovde, nemoj ga kaciti. Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=- "AntiVirusOverride"=- "FirewallOverride"=- Folder:: d:\program files\TS d:\program files\Common Files\TSUninstall` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

marko84 Poslao: 05 Okt 2009 18:01 Idi na vrh
offline marko84 Novi MyCity građanin Pridružio: 03 Okt 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-10-04.01 - Administrator 10/05/2009 17:50.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT 2:00] Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt AV: Norton Internet Security 2006 On-access scanning disabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 disabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Worm Protection disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 ))))))))))))))))))))))))))))))) . 2009-10-05 15:19 . 2009-10-05 15:19 -------- d-----w- d:\windows\system32\wbem\Repository 2009-10-05 15:19 . 2009-10-05 15:19 -------- dc----w- d:\program files\Kaspersky Lab 2009-10-05 15:19 . 2009-10-05 15:19 -------- dc----w- d:\program files\TuneUp Utilities 2009 2009-10-05 15:18 . 2009-10-05 15:18 -------- d-----w- d:\program files\Activision 2009-10-04 17:44 . 2009-10-05 15:19 -------- dc----w- D:\RECYCLER(2) 2009-10-03 14:41 . 2009-10-05 15:36 -------- d-----w- d:\program files\TS 2009-10-03 14:41 . 2009-10-03 14:41 -------- d-----w- d:\program files\Common Files\TSUninstall 2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software 2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe 2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe 2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe 2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll 2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys 2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys 2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys 2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$ 2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec 2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory 2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys 2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security 2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL 2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS 2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec 2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec 2009-09-29 20:58 . 2009-10-05 15:37 -------- d-----w- d:\program files\Common Files\Symantec Shared 2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys 2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat 2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat 2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat 2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft 2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko 2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa 2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe 2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall 2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe 2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe 2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer 2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft 2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF 2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT 2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles 2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx 2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx 2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple 2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision 2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter 2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter 2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader 2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat 2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll 2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe 2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll 2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat 2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat 2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll 2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "TS"="d:\program files\TS\tsc.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720] "ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840] "Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616] "RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848] "SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360] d:\documents and settings\All Users\Start Menu\Programs\Startup\ ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"="" "AntiVirusOverride"="" "FirewallOverride"="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736] R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216] R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448] --- Other Services/Drivers In Memory --- NewlyCreated - COMHOST Deregistered - EraserUtilDrvI9 . Contents of the 'Scheduled Tasks' folder 2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job - d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job - d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10 FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-05 17:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????p8????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????A~}(@??08??(@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(736) d:\windows\system32\wpa.dll . Completion time: 2009-10-05 17:54 ComboFix-quarantined-files.txt 2009-10-05 15:54 Pre-Run: 54,206,910,464 bytes free Post-Run: 54,203,904,000 bytes free 181 --- E O F --- 2009-10-01 01:09

Profil

helen1 Poslao: 05 Okt 2009 18:34 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: d:\program files\TS d:\program files\Common Files\TSUninstall Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=- "AntiVirusOverride"=- "FirewallOverride"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TS"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

marko84 Poslao: 05 Okt 2009 19:42 Idi na vrh
offline marko84 Novi MyCity građanin Pridružio: 03 Okt 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-10-04.01 - Administrator 10/05/2009 19:31.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.570 [GMT 2:00] Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt AV: Norton Internet Security 2006 On-access scanning enabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 enabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Worm Protection disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\program files\Common Files\TSUninstall d:\program files\Common Files\TSUninstall\Uninstall.lnk d:\program files\TS . ((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 ))))))))))))))))))))))))))))))) . 2009-10-05 16:55 . 2009-10-05 16:55 -------- d-----w- d:\windows\system32\wbem\Repository 2009-10-05 16:54 . 2009-10-05 16:54 -------- dc----w- d:\program files\TuneUp Utilities 2009 2009-10-05 16:54 . 2009-10-05 16:54 -------- dc----w- d:\program files\Kaspersky Lab 2009-10-05 16:54 . 2009-10-05 16:54 -------- d-----w- d:\program files\Activision 2009-10-05 15:55 . 2009-10-05 16:53 -------- dc----w- D:\RECYCLER(3) 2009-10-04 17:44 . 2009-10-05 16:54 -------- dc----w- D:\RECYCLER(2) 2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software 2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe 2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe 2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe 2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll 2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys 2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys 2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys 2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$ 2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec 2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory 2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys 2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security 2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL 2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS 2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec 2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec 2009-09-29 20:58 . 2009-10-05 15:37 -------- d-----w- d:\program files\Common Files\Symantec Shared 2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys 2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat 2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat 2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat 2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft 2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko 2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa 2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe 2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall 2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe 2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe 2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer 2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft 2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker 2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF 2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT 2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles 2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx 2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx 2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update 2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple 2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision 2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter 2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter 2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader 2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat 2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll 2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe 2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll 2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat 2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat 2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll 2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720] "ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840] "Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616] "RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848] "SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360] d:\documents and settings\All Users\Start Menu\Programs\Startup\ ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736] R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216] R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/5/2009 5:27 PM 102448] --- Other Services/Drivers In Memory --- NewlyCreated - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job - d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job - d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10 FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-05 19:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????p8????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????A~}(@????g?(@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) d:\windows\system32\wpa.dll . Completion time: 2009-10-05 19:35 ComboFix-quarantined-files.txt 2009-10-05 17:35 ComboFix2.txt 2009-10-05 17:27 ComboFix3.txt 2009-10-05 15:54 Pre-Run: 54,103,711,744 bytes free Post-Run: 54,100,877,312 bytes free 183 --- E O F --- 2009-10-01 01:09

Profil

helen1 Poslao: 05 Okt 2009 19:59 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sta ti je u ovim folderima: D:\RECYCLER(3) D:\RECYCLER(2)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem Total security

Ko je trenutno na forumu

Ukupno su 903 korisnika na forumu :: 20 registrovanih, 9 sakrivenih i 874 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, bokisha253, branko7, cenejac111, cifra, dekao, Denaya, Dorcolac, esx66, HogarStrashni, Koja79, koom0001, Kubovac, mercedesamg, mikrimaus, pein, predragc, procesor, vathra, vukovi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by