MyCity » Ambulanta -> Arhiva Ambulante » Veliki problem, pomoc !

Veliki problem, pomoc !

Napisano na dan: 28.1.2009

Strana:
1
2
3
4

Veliki problem, pomoc !

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

Gaius Poslao: 28 Jan 2009 16:19 Idi na vrh
offline Gaius Građanin Pridružio: 28 Jan 2009 Poruke: 76	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Nov sam na forumu, dosao sam po preporuci u nadi da cete mi pomoci. Evo u cemu je moj problem. Evo vec 2, 3 dana konstantno mi upadaju virusi sta li je vec. Koristim avast home edition, svakih 5 minuta prijavljuje, neki malware, trojanac, upad sa neke ip adrese, ne znam sta da radim. Komp zakoci, zvuk nestane, problemcici razni. Skeniram sa avastom on pobrise to, ali opet isto sve... Molim za pomoc ! Evo samo jedna od slika...

Profil

helen1 Poslao: 28 Jan 2009 16:21 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cemu sluzi Ambulanta Kako otvoriti temu

Profil

Gaius Poslao: 28 Jan 2009 17:17 Idi na vrh
offline Gaius Građanin Pridružio: 28 Jan 2009 Poruke: 76	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ivinjavam se. Evo sada: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:13:55 PM, on 1/28/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\Mixer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Documents and Settings\Nikola\Application Data\advantage\AdVantage.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Mouse Driver\KMWDSrv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Opera\opera.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Documents and Settings\Nikola\Desktop\Pomoc\TR3.exe..exe C:\WINDOWS\usbservice.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = daemon-search.com/star R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {81705D67-3F73-4983-859B-97D0922E5ABE} - (no file) O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdVantage] C:\Documents and Settings\Nikola\Application Data\advantage\AdVantage.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe O4 - HKUS\S-1-5-18\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun (User 'Default user') O8 - Extra context menu item: Download all by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/ALL.HTM O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - freeietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - freeietool.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Usb Service 2.0 - Unknown owner - C:\WINDOWS\usbservice.exe O24 - Desktop Component 0: (no name) - thebooksofknjige.com/tbok/radijo/centar.jpg -- End of file - 8388 bytes Internet konekcija WiMax 512/128

Profil

helen1 Poslao: 28 Jan 2009 17:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ----------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Gaius Poslao: 28 Jan 2009 17:47 Idi na vrh
offline Gaius Građanin Pridružio: 28 Jan 2009 Poruke: 76	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno i to: ComboFix 09-01-21.04 - Nikola 2009-01-28 17:31:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.575 [GMT 1:00] Running from: C:\Documents and Settings\Nikola\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090127-0] On-access scanning disabled (Updated) FW: COMODO Firewall Pro enabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090126215149683.log C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe C:\Documents and Settings\Nikola\Favorites\Download programs.url C:\Documents and Settings\Nikola\Favorites\Games.url C:\Documents and Settings\Nikola\Favorites\Online Security Test.url C:\Documents and Settings\Nikola\Favorites\Translator.url C:\Documents and Settings\Nikola\Favorites\Videos.url C:\Documents and Settings\Nikola\Start Menu\Programs\Download programs.url C:\Documents and Settings\Nikola\Start Menu\Programs\Games.url C:\Documents and Settings\Nikola\Start Menu\Programs\Translator.url C:\Documents and Settings\Nikola\Start Menu\Programs\Videos.url C:\Program Files\Sotfone C:\WINDOWS\jestertb.dll C:\WINDOWS\system32\divx.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 ))))))))))))))))))))))))))))))) . 2009-01-28 13:55 . 2009-01-28 13:55 45,106 -r-hs---- C:\WINDOWS\usbservice.exe 2009-01-28 13:55 . 2009-01-28 13:55 45,106 --a------ C:\WINDOWS\system32\mf.exe 2009-01-26 22:09 . 2009-01-26 22:09 244 --ah----- C:\sqmnoopt15.sqm 2009-01-26 22:09 . 2009-01-26 22:09 232 --ah----- C:\sqmdata15.sqm 2009-01-26 22:05 . 2009-01-26 22:05 244 --ah----- C:\sqmnoopt14.sqm 2009-01-26 22:05 . 2009-01-26 22:05 232 --ah----- C:\sqmdata14.sqm 2009-01-26 21:57 . 2009-01-26 21:57 1,507,328 --a------ C:\WINDOWS\system32\ru.exe 2009-01-26 21:51 . 2009-01-26 22:08 81,931 --a------ C:\nssetup.exe 2009-01-26 21:49 . 2009-01-26 21:49 1,507,328 --a------ C:\WINDOWS\system32\iw.exe 2009-01-26 21:48 . 2009-01-26 21:49 1,507,328 --a------ C:\WINDOWS\system32\gv.exe 2009-01-26 20:12 . 2009-01-26 20:12 268 --ah----- C:\sqmdata13.sqm 2009-01-26 20:12 . 2009-01-26 20:12 244 --ah----- C:\sqmnoopt13.sqm 2009-01-26 15:16 . 2009-01-26 15:16 268 --ah----- C:\sqmdata12.sqm 2009-01-26 15:16 . 2009-01-26 15:16 244 --ah----- C:\sqmnoopt12.sqm 2009-01-26 11:48 . 2009-01-26 11:48 268 --ah----- C:\sqmdata11.sqm 2009-01-26 11:48 . 2009-01-26 11:48 244 --ah----- C:\sqmnoopt11.sqm 2009-01-14 14:48 . 2009-01-14 14:48 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\ImTOO Software Studio 2009-01-14 14:33 . 2009-01-14 14:33 <DIR> d-------- C:\Program Files\Moyea 2009-01-14 14:33 . 2009-01-14 14:33 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Moyea 2009-01-14 14:33 . 2008-08-28 18:56 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll 2009-01-14 14:24 . 2009-01-14 14:34 <DIR> d-------- C:\My FLVs 2009-01-14 14:23 . 2009-01-14 14:28 <DIR> d-------- C:\Program Files\YouTubeRobot 2009-01-14 14:23 . 2007-02-28 13:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2009-01-14 14:23 . 2007-02-28 13:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2009-01-14 14:23 . 2007-02-28 13:32 716,800 --a------ C:\WINDOWS\system32\lameACM.acm 2009-01-14 14:23 . 2007-02-28 13:30 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2009-01-14 14:23 . 2007-02-28 13:30 577,536 --a------ C:\WINDOWS\system32\divxdec.ax 2009-01-14 14:23 . 2007-02-28 13:33 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx 2009-01-14 14:23 . 2007-02-28 13:30 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2009-01-14 14:23 . 2007-02-28 13:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2009-01-14 14:23 . 2007-02-28 13:30 200,704 --a------ C:\WINDOWS\system32\dtu100.dll 2009-01-14 14:23 . 2007-02-28 13:30 86,016 --a------ C:\WINDOWS\system32\dpl100.dll 2009-01-14 14:23 . 2007-02-28 13:30 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2009-01-14 14:23 . 2007-02-28 13:32 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2009-01-08 13:12 . 2009-01-08 13:12 <DIR> d-------- C:\Program Files\UltraISO 2009-01-08 13:12 . 2009-01-08 13:12 <DIR> d-------- C:\Program Files\Common Files\EZB Systems 2009-01-08 12:25 . 2009-01-21 13:10 238 --a------ C:\WINDOWS\mafosav.INI 2009-01-08 12:22 . 2009-01-08 12:22 <DIR> d-------- C:\Buziol Games 2009-01-04 10:42 . 2009-01-04 10:43 35 --a------ C:\WINDOWS\mstutor.ini 2009-01-02 10:55 . 2009-01-02 10:55 <DIR> d-------- C:\Program Files\Xilisoft 2008-12-31 14:49 . 2008-12-31 14:49 <DIR> d-------- C:\svadba 2008-12-31 14:04 . 2008-12-31 14:04 <DIR> d-------- C:\Program Files\DVD Shrink 2008-12-31 14:04 . 2008-12-31 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-12-31 13:58 . 2008-12-31 13:58 <DIR> d-------- C:\Program Files\DVD Decrypter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 09:59 --------- d-----w C:\Documents and Settings\Nikola\Application Data\advantage 2009-01-27 17:10 --------- d-----w C:\Program Files\The KMPlayer 2009-01-14 13:48 --------- d-----w C:\Program Files\ImTOO 2009-01-14 13:42 --------- d-----w C:\Program Files\Total Video Converter 2009-01-08 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-01-08 12:18 --------- d-----w C:\Documents and Settings\Nikola\Application Data\LimeWire 2009-01-02 14:30 --------- d-----w C:\Documents and Settings\Nikola\Application Data\dvdcss 2008-12-31 16:48 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Skype 2008-12-31 15:07 --------- d-----w C:\Documents and Settings\Nikola\Application Data\skypePM 2008-12-24 11:58 --------- d-----w C:\Program Files\YoutubeGet 2008-12-14 13:33 --------- d-----w C:\Program Files\Folder Lock 2008-12-12 09:46 --------- d-----w C:\Program Files\Realtek AC97 2008-12-04 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-12-04 12:15 --------- d-----w C:\Program Files\WMV9_VCM 2008-12-04 12:12 --------- d-----w C:\Program Files\1C 2008-12-04 11:54 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-12-04 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-12-04 11:53 --------- d-----w C:\Documents and Settings\Nikola\Application Data\DAEMON Tools Pro 2008-12-04 11:51 --------- d-----w C:\Program Files\advantage 2008-12-04 11:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-07-14 05:27 9,016 ----a-w C:\Program Files\tempdecal.wad 2004-07-22 09:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB 2004-07-19 21:58 1,156,363 ----a-w C:\Program Files\BDANT.cab 2004-07-19 21:53 976,020 ----a-w C:\Program Files\BDAXP.cab 2004-07-16 13:30 3,858 ----a-w C:\Program Files\directx redist.txt 2004-07-09 13:17 13,265,040 ----a-w C:\Program Files\dxnt.cab 2004-07-09 08:13 703,080 ----a-w C:\Program Files\BDA.cab 2004-07-09 08:13 15,493,481 ----a-w C:\Program Files\DirectX.cab 2004-07-09 03:08 472,576 ----a-w C:\Program Files\dxsetup.exe 2004-07-09 03:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll 2004-07-09 02:03 62,976 ----a-w C:\Program Files\DSETUP.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 11:54 5674352] "AdVantage"="C:\Documents and Settings\Nikola\Application Data\advantage\AdVantage.exe" [2008-12-04 12:51 175024] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-12-05 15:15 273864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 17:00 98304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 11:36 229376] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112] "KMCONFIG"="C:\Program Files\Mouse Driver\StartAutorun.exe" [2007-03-06 14:51 212992] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 20:10 339968] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-24 15:27 180269] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2002-01-01 01:48 98304] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 03:50 88363 C:\WINDOWS\AGRSMMSG.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl] "C-Media Mixer"="Mixer.exe" [2003-03-20 15:21 1855488 C:\WINDOWS\mixer.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.ffds"= ffdshow.ax "vidc.X264"= x264vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "WinampAgent"=C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\zBoT Counter 1.6\\hl.exe"= "C:\\Program Files\\ApexDC++\\ApexDC.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\usbservice.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3478:UDP"= 3478:UDP:stun "3479:UDP"= 3479:UDP:stun 2 "6112:UDP"= 6112:UDP:stun 3 "5730:UDP"= 5730:UDP:game "5739:UDP"= 5739:UDP:game 1 "9001:TCP"= 9001:TCP:game 2 "11881:TCP"= 11881:TCP:game 3 R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-12-14 14:06:24 111184] R4 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2008-12-14 14:06:24 20560] R4 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Mouse Driver\KMWDSrv.exe [2007-04-05 10:29:28 208896] S4 Usb Service 2.0;Usb Service 2.0;C:\WINDOWS\usbservice.exe [2009-01-28 13:55:21 45106] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26e6d86f-7e43-11dc-934e-00112fafc531}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26e6da53-7e43-11dc-934e-00112fafc531}] \Shell\Auto\command - F:\fun.xls.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{530b55e8-7e55-11dc-934f-00112fafc531}] \Shell\Auto\command - F:\fun.xls.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe . Contents of the 'Scheduled Tasks' folder 2009-01-16 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-MS AntiSpyware 2009 - C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/star uInternet Settings,ProxyOverride = .local IE: Download all by YouTube Robot - C:\Program Files\YouTubeRobot\RobotExt.ocx/ALL.HTM IE: Download by YouTube Robot - C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-28 17:37:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-725345543-287218729-2147145749-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-725345543-287218729-2147145749-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E3786AA-5288-665B-DF40-0490A1A5049B}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iajdmfhanbcdcgadpg"=hex:6b,61,6b,63,64,63,67,6d,6e,69,6c,67,6b,69,61,6d,70,6e, 63,63,6a,67,00,01 "jajeakffndmddjklomho"=hex:62,61,66,63,00,00 "jajeakffndmddjklomdo"=hex:62,61,6b,63,00,00 "hahekfgcipbjfdbf"=hex:6b,61,6b,63,64,63,67,6d,6e,69,6c,67,6b,69,61,6d,70,6e, 63,63,6a,67,00,01 [HKEY_USERS\S-1-5-21-725345543-287218729-2147145749-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1A06CD3-E41F-1C1E-ECC2-DB2832F4F556}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaejogeiodcfbekjga"=hex:6b,61,6b,6e,64,6e,65,69,6a,6e,64,63,6c,6f,69,6f,66,6f, 6b,63,68,67,00,01 "japjoiodakalpbmgdpgo"=hex:62,61,6c,66,00,00 "jaljkkknoabjnadiohae"=hex:62,61,63,67,00,00 "hahdcjiipgkckfpf"=hex:6b,61,6b,6e,64,6e,65,69,6a,6e,64,63,6c,6f,69,6f,66,6f, 6b,63,68,67,00,01 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(640) C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Mouse Driver\KMCONFIG.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************* . Completion time: 2009-01-28 17:40:27 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-28 16:40:24 Pre-Run: 5,171,150,848 bytes free Post-Run: 5,219,622,912 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 270

Profil

helen1 Poslao: 28 Jan 2009 18:12 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Kopiraj mi dobijeni log. --------------------------- Uploaduj mi sledeci fajl: C:\nssetup.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

Gaius Poslao: 28 Jan 2009 18:47 Idi na vrh
offline Gaius Građanin Pridružio: 28 Jan 2009 Poruke: 76	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/01/28 18:15 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: Image Path: Address: 0xF7491000 Size: 98304 File Visible: No Status: - Name: Image Path: Address: 0x00000000 Size: 0 File Visible: No Status: - Name: dump_IdeChnDr.sys Image Path: C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys Address: 0xB2DD4000 Size: 98304 File Visible: No Status: - Name: PCI_PNP1432 Image Path: \Driver\PCI_PNP1432 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF7783000 Size: 45056 File Visible: No Status: - Name: spni.sys Image Path: spni.sys Address: 0xF7584000 Size: 1040384 File Visible: No Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\sccfg.sys Status: Invisible to the Windows API! Path: C:\Program Files\Folder Lock\Locker\pegtag.$s8 Status: Invisible to the Windows API! Path: C:\WINDOWS\Debug\UserMode\userenv.log Status: Size mismatch (API: 1611524, Raw: 1611220) Path: C:\Documents and Settings\Nikola\Local Settings\Application Data\Microsoft\Messenger\nikolank91@hotmail.com\SharingMetadata\argosija@hotmail.com\DFSR\Staging\CS{76777243-8539-AF90-C9A7-6241435115D7}\01\13-{76777243-8539-AF90-C9A7-6241435115D7}-v1-{52B0EEC8-8417-4CB3-A4C0-ACF10E2F3C05}-v13-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Nikola\Local Settings\Application Data\Microsoft\Messenger\nikolank91@hotmail.com\SharingMetadata\darko_tasevski666@hotmail.com\DFSR\Staging\CS{88515761-B1E1-7DC0-7F98-4F05A79F6BB3}\01\10-{88515761-B1E1-7DC0-7F98-4F05A79F6BB3}-v1-{52B0EEC8-8417-4CB3-A4C0-ACF10E2F3C05}-v10-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Nikola\Local Settings\Application Data\Microsoft\Messenger\nikolank91@hotmail.com\SharingMetadata\delija_nk@hotmail.com\DFSR\Staging\CS{9F7928AC-F200-E2FB-4307-1EA2AE630C36}\01\15-{9F7928AC-F200-E2FB-4307-1EA2AE630C36}-v1-{52B0EEC8-8417-4CB3-A4C0-ACF10E2F3C05}-v15-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Nikola\Local Settings\Application Data\Microsoft\Messenger\nikolank91@hotmail.com\SharingMetadata\delija_nk@hotmail.com\DFSR\Staging\CS{9F7928AC-F200-E2FB-4307-1EA2AE630C36}\16\16-{52B0EEC8-8417-4CB3-A4C0-ACF10E2F3C05}-v16-{52B0EEC8-8417-4CB3-A4C0-ACF10E2F3C05}-v16-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Nikola\Local Settings\Application Data\Microsoft\Messenger\nikolank91@hotmail.com\SharingMetadata\delija_nk@hotmail.com\DFSR\Staging\CS{9F7928AC-F200-E2FB-4307-1EA2AE630C36}\22\22-{DA2FC06C-E7EE-4F0F-A5A3-93E8157033F7}-v22-{DA2FC06C-E7EE-4F0F-A5A3-93E8157033F7}-v22-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Nikola\Local Settings\Application Data\Microsoft\Messenger\nikolank91@hotmail.com\SharingMetadata\dzale_nk@live.com\DFSR\Staging\CS{C6551662-5309-C9DE-C763-55A2E4EEFBA0}\01\14-{C6551662-5309-C9DE-C763-55A2E4EEFBA0}-v1-{52B0EEC8-8417-4CB3-A4C0-ACF10E2F3C05}-v14-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Nikola\Local Settings\Application Data\Microsoft\Messenger\nikolank91@hotmail.com\SharingMetadata\markocarkg@hotmail.com\DFSR\Staging\CS{95CBCCF9-C523-34D5-F26F-20833CD18D85}\01\12-{95CBCCF9-C523-34D5-F26F-20833CD18D85}-v1-{52B0EEC8-8417-4CB3-A4C0-ACF10E2F3C05}-v12-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Nikola\Application Data\Macromedia\Flash Player\#SharedObjects\ZFGB5KGL\a332.g.akamai.net\f\332\936\12h\www.edmunds.com\media\1024hp:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e38576 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7a3736a #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e38432 #: 045 Function Name: NtCreatePagingFile Status: Hooked by "Vax347b.sys" at address 0xf7546c70 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e38910 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e3800a #: 071 Function Name: NtEnumerateKey Status: Hooked by "Vax347b.sys" at address 0xf75474fe #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "Vax347b.sys" at address 0xf7552d50 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7a37cd8 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e3850c #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e37f4a #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e37fae #: 145 Function Name: NtQueryDirectoryFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7a37842 #: 154 Function Name: NtQueryInformationProcess Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7a341e0 #: 160 Function Name: NtQueryKey Status: Hooked by "Vax347b.sys" at address 0xf754751e #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e3862c #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e385ec #: 224 Function Name: NtSetInformationFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7a38142 #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "Vax347b.sys" at address 0xf75524f0 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2e3876c Stealth Objects ------------------- Object: Hidden Module [Name: MOM.Implementation.DLL] Process: MOM.EXE (PID: 512) Address: 0x00cc0000 Size: 110592 Object: Hidden Module [Name: LOG.Foundation.DLL] Process: MOM.EXE (PID: 512) Address: 0x00cf0000 Size: 45056 Object: Hidden Module [Name: LOG.Foundation.Implementation.DLL] Process: MOM.EXE (PID: 512) Address: 0x00d70000 Size: 69632 Object: Hidden Module [Name: LOG.Foundation.Private.DLL] Process: MOM.EXE (PID: 512) Address: 0x00d60000 Size: 45056 Object: Hidden Module [Name: MOM.Foundation.DLL] Process: MOM.EXE (PID: 512) Address: 0x00e90000 Size: 28672 Object: Hidden Module [Name: System.Runtime.Remoting.dll] Process: MOM.EXE (PID: 512) Address: 0x010d0000 Size: 307200 Object: Hidden Module [Name: LOG.Foundation.Implementation.Private.DLL] Process: MOM.EXE (PID: 512) Address: 0x010c0000 Size: 28672 Object: Hidden Module [Name: AEM.Server.DLL] Process: MOM.EXE (PID: 512) Address: 0x01260000 Size: 53248 Object: Hidden Module [Name: NEWAEM.Foundation.DLL] Process: MOM.EXE (PID: 512) Address: 0x039c0000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04d60000 Size: 77824 Object: Hidden Module [Name: NEWAEM.Foundation.DLL] Process: ccc.exe (PID: 2080) Address: 0x03650000 Size: 36864 Object: Hidden Module [Name: LOG.Foundation.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x00db0000 Size: 45056 Object: Hidden Module [Name: MOM.Foundation.DLL] Process: ccc.exe (PID: 2080) Address: 0x00cf0000 Size: 28672 Object: Hidden Module [Name: CCC.Implementation.DLL] Process: ccc.exe (PID: 2080) Address: 0x00cc0000 Size: 45056 Object: Hidden Module [Name: LOG.Foundation.DLL] Process: ccc.exe (PID: 2080) Address: 0x00ce0000 Size: 45056 Object: Hidden Module [Name: LOG.Foundation.Implementation.DLL] Process: ccc.exe (PID: 2080) Address: 0x00d20000 Size: 69632 Object: Hidden Module [Name: LOG.Foundation.Implementation.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x00d10000 Size: 28672 Object: Hidden Module [Name: CLI.Foundation.DLL] Process: ccc.exe (PID: 2080) Address: 0x00d00000 Size: 61440 Object: Hidden Module [Name: System.Runtime.Remoting.dll] Process: ccc.exe (PID: 2080) Address: 0x00d50000 Size: 307200 Object: Hidden Module [Name: MOM.Implementation.DLL] Process: ccc.exe (PID: 2080) Address: 0x01240000 Size: 110592 Object: Hidden Module [Name: CLI.Foundation.XManifest.DLL] Process: ccc.exe (PID: 2080) Address: 0x01260000 Size: 36864 Object: Hidden Module [Name: CLI.Foundation.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x03600000 Size: 53248 Object: Hidden Module [Name: CLI.Component.Runtime.Shared.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x035f0000 Size: 53248 Object: Hidden Module [Name: CLI.Component.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x035d0000 Size: 77824 Object: Hidden Module [Name: ATICCCom.DLL] Process: ccc.exe (PID: 2080) Address: 0x03630000 Size: 45056 Object: Hidden Module [Name: CLI.Component.Runtime.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x03620000 Size: 28672 Object: Hidden Module [Name: AEM.Server.DLL] Process: ccc.exe (PID: 2080) Address: 0x03640000 Size: 53248 Object: Hidden Module [Name: AEM.Foundation.DLL] Process: ccc.exe (PID: 2080) Address: 0x03690000 Size: 36864 Object: Hidden Module [Name: CLI.Component.Runtime.Extension.EEU.DLL] Process: ccc.exe (PID: 2080) Address: 0x03680000 Size: 28672 Object: Hidden Module [Name: DEM.Graphics.DLL] Process: ccc.exe (PID: 2080) Address: 0x03830000 Size: 28672 Object: Hidden Module [Name: AEM.Plugin.DPPE.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x037e0000 Size: 28672 Object: Hidden Module [Name: AEM.Plugin.Source.Kit.Server.DLL] Process: ccc.exe (PID: 2080) Address: 0x037c0000 Size: 45056 Object: Hidden Module [Name: AEM.Server.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x037a0000 Size: 28672 Object: Hidden Module [Name: DEM.Graphics.I0601.DLL] Process: ccc.exe (PID: 2080) Address: 0x03810000 Size: 53248 Object: Hidden Module [Name: AEM.Plugin.Hotkeys.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x03800000 Size: 28672 Object: Hidden Module [Name: DEM.Foundation.DLL] Process: ccc.exe (PID: 2080) Address: 0x03820000 Size: 28672 Object: Hidden Module [Name: ATIDEMGX.dll] Process: ccc.exe (PID: 2080) Address: 0x03860000 Size: 356352 Object: Hidden Module [Name: System.Management.dll] Process: ccc.exe (PID: 2080) Address: 0x038d0000 Size: 380928 Object: Hidden Module [Name: AEM.Actions.CCAA.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04180000 Size: 28672 Object: Hidden Module [Name: AEM.Plugin.EEU.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x03a80000 Size: 28672 Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x03af0000 Size: 249856 Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x03b30000 Size: 61440 Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x03b50000 Size: 36864 Object: Hidden Module [Name: DEM.OS.I0602.DLL] Process: ccc.exe (PID: 2080) Address: 0x04160000 Size: 28672 Object: Hidden Module [Name: ATIDEMOS.DLL] Process: ccc.exe (PID: 2080) Address: 0x041b0000 Size: 77824 Object: Hidden Module [Name: DEM.OS.DLL] Process: ccc.exe (PID: 2080) Address: 0x04190000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04720000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x04510000 Size: 102400 Object: Hidden Module [Name: CLI.Aspect.TransCode.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04530000 Size: 53248 Object: Hidden Module [Name: atixclib.DLL] Process: ccc.exe (PID: 2080) Address: 0x04550000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x04590000 Size: 413696 Object: Hidden Module [Name: CLI.Component.Dashboard.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04600000 Size: 28672 Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.Shared.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x04760000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04740000 Size: 77824 Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04730000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04780000 Size: 53248 Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04790000 Size: 45056 Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x048d0000 Size: 45056 Object: Hidden Module [Name: DEM.Graphics.I0703.dll] Process: ccc.exe (PID: 2080) Address: 0x048c0000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.CustomFormats.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x048a0000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04b80000 Size: 69632 Object: Hidden Module [Name: AEM.Plugin.GD.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04a60000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04a30000 Size: 77824 Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04a10000 Size: 86016 Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04a70000 Size: 45056 Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04a90000 Size: 61440 Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04aa0000 Size: 53248 Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04ab0000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04af0000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04ae0000 Size: 45056 Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04b20000 Size: 61440 Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04b00000 Size: 53248 Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04b30000 Size: 45056 Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04b40000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04b60000 Size: 53248 Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04bb0000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04cc0000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04cd0000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Runtime.DLL] Process: ccc.exe (PID: 2080) Address: 0x04d10000 Size: 69632 Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04cf0000 Size: 36864 Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04d30000 Size: 61440 Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04d80000 Size: 53248 Object: Hidden Module [Name: APM.Server.DLL] Process: ccc.exe (PID: 2080) Address: 0x04da0000 Size: 53248 Object: Hidden Module [Name: APM.Foundation.DLL] Process: ccc.exe (PID: 2080) Address: 0x04dc0000 Size: 28672 Object: Hidden Module [Name: CLI.Component.Systemtray.DLL] Process: ccc.exe (PID: 2080) Address: 0x050b0000 Size: 454656 Object: Hidden Module [Name: CLI.Component.Client.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04ea0000 Size: 28672 Object: Hidden Module [Name: CLI.Component.Wizard.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04fb0000 Size: 28672 Object: Hidden Module [Name: CLI.Component.Wizard.Shared.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x04ec0000 Size: 36864 Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x04eb0000 Size: 53248 Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x04ed0000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.TransCode.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x04ef0000 Size: 495616 Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x04f70000 Size: 192512 Object: Hidden Module [Name: CLI.Component.Dashboard.Shared.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x04fa0000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x04fc0000 Size: 372736 Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05020000 Size: 86016 Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.Shared.DLL] Process: ccc.exe (PID: 2080) Address: 0x05050000 Size: 28672 Object: Hidden Module [Name: CLI.Aspect.Welcome.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05060000 Size: 143360 Object: Hidden Module [Name: CLI.Component.Client.Shared.Private.DLL] Process: ccc.exe (PID: 2080) Address: 0x05120000 Size: 53248 Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05140000 Size: 217088 Object: Hidden Module [Name: CLI.Component.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x053b0000 Size: 479232 Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05980000 Size: 692224 Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05630000 Size: 1683456 Object: Hidden Module [Name: CLI.Component.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05c30000 Size: 1519616 Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05a30000 Size: 339968 Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05a90000 Size: 602112 Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05b30000 Size: 798720 Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05c00000 Size: 110592 Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05f20000 Size: 126976 Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05eb0000 Size: 446464 Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05f40000 Size: 487424 Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x05fc0000 Size: 667648 Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x06150000 Size: 905216 Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x06230000 Size: 339968 Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Dashboard.DLL] Process: ccc.exe (PID: 2080) Address: 0x06290000 Size: 290816 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x86c4e848 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x86b4b1f8 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_CREATE] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_CLOSE] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_READ] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_WRITE] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_QUERY_EA] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_SET_EA] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_SHUTDOWN] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_CLEANUP] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_SET_SECURITY] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_POWER] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_SET_QUOTA] Process: System Address: 0x86dabf00 Size: - Object: Hidden Code [Driver: Rasl, IRP_MJ_PNP] Process: Evo, i dok ovo radim, opet avast prijavljuje virus

Profil

helen1 Poslao: 28 Jan 2009 18:54 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi uploadovao fajl? --------------------- - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

Gaius Poslao: 28 Jan 2009 21:57 Idi na vrh
offline Gaius Građanin Pridružio: 28 Jan 2009 Poruke: 76	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk by bobby Started at 2009-01-28 21:50:57 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {5c6c4993-5372-11dc-9d16-806d6172696f} D: {5c6c4994-5372-11dc-9d16-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 5c6c4993-5372-11dc-9d16-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 5c6c4994-5372-11dc-9d16-806d6172696f ======================================== ======================================== New device connected at 2009-01-28 21:52:00 Scanning for connected USB mass storage... ---------------------------------------- I: {be9ad158-3180-11dd-9a42-00112fafc531} Added I: ======================================== Scanning USB mass storage for files... ---------------------------------------- Autorun.inf on I: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for be9ad158-3180-11dd-9a42-00112fafc531 ======================================== ---------------------------------------- Desktop.ini on I: - None ---------------------------------------- ======================================== Samo fleska jedna, bio je i digitalac drugov al' je vracen. Dopuna: 28 Jan 2009 21:57 Koji fajl jesam li uploadovao ?

Profil

helen1 Poslao: 28 Jan 2009 22:06 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo: Uploaduj mi sledeci fajl: C:\nssetup.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Veliki problem, pomoc !

Ko je trenutno na forumu

Ukupno su 1064 korisnika na forumu :: 41 registrovanih, 8 sakrivenih i 1015 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Bobrock1, bokisha253, Boris90, Dorcolac, DPera, Džordžino, HogarStrashni, Japidson, JOntra, Kibice, kovinacc, Kubovac, kybonacci, Mercury, Mihajlo, milenko crazy north, milos97, milutin134, MiroslavD, Nemanja.M, Neutral-M, novator, ObelixSRB, Pele23, Prašinar, Primus17, repac, savaskytec, Srle993, suton, tmanda323, tubular, Tvrtko I, vathra, VJ, vladaa012, vrag81, vukovi, YugoSlav, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by