MyCity » Ambulanta -> Arhiva Ambulante » Winlogon.exe PROBLEM

Winlogon.exe PROBLEM

Napisano na dan: 22.2.2009

Strana:
1
2

Winlogon.exe PROBLEM

Sledeća strana

Pagination

Odgovori

Strana:
1
2

dusan93 Poslao: 22 Feb 2009 18:58 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kada pokrecem komp poceo je da zabada...a AVG Internet Security mi takodje prijavljuje da winlogon.exe zaraze. Evo Hijack This log-a: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50:40, on 22.2.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\system32\PnkBstrA.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dule\Desktop\New Folder (2)\TR3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = yahoo.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89CB4372-B410-3B5E-8871-86EBCEEBE643} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [avgtray.exe] C:\Program Files\AVG\AVG8\avgtray.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{22402CD4-CFF5-411C-AD65-7B75DA04C325}: NameServer = 194.106.162.10 194.106.162.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{22402CD4-CFF5-411C-AD65-7B75DA04C325}: NameServer = 194.106.162.10 194.106.162.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{22402CD4-CFF5-411C-AD65-7B75DA04C325}: NameServer = 194.106.162.10 194.106.162.3 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 5923 bytes

Profil

helen1 Poslao: 22 Feb 2009 19:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ----------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dusan93 Poslao: 22 Feb 2009 19:40 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-21.01 - Dule 2009-02-22 19:30:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2046.1464 [GMT 1:00] Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe AV: AVG Internet Security On-access scanning disabled (Updated) FW: AVG Firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\ws2help.dll c:\windows\adober.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))) . 2009-02-22 18:43 . 2009-02-22 18:43 <DIR> d-------- c:\program files\Trend Micro 2009-02-22 16:58 . 2009-02-22 16:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-22 16:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-22 16:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-22 15:47 . 2009-02-22 19:19 <DIR> d-------- c:\program files\Microsoft Games 2009-02-22 05:56 . 2009-02-22 05:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR 2009-02-22 05:17 . 2009-02-22 05:17 <DIR> d-------- c:\documents and settings\LocalService\Application Data\PC Suite 2009-02-22 04:37 . 2009-02-22 04:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit 2009-02-22 04:13 . 2009-02-22 04:13 <DIR> d-------- c:\documents and settings\Administrator 2009-02-22 02:58 . 2009-02-22 02:58 <DIR> d-------- c:\program files\EACom 2009-02-16 22:17 . 2009-02-16 22:18 <DIR> d-------- c:\program files\Ubisoft 2009-02-16 13:41 . 2009-02-16 13:47 <DIR> d-------- c:\documents and settings\Dule\Application Data\Chessmaster Challenge 2009-02-08 22:29 . 2009-02-08 22:29 664 --a------ c:\windows\system32\d3d9caps.dat 2009-02-08 22:28 . 2009-02-08 22:28 <DIR> d-------- c:\documents and settings\Dule\Application Data\Nokia 2009-02-08 22:28 . 2009-02-08 22:28 <DIR> d-------- c:\documents and settings\Dule\Application Data\Datalayer 2009-02-08 22:27 . 2009-02-08 22:28 <DIR> d-------- c:\documents and settings\Dule\Phone Browser 2009-02-08 22:23 . 2009-02-08 22:24 <DIR> d-------- c:\windows\Downloaded Installations 2009-02-08 22:22 . 2009-02-08 22:24 <DIR> d-------- c:\program files\Nokia 2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\program files\Common Files\Nokia 2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\documents and settings\Dule\Application Data\PC Suite 2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite 2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-02-08 22:22 . 2006-05-29 08:26 127,488 --a------ c:\windows\system32\drivers\nmwcd.sys 2009-02-08 22:22 . 2006-05-29 08:26 50,688 --a------ c:\windows\system32\nmwcdcls.dll 2009-02-08 22:22 . 2006-05-29 08:26 30,720 --a------ c:\windows\system32\nmwcdcocls.dll 2009-02-08 22:22 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcm.sys 2009-02-08 22:22 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcj.sys 2009-02-08 22:22 . 2006-05-29 08:26 8,704 --a------ c:\windows\system32\drivers\nmwcdc.sys 2009-02-08 22:22 . 2006-05-29 08:26 4,608 --a------ c:\windows\system32\nmwcdlog.dll 2009-02-03 22:42 . 2009-02-03 22:42 <DIR> d-------- c:\windows\Sun 2009-02-03 20:28 . 2009-02-03 20:28 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-02-03 20:28 . 2009-02-03 20:28 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-28 22:20 . 2009-01-28 22:20 <DIR> d-------- c:\program files\IObit 2009-01-28 21:35 . 2009-01-28 21:35 1,700,352 --a------ c:\windows\system32\gdiplus.dll 2009-01-28 21:35 . 2009-01-28 21:35 1,060,864 --a------ c:\windows\system32\mfc71.dll 2009-01-28 12:24 . 2009-02-22 15:27 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-28 11:42 . 2009-02-22 00:13 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-01-28 11:42 . 2009-02-15 13:03 <DIR> d-------- c:\documents and settings\Dule\Application Data\AVGTOOLBAR 2009-01-28 11:42 . 2009-02-22 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-01-28 11:42 . 2009-01-28 11:53 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-01-28 11:42 . 2009-01-28 11:53 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-01-28 11:42 . 2009-01-28 11:52 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-01-28 11:42 . 2009-01-28 11:53 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-01-28 11:40 . 2009-01-28 11:40 50,968 --a------ c:\windows\system32\avgfwdx.dll 2009-01-28 11:40 . 2009-01-28 11:40 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys 2009-01-27 23:08 . 2009-01-27 23:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\Locktime 2009-01-27 23:06 . 2009-01-27 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime 2009-01-27 19:20 . 2009-01-27 19:20 <DIR> d--h----- c:\windows\PIF 2009-01-25 23:40 . 2008-04-14 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-25 18:43 . 2009-01-25 18:43 <DIR> d-------- c:\program files\Java 2009-01-25 18:43 . 2009-01-25 18:43 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-25 18:43 . 2009-01-25 18:43 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-25 15:39 . 2009-01-26 20:35 <DIR> d-------- c:\documents and settings\Dule\Application Data\IObit 2009-01-25 11:19 . 2009-01-25 11:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI 2009-01-25 11:13 . 2007-12-18 02:25 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat 2009-01-25 11:13 . 2007-12-18 02:25 3,107,788 -ra------ c:\windows\system32\ativva5x.dat 2009-01-25 11:13 . 2007-12-18 02:25 887,724 -ra------ c:\windows\system32\ativva6x.dat 2009-01-25 11:13 . 2008-12-01 14:35 614,400 --------- c:\windows\system32\ati2sgag.exe 2009-01-25 11:13 . 2008-12-01 21:52 425,984 --a------ c:\windows\system32\ATIDEMGX.dll 2009-01-25 11:13 . 2008-12-01 21:19 307,200 --a------ c:\windows\system32\atiiiexx.dll 2009-01-25 11:13 . 2008-10-30 15:45 180,720 --a------ c:\windows\system32\atiicdxx.dat 2009-01-25 11:13 . 2008-10-17 15:19 15,079 --a------ c:\windows\atiogl.xml 2009-01-25 11:13 . 2007-08-31 02:20 7,167 -ra------ c:\windows\system32\atifglpf.xml 2009-01-25 11:12 . 2009-01-25 11:16 <DIR> d-------- c:\program files\ATI Technologies 2009-01-25 11:06 . 2009-01-25 11:06 10 --a------ c:\windows\WININIT.INI 2009-01-25 01:54 . 2009-01-25 01:54 <DIR> d-------- C:\ATI 2009-01-25 00:05 . 2009-02-22 02:03 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-25 00:05 . 2009-01-25 00:05 1,409 --a------ c:\windows\QTFont.for 2009-01-24 23:19 . 2009-01-24 23:19 <DIR> dr-h----- c:\documents and settings\Dule\Application Data\SecuROM 2009-01-24 23:17 . 2009-01-24 23:17 <DIR> d-------- c:\windows\system32\xlive 2009-01-24 23:17 . 2009-01-24 23:17 <DIR> d-------- c:\windows\Logs 2009-01-24 23:17 . 2009-01-24 23:44 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE 2009-01-24 23:17 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll 2009-01-24 23:17 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll 2009-01-24 23:17 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll 2009-01-24 22:51 . 2009-01-24 22:51 <DIR> d-------- c:\windows\system32\XPSViewer 2009-01-24 22:50 . 2009-01-24 22:50 <DIR> d-------- c:\program files\Reference Assemblies 2009-01-24 22:50 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-01-24 22:49 . 2009-01-26 20:32 <DIR> d-------- c:\program files\Rockstar Games 2009-01-23 21:01 . 2009-01-23 21:01 268 --ah----- C:\sqmdata19.sqm 2009-01-23 21:01 . 2009-01-23 21:01 244 --ah----- C:\sqmnoopt19.sqm 2009-01-23 21:00 . 2009-01-23 21:00 268 --ah----- C:\sqmdata18.sqm 2009-01-23 21:00 . 2009-01-23 21:00 244 --ah----- C:\sqmnoopt18.sqm 2009-01-23 20:20 . 2009-01-23 21:07 23,392 --a------ c:\windows\system32\nscompat.tlb 2009-01-23 20:20 . 2009-01-23 21:07 16,832 --a------ c:\windows\system32\amcompat.tlb 2009-01-23 18:00 . 2009-01-23 18:00 <DIR> d-------- c:\documents and settings\Dule\Application Data\Malwarebytes 2009-01-23 18:00 . 2009-01-23 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 17:56 . 2009-01-23 17:56 268 --ah----- C:\sqmdata17.sqm 2009-01-23 17:56 . 2009-01-23 17:56 244 --ah----- C:\sqmnoopt17.sqm 2009-01-23 02:49 . 2009-01-23 02:49 268 --ah----- C:\sqmdata16.sqm 2009-01-23 02:49 . 2009-01-23 02:49 244 --ah----- C:\sqmnoopt16.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 18:29 --------- d-----w c:\documents and settings\Dule\Application Data\uTorrent 2009-02-22 02:34 --------- d-----w c:\program files\Electronic Arts 2009-02-22 02:33 --------- d-----w c:\program files\Chess3D 2009-02-21 23:48 --------- d-----w c:\program files\Counter-Strike 1.6 2009-02-17 12:39 --------- d-----w c:\documents and settings\Dule\Application Data\dvdcss 2009-02-15 20:53 --------- d-----w c:\program files\Bridge Building Game 2009-02-15 19:17 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-08 21:22 --------- d-----w c:\program files\DIFX 2009-01-26 19:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-24 21:53 --------- d-----w c:\program files\MSBuild 2009-01-23 20:03 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-17 16:24 --------- d-----w c:\documents and settings\Dule\Application Data\iolo 2009-01-17 00:04 --------- d-----w c:\program files\City Interactive 2009-01-16 15:23 --------- d-----w c:\documents and settings\Dule\Application Data\Leadertech 2009-01-15 22:34 307,200 ----a-w c:\windows\iun506.exe 2009-01-15 16:21 --------- d-----w c:\program files\Mario Forever 2008-12-31 21:28 --------- d-----w c:\program files\KONAMI 2008-12-31 21:26 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-28 13:44 --------- d-----w c:\documents and settings\Dule\Application Data\vlc 2008-12-28 13:02 --------- d-----w c:\program files\Chec 2008-12-27 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia 2008-12-25 22:29 --------- d-----w c:\program files\MSN Messenger 2008-12-25 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-25 21:52 --------- d-----w c:\program files\Microsoft Works 2008-12-25 21:51 --------- d-----w c:\program files\Microsoft.NET 2008-12-25 21:50 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-12-25 21:48 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Lite 2008-12-25 20:00 --------- d-----w c:\program files\uTorrent 2008-12-25 18:54 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Pro 2008-12-25 18:54 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools 2008-12-25 18:53 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-25 18:46 --------- d-----w c:\program files\EA GAMES 2008-12-25 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2008-12-25 18:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-25 18:24 --------- d-----w c:\program files\Common Files\Ahead 2008-12-25 18:24 --------- d-----w c:\program files\Ahead 2008-12-25 18:22 --------- d-----w c:\program files\VideoLAN 2008-12-25 18:19 --------- d-----w c:\program files\Google 2008-12-25 18:13 --------- d-----w c:\program files\AVG 2008-12-25 17:45 --------- d-----w c:\documents and settings\Dule\Application Data\Media Player Classic 2008-12-25 17:35 32 ----a-w c:\windows\system32\drivers\adidsl.cfg 2008-12-25 17:33 --------- d-----w c:\program files\SAGEM 2008-12-25 17:09 --------- d-----w c:\program files\Real Alternative 2008-12-25 17:09 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-25 17:08 --------- d-----w c:\program files\QuickTime Alternative 2008-12-25 17:08 --------- d-----w c:\program files\Media Player Classic 2008-12-25 17:08 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-25 16:49 16,512 ----a-w c:\windows\gdrv.sys 2008-12-25 16:41 --------- d-----w c:\program files\Winamp 2008-12-25 16:29 --------- d-----w c:\documents and settings\Dule\Application Data\ATI 2008-12-25 16:18 --------- d-----w c:\program files\Realtek 2008-12-25 16:18 --------- d-----w c:\documents and settings\Dule\Application Data\InstallShield 2008-12-25 16:16 335,872 ----a-w c:\windows\HideWin.exe 2008-12-25 16:10 --------- d-----w c:\program files\microsoft frontpage . ------- Sigcheck ------- 2008-04-14 13:00 1051136 27fdbacb2b21d2f3a17a8e811e291de3 c:\windows\explorer.exe 2008-04-14 13:00 1050624 0f7b82b5ca859a87416147a3ee7e1c75 c:\windows\system32\dllcache\explorer.exe 2008-04-14 13:00 32768 636ea09eb02a085791b76ececac40444 c:\windows\system32\ctfmon.exe 2008-04-14 13:00 32768 b4aed8d9adb576917f15c04162fadf80 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 13:00 75264 18abb99c746b27d9ccce2aef7d4df7e3 c:\windows\system32\spoolsv.exe 2008-04-14 13:00 74752 2a5a429d53192dda303fa31dac95067f c:\windows\system32\dllcache\spoolsv.exe 2008-04-14 13:00 43008 2cdf628d2dd1827c6e25b8c908408fed c:\windows\system32\userinit.exe 2008-04-14 13:00 43520 2de9bb9449ff92857e09dadcd7fde898 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 32768] "avgtray.exe"="c:\program files\AVG\AVG8\avgtray.exe" [2009-01-28 1601304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32768] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-25 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-28 11:53 10520 c:\windows\system32\avgrsstx.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3] --a------ 2009-01-09 15:54 2262352 c:\program files\IObit\Advanced SystemCare 3\AWC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-12-10 10:02 237000 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 176128 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM] --a------ 2009-01-06 11:42 202064 c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-01-25 18:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-11-21 18:38 52224 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 221184 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 90112 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-08-20 08:38 16403968 c:\windows\RTHDCPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16962:TCP"= 16962:TCP:NortonAV "17667:TCP"= 17667:TCP:NortonAV R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-28 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-28 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-28 107272] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 298264] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-28 1339600] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-22 170640] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-28 29208] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-12-25 104344] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-22 15504] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-12-25 69656] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-28 29208] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] . Contents of the 'Scheduled Tasks' folder 2009-02-21 c:\windows\Tasks\AWC Update.job - c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37] 2009-02-21 c:\windows\Tasks\AWC Update.job - c:\program files\IObit\Advanced SystemCare 3\ [2009-02-22 18:24] . - - - - ORPHANS REMOVED - - - - BHO-{89CB4372-B410-3B5E-8871-86EBCEEBE643} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ TCP: {22402CD4-CFF5-411C-AD65-7B75DA04C325} = 194.106.162.10 194.106.162.3 FF - ProfilePath - c:\documents and settings\Dule\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-22 19:33:10 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-789336058-1409082233-1801674531-1003\Software\SecuROM\License information] "datasecu"=hex:5f,f4,01,f8,84,21,ef,ea,06,95,47,82,cf,fb,96,90,34,05,e8,e1,d4, 87,25,30,71,8f,fa,e3,cf,e3,10,90,ca,3a,bb,33,8c,b8,54,5d,e8,a3,b5,d0,5d,ca,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1068-) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\AVG\AVG8\avgam.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2009-02-22 19:34:43 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-22 18:34:40 Pre-Run: 50.505.838.592 bytes free Post-Run: 50,504,982,528 bytes free 305 --- E O F --- 2009-01-25 22:40:12

Profil

helen1 Poslao: 22 Feb 2009 20:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

dusan93 Poslao: 22 Feb 2009 20:19 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nesto nije u redu sa programom...ne mogu da ga pokrenem,jel ima neki drugi?

Profil

helen1 Poslao: 22 Feb 2009 20:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi: c:\windows\system32\userinit.exe preko: http://www.mycity.rs/ambulanta-upload.php

Profil

dusan93 Poslao: 22 Feb 2009 20:22 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio....

Profil

helen1 Poslao: 22 Feb 2009 20:36 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj ovo: Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Iskopiraj sadržaj tog izveštaja u iduću poruku. -------------------------- Jel imas neki AVG log, da vidim sta pise?

Profil

dusan93 Poslao: 22 Feb 2009 21:05 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moram da restartujem komp da bih ti pokazao.... Zato sto samo napise....da je pronadjena zarazena datoteka pod procesom winlogon.exe,a ne mogu da je odstranim i pise ime datoteke(nesto trojan.sc/ds/php <---- nije tacan naziv al' znam da na kraju ima php.... Dopuna: 22 Feb 2009 20:46 ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/02/22 20:37 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\ComboFix\catchme.sys Address: 0xF77CF000 Size: 30592 File Visible: No Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xF7677000 Size: 60416 File Visible: No Status: - Name: PCI_PNP8342 Image Path: \Driver\PCI_PNP8342 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xA4A0D000 Size: 6464 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA492E000 Size: 45056 File Visible: No Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Status: - Name: spwx.sys Image Path: spwx.sys Address: 0xF74D6000 Size: 1048576 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\358f35d4-30a5-4be8-a9de-82bb94aedf81.tmp Status: Allocation size mismatch (API: 262144, Raw: 0) Path: C:\Documents and Settings\Dule\Local Settings\temp\etilqs_ainLkIDNoi30WprdnPzk Status: Allocation size mismatch (API: 65536, Raw: 0) Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\FA50B60Ad01 Status: Size mismatch (API: 16988, Raw: 17017) Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\_CACHE_001_ Status: Size mismatch (API: 740422, Raw: 739207) Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\01\13-{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v13-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\15\15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-Partial.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\miloslalic@hotmail.com\DFSR\Staging\CS{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}\01\12-{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v12-Downloaded.frx Status: Locked to the Windows API! Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_CREATE] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_CLOSE] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_POWER] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_PNP] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CREATE] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLOSE] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_READ] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SET_INFORMATION] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SHUTDOWN] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLEANUP] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_PNP] Process: System Address: 0x895c63a0 Size: - Dopuna: 22 Feb 2009 21:05 ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/02/22 20:37 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\ComboFix\catchme.sys Address: 0xF77CF000 Size: 30592 File Visible: No Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xF7677000 Size: 60416 File Visible: No Status: - Name: PCI_PNP8342 Image Path: \Driver\PCI_PNP8342 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xA4A0D000 Size: 6464 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA492E000 Size: 45056 File Visible: No Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Status: - Name: spwx.sys Image Path: spwx.sys Address: 0xF74D6000 Size: 1048576 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\358f35d4-30a5-4be8-a9de-82bb94aedf81.tmp Status: Allocation size mismatch (API: 262144, Raw: 0) Path: C:\Documents and Settings\Dule\Local Settings\temp\etilqs_ainLkIDNoi30WprdnPzk Status: Allocation size mismatch (API: 65536, Raw: 0) Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\FA50B60Ad01 Status: Size mismatch (API: 16988, Raw: 17017) Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\_CACHE_001_ Status: Size mismatch (API: 740422, Raw: 739207) Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\01\13-{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v13-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\15\15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-Partial.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\miloslalic@hotmail.com\DFSR\Staging\CS{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}\01\12-{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v12-Downloaded.frx Status: Locked to the Windows API! Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89c0e1f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89a1a500 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x89b9c1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x8995a1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x89c101f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_CREATE] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_CLOSE] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_POWER] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: Sys, IRP_MJ_PNP] Process: System Address: 0x899251f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x88ec51f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x899fe1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x88eb41f8 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CREATE] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLOSE] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_READ] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SET_INFORMATION] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SHUTDOWN] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLEANUP] Process: System Address: 0x895c63a0 Size: - Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_PNP] Process: System Address: 0x895c63a0 Size: -

Profil

helen1 Poslao: 22 Feb 2009 21:12 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prijatelju, imam za tebe veoma lose vesti, zarazio si se sa takvom infekcijom, da ti nema pomoci. Ono što je potrebno da imaš na umu jeste da je Virut (ono cime si zarazen) file infektor (klasičan virus), što znači da ako formatiraš samo sistemsku particiju a ne i ostale (ako ih imaš), postoji mogućnost da na ostalim particijama postoje inficirani file-ovi. A to opet znači da prva stvar koju treba da uradiš nakon instalacije Windows-a jeste da skeniraš sve što nije formatirano kako bi izbegao reinfekciju. Srecno....

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Winlogon.exe PROBLEM

Ko je trenutno na forumu

Ukupno su 1018 korisnika na forumu :: 30 registrovanih, 4 sakrivenih i 984 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, Bobrock1, cavatina, cifra, CikaKURE, Dorcolac, Georgius, ivan1973, kolle.the.kid, laganini123, Lieutenant, Lord Nem, MB120mm, mercedesamg, mile23, MrNo, ozzy, raptorsi, repac, Romibrat, Silvertooth, stagezin, Stanlio, suton, Tila Painen, Trpe Grozni, Tvrtko I, uruk, vathra, zillbg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by