MyCity » Ambulanta -> Arhiva Ambulante » Zaražen Conficker-om

Zaražen Conficker-om

Napisano na dan: 16.6.2009

Zaražen Conficker-om

Sledeća strana

Pagination

Odgovori

dusko94 Poslao: 17 Jun 2009 09:57 Idi na vrh
offline dusko94 Građanin Duško Ljepić Pridružio: 19 Jul 2008 Poruke: 221 Gde živiš: Apatin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 16 Jun 2009 21:50 Pokupio sam conficker kada sam ostavio da se skida neki film preko Lime Wire i kada sam dosao da vidim koliko je skinuo, a ono avast izbacio ono upozorenje i nemože da ga obriše, pa je conficker trenutno u chestu u avastu, neznam da li je uzrok Lime Wire molim ako mi neko može pomoći da nemoram rušiti sistem!!! Evo loga: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:46:12, on 16.6.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gigabyte\EnergySaver\GSvr.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EXPERTool\TBPanel.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\GIGABYTE\EnergySaver\gest.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Documents and Settings\Duško\Desktop\New Folder\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A037051A-2E0C-4707-8CCB-6D04FD06D1C6}: NameServer = 79.101.46.2 79.101.46.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - (no file) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 9524 bytes Dopuna: 17 Jun 2009 9:57 Sada kada sam ubacio conficker u chest posle restarta sam ga obrisao da li bi neko mogao da proveri sada log da li ima tragova cofickera!!!Hvala Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:55:53, on 17.6.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EXPERTool\TBPanel.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gigabyte\EnergySaver\GSvr.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Duško\Desktop\New Folder\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A037051A-2E0C-4707-8CCB-6D04FD06D1C6}: NameServer = 79.101.46.2 79.101.46.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - (no file) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 9526 bytes Dopuna: 17 Jun 2009 9:57 Sada kada sam ubacio conficker u chest posle restarta sam ga obrisao da li bi neko mogao da proveri sada log da li ima tragova cofickera!!!Hvala Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:55:53, on 17.6.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EXPERTool\TBPanel.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gigabyte\EnergySaver\GSvr.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Duško\Desktop\New Folder\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A037051A-2E0C-4707-8CCB-6D04FD06D1C6}: NameServer = 79.101.46.2 79.101.46.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - (no file) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 9526 bytes

Profil

dr_Bora Poslao: 17 Jun 2009 16:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pogledaćemo kakvo je stanje, ali pre toga ti treba da središ taj haos sa zaštitnim softverom koji imaš na PC-u. avast! i CIS mogu zajedno samo ako koristiš isključivo FW u CIS-u (a ne i AV). SpywareTerminator, SuperAntiSpyware i Teatimer - odluči se za jedan, a ostalima isključi zaštitu u realnom vremenu. Tek nakon toga... Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

dusko94 Poslao: 17 Jun 2009 20:06 Idi na vrh
offline dusko94 Građanin Duško Ljepić Pridružio: 19 Jul 2008 Poruke: 221 Gde živiš: Apatin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga sredio sam zaštiti i skenirao sa Cmbo fix-om. ComboFix 09-06-16.05 - Duško 17.06.2009 19:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3326.2883 [GMT 2:00] Running from: c:\documents and settings\Duško\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090616-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\DUKO~1\LOCALS~1\Temp\sfamcc00001.dll c:\docume~1\DUKO~1\LOCALS~1\Temp\sfareca00001.dll c:\documents and settings\Duško\Local Settings\Temp\sfamcc00001.dll c:\documents and settings\Duško\Local Settings\Temp\sfareca00001.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 ))))))))))))))))))))))))))))))) . 2009-06-17 17:42 . 2009-06-17 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2009-06-17 17:42 . 2009-06-17 17:42 82080 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-06-17 17:42 . 2009-06-17 17:42 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-06-17 17:42 . 2009-06-17 17:42 168208 ----a-w- c:\windows\system32\guard32.dll 2009-06-17 17:42 . 2009-06-17 17:42 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-06-17 17:26 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-17 17:26 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-17 17:26 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-06-17 17:26 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-06-17 17:26 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-06-17 17:26 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-17 17:26 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-17 17:26 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-06-17 17:25 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-15 10:39 . 2009-06-15 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-06-15 10:38 . 2009-06-15 10:38 -------- d-----w- c:\program files\Common Files\Skype 2009-06-15 10:38 . 2009-06-15 10:38 -------- d-----r- c:\program files\Skype 2009-06-15 10:38 . 2009-06-15 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-06-15 10:10 . 2009-06-15 10:11 -------- d-----w- c:\program files\MyPhoneExplorer 2009-06-15 08:00 . 2009-06-15 08:00 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-14 19:52 . 2009-06-14 19:52 -------- d-----w- c:\documents and settings\Du?ko 2009-06-14 19:20 . 2009-06-14 19:20 -------- d-----w- c:\program files\AskSearch 2009-06-14 12:17 . 2009-06-14 12:17 -------- d-----w- c:\program files\Free Download Manager 2009-06-14 12:17 . 2009-06-14 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG 2009-06-14 10:29 . 2009-06-15 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-06-14 10:29 . 2009-06-14 10:29 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2009-06-14 10:29 . 2009-06-14 10:29 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys 2009-06-14 10:29 . 2009-06-14 10:29 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2009-06-14 10:29 . 2009-06-15 09:33 -------- d-----w- c:\program files\Spyware Terminator 2009-06-14 10:26 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll 2009-06-14 09:28 . 2009-06-16 12:28 -------- d-----w- C:\downloads 2009-06-14 08:58 . 2009-06-14 08:58 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-06-14 08:58 . 2009-06-14 08:58 -------- d-----w- c:\program files\Windows Live 2009-06-14 08:34 . 2009-06-14 10:15 -------- d-----w- c:\windows\SxsCaPendDel 2009-06-14 08:20 . 2009-06-17 11:51 -------- d-----w- c:\program files\Garena 2009-06-13 22:46 . 2009-06-13 22:46 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-06-13 21:14 . 2009-06-13 21:14 -------- d-----w- c:\program files\Microsoft 2009-06-13 20:46 . 2009-06-13 20:46 -------- d-----w- c:\program files\Common Files\Windows Live 2009-06-13 14:33 . 2005-10-27 13:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys 2009-06-13 14:33 . 2005-08-26 21:38 8192 ----a-w- c:\windows\system32\drivers\RT2661.bin 2009-06-13 14:33 . 2005-08-26 21:38 8192 ----a-w- c:\windows\system32\drivers\RT2561s.bin 2009-06-13 14:33 . 2005-08-26 21:38 8192 ----a-w- c:\windows\system32\drivers\RT2561.bin 2009-06-13 14:33 . 2005-08-25 09:15 81920 ----a-w- c:\windows\system32\Install6x.dll 2009-06-13 14:33 . 2005-05-17 14:24 311296 ----a-w- c:\windows\system32\AegisI5.exe 2009-06-13 14:33 . 2009-06-13 14:33 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-06-13 14:33 . 2009-06-14 22:21 -------- d-----w- c:\program files\Gigabyte 2009-06-08 10:24 . 2009-06-08 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-06-08 09:47 . 2009-06-08 09:47 -------- d-----w- C:\ProgramData 2009-06-08 08:32 . 2009-06-17 18:01 16608 ----a-w- c:\windows\gdrv.sys 2009-06-07 13:27 . 2009-06-07 13:27 -------- d-----w- c:\program files\YouTube Downloader 2009-06-07 13:26 . 2009-06-07 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller 2009-06-07 13:26 . 2009-06-07 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller 2009-06-07 13:19 . 2009-06-07 13:19 -------- d-----w- c:\program files\Yahoo! 2009-06-07 13:00 . 2009-06-15 09:37 -------- d-----w- c:\program files\Lavasoft 2009-06-07 13:00 . 2009-06-15 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-06 18:14 . 2009-06-13 09:18 -------- d-----w- c:\program files\Traysoft 2009-05-23 20:51 . 2009-05-23 20:51 -------- d-----w- c:\windows\Sun 2009-05-21 15:49 . 2008-06-16 07:08 109184 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys 2009-05-19 12:32 . 2005-07-07 14:25 81728 ----a-r- c:\windows\system32\drivers\k750mgmt.sys 2009-05-19 12:32 . 2005-07-07 14:25 79488 ----a-r- c:\windows\system32\drivers\k750obex.sys 2009-05-19 12:31 . 2005-07-07 14:26 6144 ----a-r- c:\windows\system32\drivers\k750cmnt.sys 2009-05-19 12:31 . 2005-07-07 14:26 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys 2009-05-19 12:31 . 2005-07-07 14:26 6576 ----a-r- c:\windows\system32\drivers\k750mdfl.sys 2009-05-19 12:31 . 2005-07-07 14:25 89872 ----a-r- c:\windows\system32\drivers\k750mdm.sys 2009-05-19 12:31 . 2005-07-07 14:26 55216 ----a-r- c:\windows\system32\drivers\k750bus.sys 2009-05-19 12:31 . 2005-07-07 14:25 5744 ----a-r- c:\windows\system32\drivers\k750whnt.sys 2009-05-19 12:31 . 2005-07-07 14:25 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-17 18:01 . 2009-05-07 17:34 -------- d-----w- c:\program files\SpeedFan 2009-06-17 17:44 . 2009-05-07 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-17 17:41 . 2009-05-07 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-17 17:37 . 2009-05-07 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-17 10:56 . 2009-05-08 15:41 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-06-17 10:55 . 2009-05-08 15:39 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-17 10:55 . 2009-05-08 15:39 682280 ----a-w- c:\windows\system32\pbsvc.exe 2009-06-17 10:55 . 2009-05-08 15:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-06-17 10:43 . 2009-05-07 17:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-16 15:05 . 2009-05-07 19:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-15 08:01 . 2009-05-07 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-14 14:42 . 2009-05-07 18:20 -------- d-----w- c:\program files\COMODO 2009-06-14 10:35 . 2009-05-08 14:19 -------- d-----w- c:\program files\Ashampoo 2009-06-14 09:05 . 2009-05-07 17:55 -------- d-----w- c:\program files\Glary Utilities 2009-06-08 11:04 . 2009-05-09 10:48 -------- d-----w- c:\program files\Fraps 2009-06-08 09:42 . 2009-05-07 17:28 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-07 12:56 . 2009-05-07 18:27 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-07 12:52 . 2009-05-07 18:28 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-06-07 12:50 . 2009-05-07 17:33 -------- d-----w- c:\program files\EXPERTool 2009-06-01 08:31 . 2009-05-07 18:34 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-26 11:20 . 2009-05-07 18:28 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 11:19 . 2009-05-07 18:29 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-16 11:44 . 2009-05-16 11:44 -------- d-----w- c:\program files\FeedReader30 2009-05-16 08:44 . 2009-05-16 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages 2009-05-16 08:29 . 2009-05-16 08:29 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-05-16 08:29 . 2009-05-16 08:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-05-13 20:12 . 2009-05-13 20:12 -------- d-----w- c:\program files\JAM Software 2009-05-13 15:46 . 2009-05-13 15:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys 2009-05-09 18:42 . 2009-05-09 18:42 -------- d-----w- c:\program files\Avex 2009-05-09 18:41 . 2009-05-07 18:18 -------- d-----w- c:\program files\ACD Systems 2009-05-09 15:45 . 2009-05-08 13:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-05-09 15:44 . 2009-05-09 15:44 -------- d-----w- c:\program files\GRETECH 2009-05-09 11:33 . 2009-05-09 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Aspyr 2009-05-09 10:52 . 2009-05-09 10:52 86016 ----a-w- c:\windows\system32\OpenAL32.dll 2009-05-09 10:52 . 2009-05-09 10:52 262144 ----a-w- c:\windows\system32\wrap_oal.dll 2009-05-09 10:49 . 2009-05-09 10:49 -------- d-----w- c:\program files\Futuremark 2009-05-08 14:19 . 2009-05-08 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo 2009-05-08 13:41 . 2009-05-08 13:41 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-05-08 13:24 . 2009-05-08 13:24 -------- d-----w- c:\program files\Rockstar Games 2009-05-08 13:23 . 2009-05-08 13:19 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-05-08 13:19 . 2009-05-08 13:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-05-08 13:09 . 2009-05-08 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2009-05-08 13:09 . 2009-05-08 13:09 -------- d-----w- c:\program files\Common Files\LightScribe 2009-05-08 13:07 . 2009-05-08 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead 2009-05-08 13:07 . 2009-05-08 13:05 -------- d-----w- c:\program files\Common Files\Ahead 2009-05-08 13:05 . 2009-05-08 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-05-08 13:05 . 2009-05-08 13:05 -------- d-----w- c:\program files\Nero 2009-05-08 10:34 . 2009-05-07 17:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-08 09:47 . 2009-05-08 09:47 -------- d-----w- c:\program files\VS Revo Group 2009-05-07 18:43 . 2009-05-07 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-05-07 18:43 . 2009-05-07 18:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-05-07 18:39 . 2009-05-07 18:39 -------- d-----w- c:\program files\Windows Media Connect 2 2009-05-07 18:38 . 2009-05-07 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-05-07 18:36 . 2009-05-07 18:36 -------- d-----w- c:\program files\Winamp 2009-05-07 18:34 . 2009-05-07 18:34 -------- d-----w- c:\program files\MSBuild 2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w- c:\program files\Reference Assemblies 2009-05-07 18:28 . 2009-05-07 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-07 18:27 . 2009-05-07 18:27 -------- d-----w- c:\program files\Java 2009-05-07 18:26 . 2009-05-07 18:26 0 ----a-w- c:\windows\nsreg.dat 2009-05-07 18:24 . 2009-05-07 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-05-07 18:21 . 2009-05-07 18:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-07 18:20 . 2009-05-07 18:20 -------- d-----w- c:\program files\CCleaner 2009-05-07 18:19 . 2009-05-07 18:19 -------- d-----w- c:\program files\Auslogics 2009-05-07 18:18 . 2009-05-07 18:18 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-05-07 18:18 . 2009-05-07 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems 2009-05-07 18:17 . 2009-05-07 18:17 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-07 18:15 . 2009-05-07 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-07 18:13 . 2009-05-07 18:13 -------- d-----w- c:\program files\Alwil Software 2009-05-07 17:48 . 2009-05-07 17:48 -------- d-----w- c:\program files\Recuva 2009-05-07 17:33 . 2009-05-07 17:33 -------- d-----w- c:\program files\CPUID 2009-05-07 17:28 . 2009-05-07 17:28 -------- d-----w- c:\program files\Realtek 2009-05-07 17:26 . 2009-05-07 17:26 -------- d-----w- c:\program files\AGEIA Technologies 2009-05-07 17:20 . 2009-05-07 17:20 -------- d-----w- c:\program files\Intel 2009-05-07 17:14 . 2009-05-07 17:14 -------- d-----w- c:\program files\microsoft frontpage 2009-05-07 17:10 . 2009-05-07 17:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-04-30 22:31 . 2009-04-30 22:31 1657376 ----a-w- c:\windows\system32\nwiz.exe 2009-04-30 22:31 . 2009-04-30 22:31 449056 ----a-w- c:\windows\system32\nvappbar.exe 2009-04-30 22:31 . 2009-04-30 22:31 436768 ----a-w- c:\windows\system32\keystone.exe 2009-04-30 22:31 . 2009-04-30 22:31 466944 ----a-w- c:\windows\system32\nvshell.dll 2009-04-30 22:31 . 2009-04-30 22:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll 2009-04-30 22:31 . 2009-04-30 22:31 1507328 ----a-w- c:\windows\system32\nview.dll 2009-04-30 22:31 . 2009-04-30 22:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll 2009-04-30 20:02 . 2009-05-07 17:25 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin 2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-04-30 20:02 . 2009-03-27 08:03 9994240 ----a-w- c:\windows\system32\nvoglnt.dll 2009-04-30 20:02 . 2009-03-27 08:03 806912 ----a-w- c:\windows\system32\nvapi.dll 2009-04-30 20:02 . 2009-03-27 08:03 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-04-30 20:02 . 2009-03-27 08:03 663552 ----a-w- c:\windows\system32\nvcuvid.dll 2009-04-30 20:02 . 2009-03-27 08:03 5896320 ----a-w- c:\windows\system32\nv4_disp.dll 2009-04-30 20:02 . 2009-03-27 08:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-04-30 20:02 . 2009-03-27 08:03 143360 ----a-w- c:\windows\system32\nvcodins.dll 2009-04-30 20:02 . 2009-03-27 08:03 143360 ----a-w- c:\windows\system32\nvcod.dll 2009-04-30 09:47 . 2009-05-07 18:21 39456 ----a-w- c:\windows\system32\drivers\csdf.sys 2009-04-30 09:46 . 2009-05-07 18:21 36512 ----a-w- c:\windows\system32\drivers\crpf.sys 2009-04-30 09:45 . 2009-05-07 18:21 8456 ----a-w- c:\windows\system32\cnat.exe 2009-04-26 22:42 . 2009-05-07 17:25 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-04-16 15:23 . 2009-05-07 17:28 540672 ----a-w- c:\windows\RtlExUpd.dll 2009-04-14 14:09 . 2009-05-07 17:28 5069312 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-04-10 11:38 . 2009-05-07 17:28 17879552 ----a-w- c:\windows\RTHDCPL.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-05-12 2181672] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "speedfan"="c:\program files\SpeedFan\speedfan.exe" [2009-04-22 3921528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-06-17 1794320] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-10 17879552] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2009-6-13 720896] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Documents and Settings\\Duško\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\FeedReader30\\feedreader.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Counter Strike\\hl.exe"= "c:\\Program Files\\Free Download Manager\\fdm.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "d:\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17968:TCP"= 17968:TCP:BitComet 17968 TCP "17968:UDP"= 17968:UDP:BitComet 17968 UDP R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [5/7/2009 8:21 PM 36512] R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [5/7/2009 8:21 PM 39456] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/17/2009 7:26 PM 114768] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/17/2009 7:42 PM 132640] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/17/2009 7:42 PM 24096] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6/14/2009 12:29 PM 142592] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/17/2009 7:26 PM 20560] R2 GEST Service;GEST Service for program management.;c:\program files\Gigabyte\EnergySaver\GSvr.exe [6/15/2009 12:21 AM 80392] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/7/2009 7:28 PM 1684736] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [5/7/2009 7:33 PM 12672] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-06-17 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-05-07 09:39] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) . ------- Supplementary Scan ------- . IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-17 20:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1060284298-1409082233-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:86,de,2b,5a,4e,29,93,15,a0,69,34,1f,55,81,af,5e,93,3d,72,31,dc,0a,40, 73,8a,51,b4,07,87,04,2b,d9,fa,dd,a7,46,0e,1f,43,13,11,47,3a,6c,8e,52,7c,e4,\ "??"=hex:5b,b3,b3,86,c4,53,7b,78,5a,9a,d3,26,63,7d,6e,d1 [HKEY_USERS\S-1-5-21-1060284298-1409082233-682003330-1003\Software\SecuROM\License information] "datasecu"=hex:8f,5d,f1,c7,cd,f2,1f,f6,c8,07,2c,06,a0,2c,4d,f9,1b,c8,ea,92,53, 9d,8c,71,1f,2f,83,e0,6a,42,21,6a,52,a4,e9,b3,a9,10,00,21,39,47,8e,8e,2e,5b,\ "rkeysecu"=hex:69,76,1f,a6,c3,c5,62,90,22,8a,a4,50,8c,8a,2d,5f . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2892) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-06-17 20:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-17 18:02 Pre-Run: 62.512.517.120 bytes free Post-Run: 62.432.124.928 bytes free 314

Profil

dr_Bora Poslao: 17 Jun 2009 20:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda ok. Čini se da je AV odradio što je trebalo. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. To je sve...

Profil

dusko94 Poslao: 17 Jun 2009 20:51 Idi na vrh
offline dusko94 Građanin Duško Ljepić Pridružio: 19 Jul 2008 Poruke: 221 Gde živiš: Apatin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala puno na pomoći!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zaražen Conficker-om

Ko je trenutno na forumu

Ukupno su 784 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 779 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: branko7, draganca, nemkea71, procesor, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by