MyCity » Ambulanta -> Arhiva Ambulante » Molim vas pogledajte ovo Please!!!

Molim vas pogledajte ovo Please!!!

Napisano na dan: 4.4.2009

Strana:
1
2
3
4

Molim vas pogledajte ovo Please!!!

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

helen1 Poslao: 05 Apr 2009 22:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi novi ComboFix log. Prvo iskljuci zastitu.

Profil

GTA Poslao: 06 Apr 2009 15:22 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-04.01 - Administrator 2009-04-05 23:14:44.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024.495 [GMT 2:00] Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\reader_s.exe c:\windows\system32\drivers\protect.sys c:\windows\system32\reader_s.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PROTECT -------\Service_protect -------\Service_restore ((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 ))))))))))))))))))))))))))))))) . 2009-04-05 22:09 . 2009-04-05 22:09 66,048 --a------ c:\windows\system32\gcc.exe 2009-04-05 22:08 . 2009-04-05 22:09 64,512 --a------ c:\windows\system32\55DD.tmp 2009-04-05 22:08 . 2009-04-05 22:08 84 --a------ c:\windows\system32\55DC.tmp 2009-04-05 20:21 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2009-04-05 17:41 . 2009-04-05 17:41 11,451,859 --a------ c:\windows\services.ex_ 2009-04-05 17:41 . 2009-04-05 17:41 130 --a------ c:\windows\adobe.bat 2009-04-05 17:41 . 2009-04-05 17:44 7 --a------ c:\windows\_id.dat 2009-04-05 17:41 . 2009-04-05 17:41 0 --a------ c:\windows\system32\6.tmp 2009-04-05 17:40 . 2009-04-05 17:41 64,512 --a------ c:\windows\system32\3.tmp 2009-04-05 17:40 . 2009-04-05 17:40 124 --a------ c:\windows\system32\2.tmp 2009-03-24 14:22 . 2009-03-24 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipref 2009-03-23 10:48 . 2009-04-02 16:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\mIRC 2009-03-14 23:39 . 2009-04-02 19:01 <DIR> d-------- C:\Picture This 2009-03-14 23:39 . 2009-03-14 23:39 32,768 --ahs---- C:\Thumbs.db . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-05 21:20 --------- d-----w c:\program files\Crawler 2009-04-05 15:41 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-05 15:41 --------- d-----w c:\program files\Winamp 2009-04-04 16:50 --------- d-----w c:\program files\Webteh 2009-04-04 16:50 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer Pro 2009-04-04 16:49 --------- d-----w c:\program files\TC PowerPack 2009-04-04 16:37 --------- d-----w c:\program files\Common Files\LightScribe 2009-04-04 16:26 --------- d-----w c:\program files\Merriam-Webster 2009-04-04 14:53 --------- d-----w c:\program files\D-Tools 2009-03-27 14:40 --------- d-----w c:\program files\Java 2009-03-24 16:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-04 17:51 --------- d-----w c:\program files\Avanquest update 2009-02-28 15:08 --------- d-----w c:\documents and settings\Administrator\Application Data\GameHouse 2009-02-26 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo 2009-02-24 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap 2009-02-24 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse 2009-02-23 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2009-02-23 16:23 --------- d-----w c:\documents and settings\Administrator\Application Data\PlayFirst 2009-02-22 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Tarma Installer 2009-02-16 11:39 --------- d-----w c:\program files\ESET . ------- Sigcheck ------- 2009-04-05 17:41 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys 2009-04-05 17:41 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys 2007-06-13 12:23 3195392 3be4584f9ac9b9094c634f9348a57fe2 c:\windows\EXPLORER.EXE md5deep: c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe: Permission denied md5deep: c:\windows\$NtUninstallKB938828$\explorer.exe: Permission denied md5deep: c:\windows\system32\dllcache\explorer.exe: Permission denied 2001-08-23 11:00 15360 32694ac77d5e914c1e41b770ad8c36b8 c:\windows\system32\ctfmon.exe md5deep: c:\windows\system32\dllcache\ctfmon.exe: Permission denied md5deep: c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe: Permission denied md5deep: c:\windows\$NtUninstallKB896423$\spoolsv.exe: Permission denied 2005-06-11 01:53 75264 4fae26cdc82923a92c85f57fb7cfe177 c:\windows\system32\SPOOLSV.EXE md5deep: c:\windows\system32\dllcache\spoolsv.exe: Permission denied 2001-08-23 11:00 24576 a6469e376946ac97e397ad2543bf62f9 c:\windows\system32\USERINIT.EXE md5deep: c:\windows\system32\dllcache\userinit.exe: Permission denied . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.CDVC"= cdvccodc.dll "MSACM.pcdv"= pcdv.acm "vidc.CDV5"= cdv5codc.dll "vidc.CLLC"= cllccodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CMIC"= cmiccodc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\igrica2\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= . Contents of the 'Scheduled Tasks' folder 2009-04-03 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] 2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = uSearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://www.gamehouse.com/games/DoggieDash.cab DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.gamehouse.com/games/WeddingDash2.cab DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\krdyd8eg.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll FF - component: c:\progra~1\Crawler\firefox\components\xwsg.dll . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\UAService7.exe c:\windows\system32\WgaTray.exe c:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\BN5.tmp c:\program files\ATI Technologies\ATI Control Panel\ATIPTAXX.EXE c:\program files\Common Files\Real\Update_OB\realsched.exe c:\program files\CyberLink\PowerDVD\PDVDSERV.EXE c:\program files\D-Tools\DAEMON.EXE c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\ESET\ESET NOD32 Antivirus\egui.exe c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSUITE.EXE c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe c:\windows\BricoPacks\Crystal Clear\RocketDock\ROCKETDOCK.EXE c:\windows\BricoPacks\Crystal Clear\YzToolbar\YZTOOLBAR.EXE . ************************************************************************ . Completion time: 2009-04-05 23:22:46 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2009-04-05 21:22:40 Pre-Run: 29,760,585,728 bytes free Post-Run: 29,748,084,736 bytes free 178 --- E O F --- 2009-01-13 21:10:23 Dopuna: 06 Apr 2009 15:22 mozda sam dosad ali ovo sam nasao o ovo virusu www.eset.eu/encyclopaedia/win32_virut_nbm_virus_virut_ce_cf_n_gen_virus molim vas pogledajte ovu stranu

Profil

helen1 Poslao: 06 Apr 2009 15:53 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, ndis.sys ti je patchovan. Da li imas strpljenja da pokusamo da dizinfikujemo. To moze da potraje, i ne garantujem uspeh?

Profil

GTA Poslao: 06 Apr 2009 17:40 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da ima mnogo strpljenja samo ti lepo objasni sta treba da radim

Profil

bobby Poslao: 06 Apr 2009 20:11 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja cu da preuzmem odavde, posto cemo pokusati jedan fix na kojem trenutno radim. Skini sledece programe na root C: particije: http://amf.mycity.rs/personal/bobby/ndis_fixer.exe http://www2.gmer.net/catchme.exe Idi na Start > Run, pa tu u dijalogu upisi CMD i klikni OK. Otvorice se konzola. Tu kucaj sledece komande (iza svake stisni Enter): `cd \ catchme -e pIofCallDriver ndis_fixer` Nakon toga odmah idi na restartovanje kompa. Nakon restarta mi postavi ovde log C:\NDIS_Fix.txt Nakon toga iskljuci ponovo NOD i pokreni ponovo ComboFix, pa mi ovde postavi log. Dopuna: 06 Apr 2009 20:11 zaboravio sam da spomenem - ukoliko ti se kod pokretanja ndis_fixera javi Windowsov System File Protection, tu odbij da ubacis Windowsov instalacioni CD. Ukoliko nakon restarta ne proradi internet, onda otvori ponovo konzolu i kucaj sledece: `sfc /scannow` i ubaci instalacioni CD Windowsa onda kada ti SFC to zatrazi.

Profil

GTA Poslao: 06 Apr 2009 22:43 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sta je root C ? Dopuna: 06 Apr 2009 22:43 Evo loga ComboFix 09-04-04.01 - Administrator 2009-04-06 22:37:27.5 - NTFSx86 Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\ds43g4nfjkn93.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_restore ((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))))) . 2009-04-06 22:22 . 2009-04-06 22:22 213,376 --a------ C:\ndis.bak 2009-04-06 22:22 . 2009-04-06 22:22 213,376 --a------ C:\ndis(1).bak 2009-04-06 22:16 . 2009-04-06 22:16 272,896 --a------ C:\ndis_fixer.exe 2009-04-06 22:16 . 2009-04-06 22:16 169,472 --a------ C:\catchme.exe 2009-04-06 15:38 . 2009-04-06 15:48 <DIR> d-------- c:\program files\a-squared Free 2009-04-06 11:07 . 2001-08-23 11:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-05 22:09 . 2009-04-05 22:09 66,048 --a------ c:\windows\system32\gcc.exe 2009-04-05 22:08 . 2009-04-05 22:09 64,512 --a------ c:\windows\system32\55DD.tmp 2009-04-05 22:08 . 2009-04-05 22:08 84 --a------ c:\windows\system32\55DC.tmp 2009-04-05 20:21 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2009-04-05 17:41 . 2009-04-05 17:41 11,451,859 --a------ c:\windows\services.ex_ 2009-04-05 17:41 . 2009-04-05 17:41 130 --a------ c:\windows\adobe.bat 2009-04-05 17:41 . 2009-04-05 17:44 7 --a------ c:\windows\_id.dat 2009-04-05 17:41 . 2009-04-05 17:41 0 --a------ c:\windows\system32\6.tmp 2009-04-05 17:40 . 2009-04-05 17:41 64,512 --a------ c:\windows\system32\3.tmp 2009-04-05 17:40 . 2009-04-05 17:40 124 --a------ c:\windows\system32\2.tmp 2009-03-24 14:22 . 2009-03-24 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipref 2009-03-23 10:48 . 2009-04-02 16:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\mIRC 2009-03-14 23:39 . 2009-04-02 19:01 <DIR> d-------- C:\Picture This 2009-03-14 23:39 . 2009-03-14 23:39 32,768 --ahs---- C:\Thumbs.db . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-06 20:34 --------- d-----w c:\program files\Crawler 2009-04-06 20:22 182,656 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-06 13:49 61,952 ----a-w c:\windows\system32\alg.exe 2009-04-06 13:49 3,195,392 ----a-w c:\windows\Explorer.EXE 2009-04-05 15:41 --------- d-----w c:\program files\Winamp 2009-04-04 16:50 --------- d-----w c:\program files\Webteh 2009-04-04 16:49 --------- d-----w c:\program files\TC PowerPack 2009-04-04 16:37 --------- d-----w c:\program files\Common Files\LightScribe 2009-04-04 16:26 --------- d-----w c:\program files\Merriam-Webster 2009-04-04 14:53 --------- d-----w c:\program files\D-Tools 2009-03-27 14:40 --------- d-----w c:\program files\Java 2009-03-24 16:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-03-04 17:51 --------- d-----w c:\program files\Avanquest update 2009-02-28 15:08 --------- d-----w c:\documents and settings\Administrator\Application Data\GameHouse 2009-02-26 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo 2009-02-24 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap 2009-02-24 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse 2009-02-23 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2009-02-23 16:23 --------- d-----w c:\documents and settings\Administrator\Application Data\PlayFirst 2009-02-22 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Tarma Installer 2009-02-16 11:39 --------- d-----w c:\program files\ESET . ------- Sigcheck ------- 2009-04-06 22:22 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys 2009-04-06 22:22 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2009-04-06 15:49 3195392 3be4584f9ac9b9094c634f9348a57fe2 c:\windows\Explorer.EXE 2007-06-13 12:23 3195392 3be4584f9ac9b9094c634f9348a57fe2 c:\windows\system32\dllcache\EXPLORER.EXE 2001-08-23 11:00 15360 32694ac77d5e914c1e41b770ad8c36b8 c:\windows\system32\CTFMON.EXE 2001-08-23 11:00 15360 32694ac77d5e914c1e41b770ad8c36b8 c:\windows\system32\dllcache\CTFMON.EXE 2005-06-11 02:17 57856 133a73d934146423b7a7da1720003e9f c:\windows\$hf_mig$\KB896423\SP2QFE\SPOOLSV.EXE 2001-08-23 11:00 75264 cce859e4ac703108ca655b2f1634310b c:\windows\$NtUninstallKB896423$\SPOOLSV.EXE 2005-06-11 01:53 75264 4fae26cdc82923a92c85f57fb7cfe177 c:\windows\system32\SPOOLSV.EXE 2005-06-11 01:53 57856 aaa6eaea2cdae6139e71ff603ebbe9dd c:\windows\system32\dllcache\SPOOLSV.EXE 2001-08-23 11:00 24576 a6469e376946ac97e397ad2543bf62f9 c:\windows\system32\USERINIT.EXE 2001-08-23 11:00 25088 24166e7ca7f86911e80972f881b8723d c:\windows\system32\dllcache\USERINIT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-26 185896] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.CDVC"= cdvccodc.dll "MSACM.pcdv"= pcdv.acm "vidc.CDV5"= cdv5codc.dll "vidc.CLLC"= cllccodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CMIC"= cmiccodc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\igrica2\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R1 epfwtdir;epfwtdir; [x] R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 20992] R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-04-26 58288] R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-04-26 8336] R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-04-26 94064] R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-04-26 85408] R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-04-26 83344] R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2007-05-31 20864] S1 cdrport;cdrport;c:\windows\system32\DRIVERS\cdrport.sys [2005-03-11 4608] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] --- Other Services/Drivers In Memory --- Deregistered - a2free Deregistered - AFD Deregistered - ALG Deregistered - Ati HotKey Poller Deregistered - ATI Smart Deregistered - AudioSrv Deregistered - audstub Deregistered - Beep Deregistered - Browser Deregistered - Cdfs Deregistered - cdrport Deregistered - CryptSvc Deregistered - d347bus Deregistered - DcomLaunch Deregistered - Dhcp Deregistered - dmboot Deregistered - dmio Deregistered - dmload Deregistered - dmserver Deregistered - Dnscache Deregistered - eamon Deregistered - easdrv Deregistered - EIO Deregistered - ekrn Deregistered - ERSvc Deregistered - EventSystem Deregistered - Fastfat Deregistered - FastUserSwitchingCompatibility Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - Hardlock Deregistered - helpsvc Deregistered - HTTP Deregistered - ImapiService Deregistered - IpNat Deregistered - IPSec Deregistered - JavaQuickStarterService Deregistered - KSecDD Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LightScribeService Deregistered - LmHosts Deregistered - MDM Deregistered - mnmdd Deregistered - Mouclass Deregistered - MountMgr Deregistered - MRxDAV Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netman Deregistered - Nla Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - ParVdm Deregistered - PolicyAgent Deregistered - PptpMiniport Deregistered - ProtectedStorage Deregistered - PSched Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasMan Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RemoteRegistry Deregistered - RpcSs Deregistered - SamSs Deregistered - Schedule Deregistered - seclogon Deregistered - SENS Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - SoundMAX Agent Service (default) Deregistered - Spooler Deregistered - sr Deregistered - srservice Deregistered - Srv Deregistered - SSDPSRV Deregistered - swenum Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - TermService Deregistered - Themes Deregistered - tifsfilter Deregistered - TrkWks Deregistered - uagp35 Deregistered - Update Deregistered - UserAccess7 Deregistered - VgaSave Deregistered - VolSnap Deregistered - W32Time Deregistered - Wanarp Deregistered - WebClient Deregistered - winmgmt Deregistered - wscsvc Deregistered - WZCSVC . Contents of the 'Scheduled Tasks' folder 2009-04-03 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] 2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - ORPHANS REMOVED - - - - BHO-{D5BF49A0-94F3-42BD-F434-3604812C8955} - c:\windows\system32\ds43g4nfjkn93.dll HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKU-Default-Run-reader_s - c:\documents and settings\Administrator\reader_s.exe HKU-Default-Run-services - c:\windows\services.exe HKU-Default-Run-Windows Resurections - c:\windows\system32\%USERPROFILE%\Local Settings\Temp\fo5cxyj.exe HKLM-Explorer_Run-services - c:\windows\services.exe HKU-Default-Explorer_Run-services - c:\windows\services.exe SharedTaskScheduler-{D5BF49A0-94F3-42BD-F434-3604812C8955} - c:\windows\system32\ds43g4nfjkn93.dll . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = uSearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://www.gamehouse.com/games/DoggieDash.cab DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.gamehouse.com/games/WeddingDash2.cab DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\krdyd8eg.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll FF - component: c:\progra~1\Crawler\firefox\components\xwsg.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-06 22:39:17 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-764733703-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:10,a8,30,d3,b8,33,00,8f,fc,ad,fd,0d,76,5a,ce,7c,4c,c5,d0,2d,c1,00,ab, e2,32,1a,58,0b,6d,4b,57,a0,c0,af,28,a6,00,0c,5c,e7,9b,51,de,34,80,c4,5c,77,\ "??"=hex:07,49,a2,2d,fb,b0,e3,48,51,fa,5f,01,d8,8c,79,84 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-06 22:41:26 ComboFix-quarantined-files.txt 2009-04-06 20:41:03 ComboFix2.txt 2009-04-05 21:22:47 Pre-Run: 29,494,845,440 bytes free Post-Run: 29,518,897,152 bytes free 317 --- E O F --- 2009-01-13 21:10:23

Profil

bobby Poslao: 06 Apr 2009 23:02 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\ndis.bak C:\ndis(1).bak C:\ndis_fixer.exe C:\catchme.exe c:\windows\system32\gcc.exe c:\windows\system32\55DD.tmp c:\windows\system32\55DC.tmp c:\windows\services.ex_ c:\windows\adobe.bat c:\windows\_id.dat c:\windows\system32\6.tmp c:\windows\system32\3.tmp c:\windows\system32\2.tmp` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

GTA Poslao: 06 Apr 2009 23:12 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-04.01 - Administrator 2009-04-06 23:07:25.6 - NTFSx86 Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\catchme.exe C:\ndis(1).bak C:\ndis.bak C:\ndis_fixer.exe c:\windows\_id.dat c:\windows\adobe.bat c:\windows\services.ex_ c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\55DC.tmp c:\windows\system32\55DD.tmp c:\windows\system32\6.tmp c:\windows\system32\gcc.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\catchme.exe C:\ndis(1).bak C:\ndis.bak C:\ndis_fixer.exe c:\windows\_id.dat c:\windows\adobe.bat c:\windows\services.ex_ c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\55DC.tmp c:\windows\system32\55DD.tmp c:\windows\system32\6.tmp c:\windows\system32\gcc.exe . ((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))))) . 2009-04-06 15:38 . 2009-04-06 15:48 <DIR> d-------- c:\program files\a-squared Free 2009-04-06 11:07 . 2001-08-23 11:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-05 20:21 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2009-03-24 14:22 . 2009-03-24 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipref 2009-03-23 10:48 . 2009-04-02 16:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\mIRC 2009-03-14 23:39 . 2009-04-02 19:01 <DIR> d-------- C:\Picture This 2009-03-14 23:39 . 2009-03-14 23:39 32,768 --ahs---- C:\Thumbs.db . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-06 20:41 --------- d-----w c:\program files\Crawler 2009-04-06 20:22 182,656 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-06 13:49 61,952 ----a-w c:\windows\system32\alg.exe 2009-04-06 13:49 3,195,392 ----a-w c:\windows\Explorer.EXE 2009-04-05 15:41 --------- d-----w c:\program files\Winamp 2009-04-04 16:50 --------- d-----w c:\program files\Webteh 2009-04-04 16:49 --------- d-----w c:\program files\TC PowerPack 2009-04-04 16:37 --------- d-----w c:\program files\Common Files\LightScribe 2009-04-04 16:26 --------- d-----w c:\program files\Merriam-Webster 2009-04-04 14:53 --------- d-----w c:\program files\D-Tools 2009-03-27 14:40 --------- d-----w c:\program files\Java 2009-03-24 16:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-03-04 17:51 --------- d-----w c:\program files\Avanquest update 2009-02-28 15:08 --------- d-----w c:\documents and settings\Administrator\Application Data\GameHouse 2009-02-26 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo 2009-02-24 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap 2009-02-24 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse 2009-02-23 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2009-02-23 16:23 --------- d-----w c:\documents and settings\Administrator\Application Data\PlayFirst 2009-02-22 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Tarma Installer 2009-02-16 11:39 --------- d-----w c:\program files\ESET . ------- Sigcheck ------- 2009-04-06 22:22 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys 2009-04-06 22:22 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2009-04-06 15:49 3195392 3be4584f9ac9b9094c634f9348a57fe2 c:\windows\Explorer.EXE 2007-06-13 12:23 3195392 3be4584f9ac9b9094c634f9348a57fe2 c:\windows\system32\dllcache\EXPLORER.EXE 2001-08-23 11:00 15360 32694ac77d5e914c1e41b770ad8c36b8 c:\windows\system32\CTFMON.EXE 2001-08-23 11:00 15360 32694ac77d5e914c1e41b770ad8c36b8 c:\windows\system32\dllcache\CTFMON.EXE 2005-06-11 02:17 57856 133a73d934146423b7a7da1720003e9f c:\windows\$hf_mig$\KB896423\SP2QFE\SPOOLSV.EXE 2001-08-23 11:00 75264 cce859e4ac703108ca655b2f1634310b c:\windows\$NtUninstallKB896423$\SPOOLSV.EXE 2005-06-11 01:53 75264 4fae26cdc82923a92c85f57fb7cfe177 c:\windows\system32\SPOOLSV.EXE 2005-06-11 01:53 57856 aaa6eaea2cdae6139e71ff603ebbe9dd c:\windows\system32\dllcache\SPOOLSV.EXE 2001-08-23 11:00 24576 a6469e376946ac97e397ad2543bf62f9 c:\windows\system32\USERINIT.EXE 2001-08-23 11:00 25088 24166e7ca7f86911e80972f881b8723d c:\windows\system32\dllcache\USERINIT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-26 185896] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.CDVC"= cdvccodc.dll "MSACM.pcdv"= pcdv.acm "vidc.CDV5"= cdv5codc.dll "vidc.CLLC"= cllccodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CMIC"= cmiccodc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\igrica2\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R1 epfwtdir;epfwtdir; [x] R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 20992] R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-04-26 58288] R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-04-26 8336] R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-04-26 94064] R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-04-26 85408] R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-04-26 83344] R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2007-05-31 20864] S1 cdrport;cdrport;c:\windows\system32\DRIVERS\cdrport.sys [2005-03-11 4608] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] --- Other Services/Drivers In Memory --- Deregistered - a2free Deregistered - AFD Deregistered - ALG Deregistered - Ati HotKey Poller Deregistered - ATI Smart Deregistered - AudioSrv Deregistered - audstub Deregistered - Beep Deregistered - Browser Deregistered - Cdfs Deregistered - cdrport Deregistered - CryptSvc Deregistered - d347bus Deregistered - DcomLaunch Deregistered - Dhcp Deregistered - dmboot Deregistered - dmio Deregistered - dmload Deregistered - dmserver Deregistered - Dnscache Deregistered - eamon Deregistered - easdrv Deregistered - EIO Deregistered - ekrn Deregistered - ERSvc Deregistered - EventSystem Deregistered - Fastfat Deregistered - FastUserSwitchingCompatibility Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - Hardlock Deregistered - helpsvc Deregistered - HTTP Deregistered - ImapiService Deregistered - IpNat Deregistered - IPSec Deregistered - JavaQuickStarterService Deregistered - KSecDD Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LightScribeService Deregistered - LmHosts Deregistered - MDM Deregistered - mnmdd Deregistered - Mouclass Deregistered - MountMgr Deregistered - MRxDAV Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netman Deregistered - Nla Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - ParVdm Deregistered - PolicyAgent Deregistered - PptpMiniport Deregistered - ProtectedStorage Deregistered - PSched Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasMan Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RemoteRegistry Deregistered - RpcSs Deregistered - SamSs Deregistered - Schedule Deregistered - seclogon Deregistered - SENS Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - SoundMAX Agent Service (default) Deregistered - Spooler Deregistered - sr Deregistered - srservice Deregistered - Srv Deregistered - SSDPSRV Deregistered - swenum Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - TermService Deregistered - Themes Deregistered - tifsfilter Deregistered - TrkWks Deregistered - uagp35 Deregistered - Update Deregistered - UserAccess7 Deregistered - VgaSave Deregistered - VolSnap Deregistered - W32Time Deregistered - Wanarp Deregistered - WebClient Deregistered - winmgmt Deregistered - wscsvc Deregistered - WZCSVC . Contents of the 'Scheduled Tasks' folder 2009-04-03 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] 2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = uSearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://www.gamehouse.com/games/DoggieDash.cab DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.gamehouse.com/games/WeddingDash2.cab DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\krdyd8eg.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll FF - component: c:\progra~1\Crawler\firefox\components\xwsg.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-06 23:08:41 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-764733703-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:10,a8,30,d3,b8,33,00,8f,fc,ad,fd,0d,76,5a,ce,7c,4c,c5,d0,2d,c1,00,ab, e2,32,1a,58,0b,6d,4b,57,a0,c0,af,28,a6,00,0c,5c,e7,9b,51,de,34,80,c4,5c,77,\ "??"=hex:07,49,a2,2d,fb,b0,e3,48,51,fa,5f,01,d8,8c,79,84 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-06 23:10:50 ComboFix-quarantined-files.txt 2009-04-06 21:10:19 ComboFix2.txt 2009-04-06 20:41:28 ComboFix3.txt 2009-04-05 21:22:47 Pre-Run: 29,523,111,936 bytes free Post-Run: 29,513,674,752 bytes free 317 --- E O F --- 2009-01-13 21:10:23

Profil

bobby Poslao: 06 Apr 2009 23:19 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pusti sada ponovo NOD da skenira, i postavi mi log. Zelim da vidim da li smo se otarasili i one druge infekcije koja je bila prisutna (Virut). Dopuna: 06 Apr 2009 23:19 Koja stativa. Zaboravio sam da ti kazem da restartujes. Hajde molim te restartuj jednom komp, pa onda ponovo pusti ComboFix i postavi mi log. Nije bitno da li ces to uraditi pre ili posle skeniranja NOD-om.

Profil

GTA Poslao: 06 Apr 2009 23:57 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-04.01 - Administrator 2009-04-06 23:26:48.7 - NTFSx86 Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))))) . 2009-04-06 15:38 . 2009-04-06 15:48 <DIR> d-------- c:\program files\a-squared Free 2009-04-06 11:07 . 2001-08-23 11:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-05 20:21 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2009-03-24 14:22 . 2009-03-24 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipref 2009-03-23 10:48 . 2009-04-02 16:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\mIRC 2009-03-14 23:39 . 2009-04-02 19:01 <DIR> d-------- C:\Picture This 2009-03-14 23:39 . 2009-03-14 23:39 32,768 --ahs---- C:\Thumbs.db . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-06 21:11 --------- d-----w c:\program files\Crawler 2009-04-06 20:22 182,656 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-06 13:49 61,952 ----a-w c:\windows\system32\alg.exe 2009-04-06 13:49 3,195,392 ----a-w c:\windows\Explorer.EXE 2009-04-05 15:41 --------- d-----w c:\program files\Winamp 2009-04-04 16:50 --------- d-----w c:\program files\Webteh 2009-04-04 16:49 --------- d-----w c:\program files\TC PowerPack 2009-04-04 16:37 --------- d-----w c:\program files\Common Files\LightScribe 2009-04-04 16:26 --------- d-----w c:\program files\Merriam-Webster 2009-04-04 14:53 --------- d-----w c:\program files\D-Tools 2009-03-27 14:40 --------- d-----w c:\program files\Java 2009-03-24 16:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-03-04 17:51 --------- d-----w c:\program files\Avanquest update 2009-02-28 15:08 --------- d-----w c:\documents and settings\Administrator\Application Data\GameHouse 2009-02-26 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo 2009-02-24 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap 2009-02-24 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom 2009-02-23 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse 2009-02-23 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2009-02-23 16:23 --------- d-----w c:\documents and settings\Administrator\Application Data\PlayFirst 2009-02-22 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Tarma Installer 2009-02-16 11:39 --------- d-----w c:\program files\ESET . ------- Sigcheck ------- 2009-04-06 22:22 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys 2009-04-06 22:22 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2009-04-06 15:49 3195392 3be4584f9ac9b9094c634f9348a57fe2 c:\windows\Explorer.EXE 2007-06-13 12:23 3195392 3be4584f9ac9b9094c634f9348a57fe2 c:\windows\system32\dllcache\EXPLORER.EXE 2001-08-23 11:00 15360 32694ac77d5e914c1e41b770ad8c36b8 c:\windows\system32\CTFMON.EXE 2001-08-23 11:00 15360 32694ac77d5e914c1e41b770ad8c36b8 c:\windows\system32\dllcache\CTFMON.EXE 2005-06-11 02:17 57856 133a73d934146423b7a7da1720003e9f c:\windows\$hf_mig$\KB896423\SP2QFE\SPOOLSV.EXE 2001-08-23 11:00 75264 cce859e4ac703108ca655b2f1634310b c:\windows\$NtUninstallKB896423$\SPOOLSV.EXE 2005-06-11 01:53 75264 4fae26cdc82923a92c85f57fb7cfe177 c:\windows\system32\SPOOLSV.EXE 2005-06-11 01:53 57856 aaa6eaea2cdae6139e71ff603ebbe9dd c:\windows\system32\dllcache\SPOOLSV.EXE 2001-08-23 11:00 24576 a6469e376946ac97e397ad2543bf62f9 c:\windows\system32\USERINIT.EXE 2001-08-23 11:00 25088 24166e7ca7f86911e80972f881b8723d c:\windows\system32\dllcache\USERINIT.EXE . ((((((((((((((((((((((((((((( SnapShot@2009-04-06_22.39.51.35 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-06 20:32:46 16,384 --sha-w c:\windows\system32\%USERPROFILE%\Local Settings\Temp\Cookies\index.dat + 2009-04-06 21:25:03 16,384 --sha-w c:\windows\system32\%USERPROFILE%\Local Settings\Temp\Cookies\index.dat - 2009-04-06 20:32:46 16,384 --sha-w c:\windows\system32\%USERPROFILE%\Local Settings\Temp\History\History.IE5\index.dat + 2009-04-06 21:25:03 16,384 --sha-w c:\windows\system32\%USERPROFILE%\Local Settings\Temp\History\History.IE5\index.dat - 2009-04-06 20:32:46 32,768 --sha-w c:\windows\system32\%USERPROFILE%\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat + 2009-04-06 21:25:03 32,768 --sha-w c:\windows\system32\%USERPROFILE%\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat + 2009-04-06 21:24:42 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_794.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-26 185896] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.CDVC"= cdvccodc.dll "MSACM.pcdv"= pcdv.acm "vidc.CDV5"= cdv5codc.dll "vidc.CLLC"= cllccodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CMIC"= cmiccodc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\igrica2\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R1 epfwtdir;epfwtdir; [x] R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 20992] R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-04-26 58288] R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-04-26 8336] R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-04-26 94064] R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-04-26 85408] R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-04-26 83344] R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2007-05-31 20864] S1 cdrport;cdrport;c:\windows\system32\DRIVERS\cdrport.sys [2005-03-11 4608] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] --- Other Services/Drivers In Memory --- Deregistered - a2free Deregistered - AFD Deregistered - ALG Deregistered - Ati HotKey Poller Deregistered - ATI Smart Deregistered - AudioSrv Deregistered - audstub Deregistered - Beep Deregistered - Browser Deregistered - Cdfs Deregistered - cdrport Deregistered - CryptSvc Deregistered - d347bus Deregistered - DcomLaunch Deregistered - Dhcp Deregistered - dmboot Deregistered - dmio Deregistered - dmload Deregistered - dmserver Deregistered - Dnscache Deregistered - eamon Deregistered - easdrv Deregistered - EIO Deregistered - ekrn Deregistered - ERSvc Deregistered - EventSystem Deregistered - Fastfat Deregistered - FastUserSwitchingCompatibility Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - Hardlock Deregistered - helpsvc Deregistered - HTTP Deregistered - ImapiService Deregistered - IpNat Deregistered - IPSec Deregistered - JavaQuickStarterService Deregistered - KSecDD Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LightScribeService Deregistered - LmHosts Deregistered - MDM Deregistered - mnmdd Deregistered - Mouclass Deregistered - MountMgr Deregistered - MRxDAV Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netman Deregistered - Nla Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - ParVdm Deregistered - PolicyAgent Deregistered - PptpMiniport Deregistered - ProtectedStorage Deregistered - PSched Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasMan Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RemoteRegistry Deregistered - RpcSs Deregistered - SamSs Deregistered - Schedule Deregistered - seclogon Deregistered - SENS Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - SoundMAX Agent Service (default) Deregistered - Spooler Deregistered - sr Deregistered - srservice Deregistered - Srv Deregistered - SSDPSRV Deregistered - swenum Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - TermService Deregistered - Themes Deregistered - tifsfilter Deregistered - TrkWks Deregistered - uagp35 Deregistered - Update Deregistered - UserAccess7 Deregistered - VgaSave Deregistered - VolSnap Deregistered - W32Time Deregistered - Wanarp Deregistered - WebClient Deregistered - winmgmt Deregistered - wscsvc Deregistered - WZCSVC . Contents of the 'Scheduled Tasks' folder 2009-04-03 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] 2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = uSearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://www.gamehouse.com/games/DoggieDash.cab DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.gamehouse.com/games/WeddingDash2.cab DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\krdyd8eg.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll FF - component: c:\progra~1\Crawler\firefox\components\xwsg.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-06 23:29:09 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-764733703-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:10,a8,30,d3,b8,33,00,8f,fc,ad,fd,0d,76,5a,ce,7c,4c,c5,d0,2d,c1,00,ab, e2,32,1a,58,0b,6d,4b,57,a0,c0,af,28,a6,00,0c,5c,e7,9b,51,de,34,80,c4,5c,77,\ "??"=hex:07,49,a2,2d,fb,b0,e3,48,51,fa,5f,01,d8,8c,79,84 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668-) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-06 23:31:39 ComboFix-quarantined-files.txt 2009-04-06 21:31:18 ComboFix2.txt 2009-04-06 21:10:52 ComboFix3.txt 2009-04-06 20:41:28 ComboFix4.txt 2009-04-05 21:22:47 Pre-Run: 29,520,777,216 bytes free Post-Run: 29,512,638,464 bytes free 297 --- E O F --- 2009-01-13 21:10:23 Dopuna: 06 Apr 2009 23:34 a toku veceri ide log od noda ili sutra Dopuna: 06 Apr 2009 23:57 Evo delimicnog loga (prekinuo sam 50%) Scan Log Version of virus signature database: 3990 (20090406) Date: 06/04/2009 Time: 11:33:26 PM Scanned disks, folders and files: C:\;F:\ C:\AUTOEXEC.BAT » MIME - is OK (internal scanning not performed) C:\pagefile.sys - error opening [4] C:\Documents and Settings\Administrator\NTUSER.DAT - error opening [4] C:\Documents and Settings\Administrator\ntuser.dat.LOG - error opening [4] C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\krdyd8eg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome.manifest » MIME - is OK (internal scanning not performed) C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{012CA8E8-D2EE-4A5F-8A24-6E65E8D6C935}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed) C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{012CA8E8-D2EE-4A5F-8A24-6E65E8D6C935}\Microsoft\Outlook Express\Sent Items.dbx » DBX - is OK (internal scanning not performed) C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db - error opening [4] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow - error opening [4] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4] C:\Documents and Settings\Administrator\My Documents\Odštampaj stranicu - Sta su to Torenti.mht » MIME - is OK (internal scanning not performed) C:\Documents and Settings\Administrator\My Documents\Italija\Polovni automobil Fiat punto cena 650 ( po dogovoru ) 327530- auto oglasi - MojAuto - polovni automobili.mht » MIME - is OK (internal scanning not performed) C:\Documents and Settings\Administrator\My Documents\My Videos\RealPlayer Downloads\preferans.mht » MIME - is OK (internal scanning not performed) C:\Documents and Settings\Administrator\My Documents\sppski\Kaleidoskop - Marina Cvetaeva.mht » MIME - is OK (internal scanning not performed) C:\Documents and Settings\Administrator\My Documents\sppski\Zak Prever.mht » MIME - is OK (internal scanning not performed) C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4] C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4] C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4] C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4] C:\Program Files\AGEIA Technologies\AGEIA_PhysX_Help.mht » MIME - is OK (internal scanning not performed) C:\Program Files\Ahead\Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - Win32/Virut.NBM virus - error while cleaning C:\Program Files\Common Files\LightScribe\LSSrvc.exe - Win32/Virut.NBM virus - error while cleaning C:\Program Files\Common Files\LightScribe\Content\Getting Started.mht » MIME - is OK (internal scanning not performed) C:\Program Files\Crawler\firefox\chrome.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed) C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed) C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed) C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Microsoft Office\OFFICE11\1033\VIDEO.MHT » MIME - is OK (internal scanning not performed) C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Mozilla Firefox\chrome\reporter.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Nero\Nero Burning ROM\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed) C:\Program Files\Real\RealPlayer\browserrecord\chrome.manifest » MIME - is OK (internal scanning not performed) C:\Program Files\Sony\Vegas Pro 8.0\Sony Vegas Pro 8 -- ShuttlePRO v2.mht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony\Vegas Pro 8.0\Sony Vegas Pro 8 -- ShuttlePRO.mht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony\Vegas Pro 8.0\Sony Vegas Pro 8 -- ShuttleXpress.mht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony Setup\Sound Forge 7.0\main.cab » CAB » shuttlepromht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony Setup\Sound Forge 7.0\main.cab » CAB » shuttlepro2mht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony Setup\Sound Forge 7.0\main.cab » CAB » shuttlexpmht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony Setup\Vegas Pro 8.0\main.cab » CAB » Sony_Vegas_Pro_8_ShuttlePRO_v2.mht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony Setup\Vegas Pro 8.0\main.cab » CAB » Sony_Vegas_Pro_8_ShuttlePRO.mht » MIME - is OK (internal scanning not performed) C:\Program Files\Sony Setup\Vegas Pro 8.0\main.cab » CAB » Sony_Vegas_Pro_8_ShuttleXpress.mht » MIME - is OK (internal scanning not performed) Scan terminated by user! Number of scanned objects: 163419 Number of threats found: 2 Number of cleaned objects: 0 Time of completion: 11:54:59 PM Total scanning time: 1293 sec (00:21:33) Notes: [4] Object cannot be opened. It may be in use by another application or operating system. ponovo ima ono viruta

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim vas pogledajte ovo Please!!!

Ko je trenutno na forumu

Ukupno su 1024 korisnika na forumu :: 41 registrovanih, 3 sakrivenih i 980 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, aramis s, avijacija, cemix, cikadeda, Dimitrije Paunovic, Dorcolac, drimer, Duh sa sekirom, Fog of War, ikan, ivan979, Kriglord, Kubovac, ladro, ljuba, lord sir giga, Lošmi, Marko Marković, Mcdado, mercedesamg, Michellefromrezistance, mile33, Milometer, milutin134, Miškić, Povratak1912, RILE-NS, sabros, Sirius, skvara, ss10, stegonosa, Stoilkovic, Suva planina, theNedjeljko, vathra, Vlada1389, zillbg, Čivi, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by