Problem Total security

1

Problem Total security

offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

Instalirao sam neki program i od tada mi non stom se pojavljuje total security koji skenira i kao pronalazi viruse ali ih ne brise jer trazi licencu,pokusao sam da obrisem program ali mi ne dozvoljava.Kako da ga izbrisem?
[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

u uputstvu se trazi i DDS log koji mi nisi ovde postavio.

Skeniraj i postavi ga.



offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

[Link mogu videti samo ulogovani korisnici]


DDS (Ver_09-09-29.01) - NTFSx86
Run by Administrator at 21:51:23.60 on Sat 10/03/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.327 [GMT 2:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
svchost.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\878RMT.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\TS\tsc.exe
D:\Program Files\honestech\honestech TVR\scheduleTV.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\Program Files\honestech\honestech TVR\honestechTV.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Page = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mDefault_Page_URL = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
BHO: &IE Help: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - d:\windows\system32\iehelpmod.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - d:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - d:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - d:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - d:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - d:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - d:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [PopRock] d:\docume~1\admini~1\locals~1\temp\b.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [TS] d:\program files\ts\tsc.exe
mRun: [ehTray] d:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TV Card Remote Control Applet] d:\windows\878RMT.exe
mRun: [ccApp] "d:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "d:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "d:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\schedu~1.lnk - d:\program files\honestech\honestech tvr\scheduleTV.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
Notify: Antiwpa - wpa.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;d:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [2009-7-27 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [2009-7-27 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [2009-7-27 8448]
R2 ccEvtMgr;Symantec Event Manager;d:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R2 ccProxy;Symantec Network Proxy;d:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088]
R2 ccSetMgr;Symantec Settings Manager;d:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;d:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-7 139888]
R2 Symantec Core LC;Symantec Core LC;d:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-9-29 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-29 102448]
R3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20091003.004\NAVENG.Sys [2009-10-3 84912]
R3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20091003.004\NavEx15.Sys [2009-10-3 1323568]
R3 SAVRT;SAVRT;d:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S3 SAVScan;Symantec AVScan;d:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]

=============== Created Last 30 ================

2009-10-03 16:41 <DIR> --d----- d:\program files\TS
2009-10-03 16:41 <DIR> --d----- d:\program files\common files\TSUninstall
2009-10-03 16:32 344,576 a------- d:\windows\system32\iehelpmod.dll
2009-10-03 14:30 10,635 a------- d:\windows\system32\drivers\SYMEVENT.CAT
2009-10-03 14:30 806 a------- d:\windows\system32\drivers\SYMEVENT.INF
2009-09-30 20:47 <DIR> --d----- d:\windows\system32\wbem\Repository
2009-09-30 20:10 <DIR> --d----- d:\docume~1\admini~1\applic~1\TuneUp Software
2009-09-30 20:10 <DIR> --d----- d:\docume~1\alluse~1\applic~1\TuneUp Software
2009-09-30 20:10 <DIR> --d----- d:\program files\TuneUp Utilities 2009
2009-09-30 20:09 <DIR> --dsh--- d:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 18:28 2,189,056 -c------ d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 18:28 2,145,280 -c------ d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 18:28 2,023,936 -c------ d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 17:43 2,560 -------- d:\windows\system32\xpsp4res.dll
2009-09-30 17:42 272,128 -c------ d:\windows\system32\dllcache\bthport.sys
2009-09-30 17:42 272,128 -------- d:\windows\system32\drivers\bthport.sys
2009-09-30 17:06 455,296 -c------ d:\windows\system32\dllcache\mrxsmb.sys
2009-09-30 00:10 <DIR> --d----- d:\windows\system32\PreInstall
2009-09-30 00:10 <DIR> --d-h--- d:\windows\$hf_mig$
2009-09-29 23:50 <DIR> --d----- d:\windows\system32\SoftwareDistribution
2009-09-29 23:03 <DIR> -cd----- d:\docume~1\admini~1\applic~1\Symantec
2009-09-29 22:59 10,344 a------- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 22:59 <DIR> --d----- d:\program files\Norton Internet Security
2009-09-29 22:58 124,464 a------- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 22:58 60,808 a------- d:\windows\system32\S32EVNT1.DLL
2009-09-29 22:58 <DIR> --d----- d:\program files\Symantec
2009-09-29 22:58 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Symantec
2009-09-29 22:58 <DIR> --d----- d:\program files\common files\Symantec Shared
2009-09-29 22:55 4,716 a------- d:\windows\gdrv.sys
2009-09-29 20:08 390 a------- d:\windows\system32\%LocalXml%
2009-09-29 19:38 107,547 a------- d:\windows\system32\drivers\klin.dat
2009-09-29 19:38 95,259 a------- d:\windows\system32\drivers\klick.dat
2009-09-29 19:37 2,996,256 a--sh--- d:\windows\system32\drivers\fidbox.dat
2009-09-29 19:37 196,640 a--sh--- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 19:37 27,632 a--sh--- d:\windows\system32\drivers\fidbox.idx
2009-09-29 19:37 4,896 a--sh--- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 19:37 <DIR> --d----- d:\program files\Kaspersky Lab
2009-09-29 19:37 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-09-21 13:19 <DIR> --d----- D:\tasa
2009-09-10 23:18 286,720 a----r-- d:\windows\878RMT.exe
2009-09-10 23:18 <DIR> --d----- d:\windows\MyInstall
2009-09-10 23:17 299,520 a------- d:\windows\uninst.exe
2009-09-09 14:38 38 a------- d:\windows\avisplitter.INI
2009-09-09 14:32 <DIR> --d-h--- d:\windows\PIF
2009-09-06 21:43 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Anvsoft
2009-09-06 21:43 <DIR> -cd----- d:\docume~1\admini~1\applic~1\Photo DVD Maker
2009-09-06 21:43 <DIR> --d----- d:\program files\Photo DVD Maker Professional

==================== Find3M ====================

2009-08-05 11:01 204,800 a------- d:\windows\system32\mswebdvd.dll
2009-07-29 17:29 16,365,056 a------- d:\program files\JDownloader_0.6.193.exe
2009-07-29 06:37 119,808 a------- d:\windows\system32\t2embed.dll
2009-07-29 06:37 81,920 a------- d:\windows\system32\fontsub.dll
2009-07-28 18:06 86,811 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-27 17:07 21,640 a------- d:\windows\system32\emptyregdb.dat
2009-07-25 05:23 411,368 a------- d:\windows\system32\deploytk.dll
2009-07-17 21:01 58,880 a------- d:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- d:\windows\system32\wmpdxm.dll

============= FINISH: 21:51:42.45 ===============

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

[Link mogu videti samo ulogovani korisnici]

ComboFix 09-10-04.01 - Administrator 10/04/2009 19:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.484 [GMT 2:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\TS\tsc.exe
d:\windows\system32\iehelpmod.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-03 14:41 . 2009-10-04 17:30 -------- d-----w- d:\program files\TS
2009-10-03 14:41 . 2009-10-03 14:41 -------- d-----w- d:\program files\Common Files\TSUninstall
2009-09-30 18:47 . 2009-09-30 18:47 -------- d-----w- d:\windows\system32\wbem\Repository
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:47 -------- d-----w- d:\program files\TuneUp Utilities 2009
2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll
2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys
2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$
2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec
2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security
2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec
2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec
2009-09-29 20:58 . 2009-10-04 01:01 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys
2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat
2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 17:37 . 2009-09-29 17:37 -------- d-----w- d:\program files\Kaspersky Lab
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko
2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa
2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe
2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall
2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe
2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe
2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft
2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Apple
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision
2009-08-22 23:29 . 2009-08-22 23:29 -------- d-----w- d:\program files\Activision
2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader
2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat
2009-08-05 19:58 . 2009-08-05 19:58 -------- dc----w- d:\documents and settings\Administrator\Application Data\Media Player Classic
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat
2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=""
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - EraserUtilDrvI9
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll
HKCU-Run-TS - d:\program files\TS\tsc.exe
AddRemove-BearShare MediaBar - d:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe
AddRemove-TS - d:\program files\TS\tsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-10-04 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????88????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????ConfusedA~}(@?"?rU?(@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
d:\windows\system32\wpa.dll
.
Completion time: 2009-10-04 19:31
ComboFix-quarantined-files.txt 2009-10-04 17:31

Pre-Run: 51,522,502,656 bytes free
Post-Run: 51,795,587,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

196 --- E O F --- 2009-10-01 01:09

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Sledeci put mi kopiraj log ovde, nemoj ga kaciti.

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
"AntiVirusOverride"=-
"FirewallOverride"=-

Folder::
d:\program files\TS
d:\program files\Common Files\TSUninstall


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

ComboFix 09-10-04.01 - Administrator 10/05/2009 17:50.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT 2:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 15:19 . 2009-10-05 15:19 -------- d-----w- d:\windows\system32\wbem\Repository
2009-10-05 15:19 . 2009-10-05 15:19 -------- dc----w- d:\program files\Kaspersky Lab
2009-10-05 15:19 . 2009-10-05 15:19 -------- dc----w- d:\program files\TuneUp Utilities 2009
2009-10-05 15:18 . 2009-10-05 15:18 -------- d-----w- d:\program files\Activision
2009-10-04 17:44 . 2009-10-05 15:19 -------- dc----w- D:\RECYCLER(2)
2009-10-03 14:41 . 2009-10-05 15:36 -------- d-----w- d:\program files\TS
2009-10-03 14:41 . 2009-10-03 14:41 -------- d-----w- d:\program files\Common Files\TSUninstall
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll
2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys
2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$
2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec
2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security
2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec
2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec
2009-09-29 20:58 . 2009-10-05 15:37 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys
2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat
2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko
2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa
2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe
2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall
2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe
2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe
2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft
2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision
2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader
2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat
2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TS"="d:\program files\TS\tsc.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=""
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - EraserUtilDrvI9
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-10-05 17:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????p8????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????ConfusedA~}(@??08??(@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
d:\windows\system32\wpa.dll
.
Completion time: 2009-10-05 17:54
ComboFix-quarantined-files.txt 2009-10-05 15:54

Pre-Run: 54,206,910,464 bytes free
Post-Run: 54,203,904,000 bytes free

181 --- E O F --- 2009-10-01 01:09

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
d:\program files\TS
d:\program files\Common Files\TSUninstall

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TS"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

ComboFix 09-10-04.01 - Administrator 10/05/2009 19:31.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.570 [GMT 2:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\Common Files\TSUninstall
d:\program files\Common Files\TSUninstall\Uninstall.lnk
d:\program files\TS

.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 16:55 . 2009-10-05 16:55 -------- d-----w- d:\windows\system32\wbem\Repository
2009-10-05 16:54 . 2009-10-05 16:54 -------- dc----w- d:\program files\TuneUp Utilities 2009
2009-10-05 16:54 . 2009-10-05 16:54 -------- dc----w- d:\program files\Kaspersky Lab
2009-10-05 16:54 . 2009-10-05 16:54 -------- d-----w- d:\program files\Activision
2009-10-05 15:55 . 2009-10-05 16:53 -------- dc----w- D:\RECYCLER(3)
2009-10-04 17:44 . 2009-10-05 16:54 -------- dc----w- D:\RECYCLER(2)
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll
2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys
2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$
2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec
2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security
2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec
2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec
2009-09-29 20:58 . 2009-10-05 15:37 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys
2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat
2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko
2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa
2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe
2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall
2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe
2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe
2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft
2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision
2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader
2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat
2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/5/2009 5:27 PM 102448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-10-05 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????p8????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????ConfusedA~}(@????g?(@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
d:\windows\system32\wpa.dll
.
Completion time: 2009-10-05 19:35
ComboFix-quarantined-files.txt 2009-10-05 17:35
ComboFix2.txt 2009-10-05 17:27
ComboFix3.txt 2009-10-05 15:54

Pre-Run: 54,103,711,744 bytes free
Post-Run: 54,100,877,312 bytes free

183 --- E O F --- 2009-10-01 01:09

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Sta ti je u ovim folderima:

D:\RECYCLER(3)
D:\RECYCLER(2)

Ko je trenutno na forumu
 

Ukupno su 1155 korisnika na forumu :: 60 registrovanih, 6 sakrivenih i 1089 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, AndrejPetar, Asteker, Avalon015, Batko.VD.65, blatruc82, bobomicek, Buzdovan, Cicumile, Cirkon, coaaco, Dejan_vw, Denaya, doktor1964, Dorcolac, drimer, Electron, galerija, GandorCC, GeoM, Hardenberg, icemilos, ikan, ILGromovnik, jodzula, Joint Chief, Kobrim, krokodokodil, kybonacci, ladro, Lieutenant, ljuba.b, Lotus, Manjane, Mićko, Mrav Obrad, nebidrag, Nemanja.M, nenaddz, nevjerna beba, Povratak1912, powSrb, predragc, promajauglavi, royst33, Simulink11000, Sirius, srpskasparta, stegonosa, Stoorb, synergia, tehnika, TripleTwo, Vatreni Zmaj, Velizar Laro, vidra1, Vlad000, Yellow Pinky, Zmaj001, zokilivac