MyCity » Ambulanta -> Arhiva Ambulante » Problem Total security

Problem Total security

Napisano na dan: 3.10.2009
1

Problem Total security
Sledeća strana Pagination

Idi na vrh

Poslao: 03 Okt 2009 23:20
Idi na vrh
offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

Instalirao sam neki program i od tada mi non stom se pojavljuje total security koji skenira i kao pronalazi viruse ali ih ne brise jer trazi licencu,pokusao sam da obrisem program ali mi ne dozvoljava.Kako da ga izbrisem?
[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 03 Okt 2009 23:30
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

u uputstvu se trazi i DDS log koji mi nisi ovde postavio.

Skeniraj i postavi ga.



Poslao: 04 Okt 2009 18:52
Idi na vrh
offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

[Link mogu videti samo ulogovani korisnici]


DDS (Ver_09-09-29.01) - NTFSx86
Run by Administrator at 21:51:23.60 on Sat 10/03/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.327 [GMT 2:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
svchost.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\878RMT.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\TS\tsc.exe
D:\Program Files\honestech\honestech TVR\scheduleTV.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\Program Files\honestech\honestech TVR\honestechTV.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Page = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mDefault_Page_URL = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
BHO: &IE Help: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - d:\windows\system32\iehelpmod.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - d:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - d:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - d:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - d:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - d:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - d:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [PopRock] d:\docume~1\admini~1\locals~1\temp\b.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [TS] d:\program files\ts\tsc.exe
mRun: [ehTray] d:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TV Card Remote Control Applet] d:\windows\878RMT.exe
mRun: [ccApp] "d:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "d:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "d:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\schedu~1.lnk - d:\program files\honestech\honestech tvr\scheduleTV.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
Notify: Antiwpa - wpa.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;d:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [2009-7-27 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [2009-7-27 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [2009-7-27 8448]
R2 ccEvtMgr;Symantec Event Manager;d:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R2 ccProxy;Symantec Network Proxy;d:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088]
R2 ccSetMgr;Symantec Settings Manager;d:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;d:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-7 139888]
R2 Symantec Core LC;Symantec Core LC;d:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-9-29 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-29 102448]
R3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20091003.004\NAVENG.Sys [2009-10-3 84912]
R3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20091003.004\NavEx15.Sys [2009-10-3 1323568]
R3 SAVRT;SAVRT;d:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S3 SAVScan;Symantec AVScan;d:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]

=============== Created Last 30 ================

2009-10-03 16:41 <DIR> --d----- d:\program files\TS
2009-10-03 16:41 <DIR> --d----- d:\program files\common files\TSUninstall
2009-10-03 16:32 344,576 a------- d:\windows\system32\iehelpmod.dll
2009-10-03 14:30 10,635 a------- d:\windows\system32\drivers\SYMEVENT.CAT
2009-10-03 14:30 806 a------- d:\windows\system32\drivers\SYMEVENT.INF
2009-09-30 20:47 <DIR> --d----- d:\windows\system32\wbem\Repository
2009-09-30 20:10 <DIR> --d----- d:\docume~1\admini~1\applic~1\TuneUp Software
2009-09-30 20:10 <DIR> --d----- d:\docume~1\alluse~1\applic~1\TuneUp Software
2009-09-30 20:10 <DIR> --d----- d:\program files\TuneUp Utilities 2009
2009-09-30 20:09 <DIR> --dsh--- d:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 18:28 2,189,056 -c------ d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 18:28 2,145,280 -c------ d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 18:28 2,023,936 -c------ d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 17:43 2,560 -------- d:\windows\system32\xpsp4res.dll
2009-09-30 17:42 272,128 -c------ d:\windows\system32\dllcache\bthport.sys
2009-09-30 17:42 272,128 -------- d:\windows\system32\drivers\bthport.sys
2009-09-30 17:06 455,296 -c------ d:\windows\system32\dllcache\mrxsmb.sys
2009-09-30 00:10 <DIR> --d----- d:\windows\system32\PreInstall
2009-09-30 00:10 <DIR> --d-h--- d:\windows\$hf_mig$
2009-09-29 23:50 <DIR> --d----- d:\windows\system32\SoftwareDistribution
2009-09-29 23:03 <DIR> -cd----- d:\docume~1\admini~1\applic~1\Symantec
2009-09-29 22:59 10,344 a------- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 22:59 <DIR> --d----- d:\program files\Norton Internet Security
2009-09-29 22:58 124,464 a------- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 22:58 60,808 a------- d:\windows\system32\S32EVNT1.DLL
2009-09-29 22:58 <DIR> --d----- d:\program files\Symantec
2009-09-29 22:58 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Symantec
2009-09-29 22:58 <DIR> --d----- d:\program files\common files\Symantec Shared
2009-09-29 22:55 4,716 a------- d:\windows\gdrv.sys
2009-09-29 20:08 390 a------- d:\windows\system32\%LocalXml%
2009-09-29 19:38 107,547 a------- d:\windows\system32\drivers\klin.dat
2009-09-29 19:38 95,259 a------- d:\windows\system32\drivers\klick.dat
2009-09-29 19:37 2,996,256 a--sh--- d:\windows\system32\drivers\fidbox.dat
2009-09-29 19:37 196,640 a--sh--- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 19:37 27,632 a--sh--- d:\windows\system32\drivers\fidbox.idx
2009-09-29 19:37 4,896 a--sh--- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 19:37 <DIR> --d----- d:\program files\Kaspersky Lab
2009-09-29 19:37 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-09-21 13:19 <DIR> --d----- D:\tasa
2009-09-10 23:18 286,720 a----r-- d:\windows\878RMT.exe
2009-09-10 23:18 <DIR> --d----- d:\windows\MyInstall
2009-09-10 23:17 299,520 a------- d:\windows\uninst.exe
2009-09-09 14:38 38 a------- d:\windows\avisplitter.INI
2009-09-09 14:32 <DIR> --d-h--- d:\windows\PIF
2009-09-06 21:43 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Anvsoft
2009-09-06 21:43 <DIR> -cd----- d:\docume~1\admini~1\applic~1\Photo DVD Maker
2009-09-06 21:43 <DIR> --d----- d:\program files\Photo DVD Maker Professional

==================== Find3M ====================

2009-08-05 11:01 204,800 a------- d:\windows\system32\mswebdvd.dll
2009-07-29 17:29 16,365,056 a------- d:\program files\JDownloader_0.6.193.exe
2009-07-29 06:37 119,808 a------- d:\windows\system32\t2embed.dll
2009-07-29 06:37 81,920 a------- d:\windows\system32\fontsub.dll
2009-07-28 18:06 86,811 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-27 17:07 21,640 a------- d:\windows\system32\emptyregdb.dat
2009-07-25 05:23 411,368 a------- d:\windows\system32\deploytk.dll
2009-07-17 21:01 58,880 a------- d:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- d:\windows\system32\wmpdxm.dll

============= FINISH: 21:51:42.45 ===============

Poslao: 04 Okt 2009 19:01
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 04 Okt 2009 23:29
Idi na vrh
offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

[Link mogu videti samo ulogovani korisnici]

ComboFix 09-10-04.01 - Administrator 10/04/2009 19:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.484 [GMT 2:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\TS\tsc.exe
d:\windows\system32\iehelpmod.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-03 14:41 . 2009-10-04 17:30 -------- d-----w- d:\program files\TS
2009-10-03 14:41 . 2009-10-03 14:41 -------- d-----w- d:\program files\Common Files\TSUninstall
2009-09-30 18:47 . 2009-09-30 18:47 -------- d-----w- d:\windows\system32\wbem\Repository
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:47 -------- d-----w- d:\program files\TuneUp Utilities 2009
2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll
2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys
2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$
2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec
2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security
2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec
2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec
2009-09-29 20:58 . 2009-10-04 01:01 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys
2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat
2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 17:37 . 2009-09-29 17:37 -------- d-----w- d:\program files\Kaspersky Lab
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko
2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa
2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe
2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall
2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe
2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe
2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft
2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Apple
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision
2009-08-22 23:29 . 2009-08-22 23:29 -------- d-----w- d:\program files\Activision
2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader
2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat
2009-08-05 19:58 . 2009-08-05 19:58 -------- dc----w- d:\documents and settings\Administrator\Application Data\Media Player Classic
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat
2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=""
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - EraserUtilDrvI9
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll
HKCU-Run-TS - d:\program files\TS\tsc.exe
AddRemove-BearShare MediaBar - d:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe
AddRemove-TS - d:\program files\TS\tsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-10-04 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????88????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????ConfusedA~}(@?"?rU?(@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
d:\windows\system32\wpa.dll
.
Completion time: 2009-10-04 19:31
ComboFix-quarantined-files.txt 2009-10-04 17:31

Pre-Run: 51,522,502,656 bytes free
Post-Run: 51,795,587,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

196 --- E O F --- 2009-10-01 01:09

Poslao: 05 Okt 2009 00:33
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Sledeci put mi kopiraj log ovde, nemoj ga kaciti.

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
"AntiVirusOverride"=-
"FirewallOverride"=-

Folder::
d:\program files\TS
d:\program files\Common Files\TSUninstall


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 05 Okt 2009 18:01
Idi na vrh
offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

ComboFix 09-10-04.01 - Administrator 10/05/2009 17:50.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT 2:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 15:19 . 2009-10-05 15:19 -------- d-----w- d:\windows\system32\wbem\Repository
2009-10-05 15:19 . 2009-10-05 15:19 -------- dc----w- d:\program files\Kaspersky Lab
2009-10-05 15:19 . 2009-10-05 15:19 -------- dc----w- d:\program files\TuneUp Utilities 2009
2009-10-05 15:18 . 2009-10-05 15:18 -------- d-----w- d:\program files\Activision
2009-10-04 17:44 . 2009-10-05 15:19 -------- dc----w- D:\RECYCLER(2)
2009-10-03 14:41 . 2009-10-05 15:36 -------- d-----w- d:\program files\TS
2009-10-03 14:41 . 2009-10-03 14:41 -------- d-----w- d:\program files\Common Files\TSUninstall
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll
2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys
2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$
2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec
2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security
2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec
2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec
2009-09-29 20:58 . 2009-10-05 15:37 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys
2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat
2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko
2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa
2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe
2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall
2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe
2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe
2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft
2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision
2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader
2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat
2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TS"="d:\program files\TS\tsc.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=""
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - EraserUtilDrvI9
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-10-05 17:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????p8????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????ConfusedA~}(@??08??(@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
d:\windows\system32\wpa.dll
.
Completion time: 2009-10-05 17:54
ComboFix-quarantined-files.txt 2009-10-05 15:54

Pre-Run: 54,206,910,464 bytes free
Post-Run: 54,203,904,000 bytes free

181 --- E O F --- 2009-10-01 01:09

Poslao: 05 Okt 2009 18:34
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
d:\program files\TS
d:\program files\Common Files\TSUninstall

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TS"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 05 Okt 2009 19:42
Idi na vrh
offline
  • Pridružio: 03 Okt 2009
  • Poruke: 7

ComboFix 09-10-04.01 - Administrator 10/05/2009 19:31.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.570 [GMT 2:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\Common Files\TSUninstall
d:\program files\Common Files\TSUninstall\Uninstall.lnk
d:\program files\TS

.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 16:55 . 2009-10-05 16:55 -------- d-----w- d:\windows\system32\wbem\Repository
2009-10-05 16:54 . 2009-10-05 16:54 -------- dc----w- d:\program files\TuneUp Utilities 2009
2009-10-05 16:54 . 2009-10-05 16:54 -------- dc----w- d:\program files\Kaspersky Lab
2009-10-05 16:54 . 2009-10-05 16:54 -------- d-----w- d:\program files\Activision
2009-10-05 15:55 . 2009-10-05 16:53 -------- dc----w- D:\RECYCLER(3)
2009-10-04 17:44 . 2009-10-05 16:54 -------- dc----w- D:\RECYCLER(2)
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-30 18:10 . 2009-09-30 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-30 18:09 . 2009-09-30 18:09 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-30 16:28 . 2009-02-06 11:08 2189056 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2009-09-30 16:28 . 2009-02-06 11:06 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-30 16:28 . 2009-02-06 10:32 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-09-30 15:43 . 2008-05-03 11:55 2560 ------w- d:\windows\system32\xpsp4res.dll
2009-09-30 15:42 . 2008-06-13 11:05 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-09-30 15:42 . 2008-06-13 11:05 272128 ------w- d:\windows\system32\drivers\bthport.sys
2009-09-30 15:06 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-09-29 22:10 . 2009-10-01 01:09 -------- d--h--w- d:\windows\$hf_mig$
2009-09-29 21:03 . 2009-09-30 17:42 -------- dc----w- d:\documents and settings\Administrator\Application Data\Symantec
2009-09-29 21:00 . 2009-09-29 21:00 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-29 20:59 . 2009-09-29 20:59 10344 ----a-w- d:\windows\system32\drivers\symlcbrd.sys
2009-09-29 20:59 . 2009-09-30 14:21 -------- d-----w- d:\program files\Norton Internet Security
2009-09-29 20:58 . 2009-10-03 12:30 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2009-09-29 20:58 . 2009-10-03 12:30 124464 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2009-09-29 20:58 . 2009-10-03 12:30 -------- d-----w- d:\program files\Symantec
2009-09-29 20:58 . 2009-10-03 12:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec
2009-09-29 20:58 . 2009-10-05 15:37 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-09-29 20:55 . 2009-09-29 20:55 4716 ----a-w- d:\windows\gdrv.sys
2009-09-29 17:38 . 2009-09-29 18:07 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-09-29 17:38 . 2009-09-29 18:07 107547 ----a-w- d:\windows\system32\drivers\klin.dat
2009-09-29 17:37 . 2009-09-29 20:40 2996256 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-09-29 17:37 . 2009-09-29 20:32 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-09-29 17:37 . 2009-09-29 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-----w- d:\documents and settings\Marko\Local Settings\Application Data\Microsoft
2009-09-29 16:51 . 2009-09-29 16:57 -------- d-s---w- d:\documents and settings\Marko
2009-09-21 11:19 . 2009-09-21 11:19 -------- d-----w- D:\tasa
2009-09-10 21:18 . 2004-11-30 04:00 286720 ----a-r- d:\windows\878RMT.exe
2009-09-10 21:18 . 2009-09-30 19:44 -------- d-----w- d:\windows\MyInstall
2009-09-10 21:17 . 1997-01-18 08:40 299520 ----a-w- d:\windows\uninst.exe
2009-09-10 21:14 . 2009-09-10 21:14 -------- d-----w- d:\program files\Common Files\Adobe
2009-09-09 12:40 . 2009-09-09 12:40 -------- dc----w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-09 12:32 . 2009-09-09 12:32 -------- d--h--w- d:\windows\PIF
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Anvsoft
2009-09-06 19:43 . 2009-09-06 19:43 -------- dc----w- d:\documents and settings\Administrator\Application Data\Photo DVD Maker
2009-09-06 19:43 . 2009-09-06 19:43 -------- d-----w- d:\program files\Photo DVD Maker Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 12:30 . 2009-10-03 12:30 806 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2009-10-03 12:30 . 2009-10-03 12:30 10635 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2009-09-30 20:03 . 2009-07-27 17:49 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-30 19:44 . 2009-07-27 15:30 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-09-29 20:40 . 2009-09-29 17:37 27632 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-09-29 20:32 . 2009-09-29 17:37 4896 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-09-29 17:10 . 2009-07-27 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\QuickTime
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\program files\Apple Software Update
2009-09-04 22:22 . 2009-09-04 22:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-08-22 23:39 . 2009-08-22 23:39 -------- dc----w- d:\documents and settings\Administrator\Application Data\Activision
2009-08-22 13:14 . 2009-08-16 09:56 -------- dc----w- d:\documents and settings\Administrator\Application Data\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:56 -------- d-----w- d:\program files\Any Video Converter
2009-08-16 09:57 . 2009-08-16 09:57 43336 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 09:25 . 2009-08-16 09:25 -------- d-----w- d:\program files\YouTube Downloader
2009-08-08 14:24 . 2009-08-08 14:24 628 ----a-w- d:\windows\EReg515.dat
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 15:29 . 2009-07-29 15:30 16365056 ----a-w- d:\program files\JDownloader_0.6.193.exe
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-27 15:46 . 2009-07-27 15:46 0 -c--a-w- d:\windows\nsreg.dat
2009-07-27 15:07 . 2009-07-27 15:07 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-25 03:23 . 2009-07-29 15:35 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- d:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
d:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TV Card Remote Control Applet"="d:\windows\878RMT.exe" [2004-11-30 286720]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Symantec PIF AlertEng"="d:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2006-03-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
ScheduleTV.lnk - d:\program files\honestech\honestech TVR\scheduleTV.exe [2009-9-30 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;d:\windows\system32\drivers\Bt878.sys [7/27/2009 6:02 PM 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;d:\windows\system32\drivers\BtTuner.sys [7/27/2009 6:02 PM 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;d:\windows\system32\drivers\BtXbar.sys [7/27/2009 6:02 PM 8448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/5/2009 5:27 PM 102448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-02 d:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- d:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 10:13]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DB471B33-5837-472E-B08A-2F8A8E9C2116} = 91.150.77.5 91.150.77.10
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7paq0sp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-10-05 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = d:\windows\878RMT.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????6?B~!?B~????????T???q?@?????p8????@?X???????????????d???????Bt878 TV Card Remote Control Receiver?@?????????W?SN????ConfusedA~}(@????g?(@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
d:\windows\system32\wpa.dll
.
Completion time: 2009-10-05 19:35
ComboFix-quarantined-files.txt 2009-10-05 17:35
ComboFix2.txt 2009-10-05 17:27
ComboFix3.txt 2009-10-05 15:54

Pre-Run: 54,103,711,744 bytes free
Post-Run: 54,100,877,312 bytes free

183 --- E O F --- 2009-10-01 01:09

Poslao: 05 Okt 2009 19:59
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Sta ti je u ovim folderima:

D:\RECYCLER(3)
D:\RECYCLER(2)

MyCity » Ambulanta -> Arhiva Ambulante » Problem Total security

Ko je trenutno na forumu
 

Ukupno su 1305 korisnika na forumu :: 131 registrovanih, 14 sakrivenih i 1160 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 4. Ozrenska, A.R.Chafee.Jr., Abebe Bikila, amaterSRB, aramis s, avijacija, babaroga, bbrasnjo3, Belac91, black venom, Bobrock1, bodin, boj.an, bojank, bojankrstc, bojanM84, Borej, Brana01, brundo65, casual03, cemix, chitach, comi_pfc, Czrweni, darcaud, Dare, Darko8, DavidA, Demi87, DENIRO, Dioniss, Djota1, Doca, Dolinc, Dorcolac, DrMrPr, Duce, dulleo, Egzekutor13, EXIT78, FOX, Galcom, Georgius, Gogi_avio, grunff2, havoc995, Holy Saber, iceburn, ikan, ivan1973, ivan_8282, jalos, jmsk, JohnnyBoii, Jomini, Jozo74, Kajzer_Soze, Kalem, kendzo-andzo-boni-fju, klepesina, Koja79, kokodakalo, koliko, Konda, Kubovac, kybonacci, lafa008, Leonov, Lieutenant, lord sir giga, M74AB3, Macalone, Manjane, markomacii9, markoni.slo, Martin543, Mercury, Metanoja, MiG-29M2, Miki01, Milan Miscevic, milbos, milenko crazy north, MiloradKomadic, milutin134, mir, mishkooo, MK10, MrNo, N.e.m.a.nj.a., nevjerna beba, Nmr, nobutado, novator, Oblički, oganj123, omen, Panter, procesor, Profesor_018, promajauglavi, raster12, ruma, S2M, samoborac, Sevetar, shota91, sistem22, smuk, Solunac na steroidima, Str2022, strelac07, t84dar, tachinni, tamno.nebo, tanakadzo, Timočka Divizija, tubular, veljkovicdani, vladas87, voja64, Weteran, Zdilar, zdrebac, zeka013, zgoljo, zlatkoa987, zlaya011, zokizemun, zombicar153, 800077