Vesti

Igrice     ||     Vesti dana na Facebook-u
Trenutni indeks Trenutni indeks Tech deo Opsti deo Vojni deo
Igrice i igre  
Najjeftiniji 042 Internet u Srbiji
Linkujte MyCity sa vašeg sajta/bloga
Digitalni fotoaparati
Mikrotik, Wavearena, Kingnet, SparkLAN, Planet - Exeshop.rs - Wifi Antene, Routerboard, Kamere, Ruteri, Konektori, UTP i LMR Kablovi, Powerline, POE, Napajanja
  
Oglašavajte se na MyCity-ju - pametno i ciljano
 

Problem!!Nije Hitno Ali Je Pozeljna Pomoc...

  
Indeks -> MyCity forum -> Ambulanta -> Problem!!Nije Hitno Ali Je Pozeljna Pomoc...
Napisano na dan: 6.2.2010, pogledaj vesti za 06. Feb 2010.
Poslao: 06 Feb 2010 12:04
x-Death-x
Građanin
 
Pridružio: 12 Avg 2008
Poruke: 205


Blog: LupoBlog

[Povratak na vrh]


Ovako...
Kada upalim racunar iskoci mi ova slika:


A nakon toga...par minuti iskoci ovo...




Trazio sam po netu...ali nisam nasao nista korisno...
Pa reko da pitam profesionalce...pa se sjetio vas...Smile
[/img]

I Izvinjavam se sto su slike...sto imaju ovo bijelo...ali u zurbi sam radio...
Blog
Poslao: 06 Feb 2010 12:46
ProCarp
AMF pripravnik
 
Pridružio: 04 Jan 2009
Poruke: 1238


[Povratak na vrh]


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html
Poslao: 06 Feb 2010 14:48
x-Death-x
Građanin
 
Pridružio: 12 Avg 2008
Poruke: 205


Blog: LupoBlog

[Povratak na vrh]


Izvinjavam se zbog NEprofesionalnog odnosa prema AMF Timu...

Prije jedno 2 dana su odjednom poceli da iskacu prozori koje cete vidjeti u nastavku...
Tada nisam instalirao/brisao nikakve programe ili neke druge fajlove.
Koristim Avast5,updade-ujem ga redovno...
Prije par min sam uradio Full System Scan i nije bilo nikakvih infektovanih datoteka...


Koristim Windows XP SP2 32-bitni...

Evo Log fajla...

Kod:

DDS (Ver_09-12-01.01) - NTFSx86 
Run by x-Death-x at 14:38:10,48 on sub 06.02.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1470.945 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\x-Death-x\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.googlebreak.com/?CID=3&PID=STV
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ShowBarObjMp3 Class: {cf59ae24-5796-44fc-9575-8d4f383c65f8} - c:\program files\youtubemp3downloader\MinBHOMp3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: YouTube MP3 Downloader: {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - c:\program files\youtubemp3downloader\YouTubeMP3.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [sysinfo] c:\windows\system32\rundll32.exe c:\docume~1\x-deat~1\locals~1\temp\88437616Wsy.dll,Sets
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021410 serial=DR12WCT-1689604-YCX lang=EN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RemoteControl] "c:\program files\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\powerdvd\language\Language.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\x-deat~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\x-deat~1\startm~1\programs\startup\warcra~1.lnk - c:\program files\warcraft iii\support\config.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\x-deat~1\applic~1\mozilla\firefox\profiles\vk1wbsjs.default\
FF - prefs.js: browser.search.selectedEngine - www.googlebreak.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\documents and settings\x-death-x\application data\mozilla\firefox\profiles\vk1wbsjs.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-1-2 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-1-2 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-31 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-31 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2010-02-06 10:51:01   2560   ----a-w-   c:\windows\_MSRSTRT.EXE
2010-02-06 10:42:36   0   d-----w-   c:\program files\RAR Password (zabranjeno)er
2010-02-05 23:41:34   0   d-----w-   c:\program files\JDownloader
2010-02-04 21:50:33   31616   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2010-02-04 21:50:33   31616   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2010-02-02 19:50:35   0   d-----w-   c:\program files\WinPcap
2010-02-02 19:50:25   0   d-----w-   c:\program files\YouTubeMP3Downloader
2010-02-02 14:38:36   0   d-----w-   c:\program files\Unlocker
2010-02-02 14:15:03   69   ----a-w-   c:\windows\NeroDigital.ini
2010-02-02 04:35:49   4767   ----a-w-   c:\windows\Irremote.ini
2010-02-02 04:20:03   0   d-----w-   c:\docume~1\alluse~1\applic~1\Nero
2010-02-01 19:17:57   0   d-----w-   c:\program files\VLC
2010-02-01 15:40:44   0   d-----w-   c:\windows\system32\XPSViewer
2010-02-01 15:39:49   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-01 15:39:49   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-01 15:39:49   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-01 15:39:49   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2010-02-01 15:39:49   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2010-02-01 15:39:49   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2010-02-01 15:39:49   117760   ------w-   c:\windows\system32\prntvpt.dll
2010-02-01 15:39:49   0   d-----w-   C:\9d6e42c39e220bdf0352dc5ebce6
2010-02-01 15:36:40   0   d-----w-   c:\program files\MSXML 6.0
2010-01-31 20:05:29   0   d-----w-   c:\docume~1\x-deat~1\applic~1\TeamViewer
2010-01-31 20:04:50   0   d-----w-   c:\program files\TeamViewer
2010-01-25 19:05:00   25600   -c--a-w-   c:\windows\system32\dllcache\usbser.sys
2010-01-25 19:05:00   25600   ----a-w-   c:\windows\system32\drivers\usbser.sys
2010-01-25 19:01:37   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-25 19:01:34   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-24 20:44:18   0   d-----w-   c:\program files\Stardock
2010-01-24 20:35:25   5760054   ----a-w-   c:\windows\AW_1600x1200.bmp
2010-01-24 20:33:20   3932214   ----a-w-   c:\windows\InvaderDark1280.bmp
2010-01-24 20:23:14   3932214   ----a-w-   c:\windows\AW_XenoMorph1280.bmp
2010-01-24 20:21:14   36864   ----a-w-   c:\windows\system32\wbsys.dll
2010-01-24 20:21:14   0   d-----w-   c:\program files\common files\Stardock
2010-01-24 20:21:14   0   d-----w-   c:\program files\AlienWare
2010-01-24 18:42:58   0   d-----w-   c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-23 21:53:13   0   d--h--r-   C:\AHCache
2010-01-22 07:56:20   0   d-----w-   c:\windows\system32\SoftwareDistribution
2010-01-20 19:27:54   8608   ----a-w-   c:\windows\system32\mpeg4ax.cat
2010-01-20 19:27:54   8587   ----a-w-   c:\windows\system32\msaudio.cat
2010-01-20 19:27:54   73728   ----a-w-   c:\windows\system32\TOverlay.ax
2010-01-20 19:27:54   700416   ----a-w-   c:\windows\system32\AxisToolBar.ocx
2010-01-20 19:27:54   53248   ----a-w-   c:\windows\system32\DSTimeStamp.ax
2010-01-20 19:27:54   438976   ----a-w-   c:\windows\system32\MSHFLXGD.OCX
2010-01-20 19:27:54   40960   ----a-w-   c:\windows\system32\wavdest.ax
2010-01-20 19:27:54   36864   ----a-w-   c:\windows\system32\Sof2FFTPrj.ocx
2010-01-20 19:27:54   28672   ----a-w-   c:\windows\system32\SpecBarPrj.ocx
2010-01-20 19:27:54   28672   ----a-w-   c:\windows\system32\PCWinSoftPBar.ocx
2010-01-20 19:27:54   188416   ----a-w-   c:\windows\system32\UScreenCapture.ax
2010-01-20 19:27:53   126976   ----a-w-   c:\windows\system32\ArielColorCtrl.ocx
2010-01-20 19:26:56   0   d-----w-   c:\program files\ScreenCapture
2010-01-08 20:39:28   0   d-----w-   c:\program files\Valve
2010-01-07 16:32:29   0   d-----w-   c:\documents and settings\x-death-x\Tracing
2010-01-07 16:25:59   0   d-----w-   c:\program files\Microsoft
2010-01-07 16:25:41   0   d-----w-   c:\program files\Windows Live SkyDrive
2010-01-07 16:14:50   0   d-----w-   c:\program files\common files\Windows Live

==================== Find3M  ====================

2010-01-02 20:38:59   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-31 11:12:48   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-12-29 21:29:58   258352   ----a-w-   c:\windows\system32\unicows.dll

============= FINISH: 14:38:25,14 ===============


A evo Attach.txt fajla
Kod:
http://www.mycity.rs/uploads2/123891_1161100265_Attach.txt


Sto se tice RootRepeal
Kod:
http://www.mycity.rs/uploads2/123891_1749741154_RootRepeal%20report%2002-06-10%20%2814-44-57%29.txt


Kada upalim racunar iskoci mi ovaj prozorcic:



A nakon toga...par minuti iskoci ovo...



(Nemora uvijek da bude tim redosljedom)

Trazio sam po netu...ali nisam nasao nista korisno...
Pa reko da pitam profesionalce...
I jos jednom se izvinjavam zbog prethodnog posta...nece se vise nikada ponoviti...obecavam...
Uz duzno postovanje prema AMF Timu,
x-Death-x
Blog
Poslao: 06 Feb 2010 19:06
ProCarp
AMF pripravnik
 
Pridružio: 04 Jan 2009
Poruke: 1238


[Povratak na vrh]


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer




Kada preuzimanje programa bude završeno:
  1. deaktiviraj zaštitni softver (uputstvo);
  2. zatvori pokrenute programe;
  3. dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:
  • proveriti postoji li novija verzija programa:
    • klikni Yes ako bude ponuđeno preuzimanje iste.
  • prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
    • klikni Yes kako bi proces bio nastavljen.
  • ako Recovery Console nije instalirana, ponuditi instalaciju:
    • obavezno prihvati klikom na Yes i isprati postupak.
  • postaviti/dati određeni broj upita/obaveštenja:
    • prihvati klikom na Yes ili OK.
  • po potrebi, restartovati Windows (više puta);
  • na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
  1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
  2. klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
  3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:
  • Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
  • Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
Poslao: 06 Feb 2010 19:52
x-Death-x
Građanin
 
Pridružio: 12 Avg 2008
Poruke: 205


Blog: LupoBlog

[Povratak na vrh]


Evo i ComboFix Log-fajl

ComboFix 10-02-05.04 - x-Death-x 06.02.2010 19:46:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470.846 [GMT 1:00]
Running from: c:\documents and settings\x-Death-x\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 14:35 . 2010-02-06 14:43 -------- d-----w- c:\program files\Garena
2010-02-06 14:18 . 2010-02-06 14:25 76295 ----a-w- c:\windows\War3Unin.dat
2010-02-06 14:18 . 2010-02-06 14:24 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-06 14:18 . 2010-02-06 14:24 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-06 14:17 . 2010-02-06 17:58 -------- d-----w- c:\program files\Warcraft III
2010-02-06 14:11 . 2010-02-06 14:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 10:51 . 2010-02-06 10:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-05 23:41 . 2010-02-06 10:59 -------- d-----w- c:\program files\JDownloader
2010-02-04 21:50 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-04 21:50 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-04 16:43 . 2010-02-04 16:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-04 16:42 . 2010-02-04 16:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\x-Death-x\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2010-02-04 16:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 16:35 . 2010-02-04 16:58 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Adobe
2010-02-04 16:35 . 2010-02-04 16:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-04 16:35 . 2010-02-05 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-04 16:35 . 2010-02-04 16:35 -------- d-----w- c:\program files\NOS
2010-02-04 16:35 . 2010-01-25 09:02 31936 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-02-04 16:35 . 2010-01-25 09:02 29344 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\WinPcap
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\YouTubeMP3Downloader
2010-02-02 14:58 . 2010-02-02 14:58 78264 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-02 14:38 . 2010-02-02 14:38 -------- d-----w- c:\program files\Unlocker
2010-02-02 14:20 . 2010-02-02 14:20 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Nero
2010-02-02 04:33 . 2010-02-02 14:43 -------- d-----w- c:\program files\Windows Sidebar
2010-02-02 04:20 . 2010-02-02 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-01 19:20 . 2010-02-02 15:36 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\vlc
2010-02-01 19:17 . 2010-02-01 19:18 -------- d-----w- c:\program files\VLC
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\program files\MSBuild
2010-02-01 15:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-01 15:39 . 2010-02-01 15:40 -------- d-----w- C:\9d6e42c39e220bdf0352dc5ebce6
2010-02-01 15:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-01 15:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-01 15:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-01 15:36 . 2010-02-01 15:36 -------- d-----w- c:\program files\MSXML 6.0
2010-01-31 20:05 . 2010-01-31 20:05 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\TeamViewer
2010-01-31 20:04 . 2010-01-31 20:04 -------- d-----w- c:\program files\TeamViewer
2010-01-28 00:37 . 2010-01-28 00:37 -------- d-----w- c:\documents and settings\Turisti\Application Data\skypePM
2010-01-27 21:48 . 2010-01-28 01:19 -------- d-----w- c:\documents and settings\Turisti\Application Data\Skype
2010-01-25 19:05 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-25 19:05 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-24 20:44 . 2010-01-24 20:44 -------- d-----w- c:\program files\Stardock
2010-01-24 20:23 . 2010-01-25 22:08 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Stardock
2010-01-24 20:21 . 2010-02-06 10:52 -------- d-----w- c:\program files\AlienWare
2010-01-24 20:21 . 2010-02-06 10:48 -------- d-----w- c:\program files\Common Files\Stardock
2010-01-24 20:21 . 2003-02-26 21:27 36864 ----a-w- c:\windows\system32\wbsys.dll
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\program files\Alwil Software
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 22:02 . 2010-01-23 22:06 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Paint.NET
2010-01-23 21:58 . 2010-01-23 21:58 -------- d-----w- c:\program files\Reference Assemblies
2010-01-23 21:53 . 2010-01-23 21:53 -------- d-----r- C:\AHCache
2010-01-21 23:29 . 2010-01-21 23:29 -------- d-----w- c:\documents and settings\Turisti\Application Data\Corel
2010-01-21 10:49 . 2010-01-21 10:49 -------- d-----w- c:\documents and settings\Turisti\Local Settings\Application Data\Apple Computer
2010-01-21 10:40 . 2010-01-21 10:40 -------- d-----w- c:\documents and settings\Turisti
2010-01-20 19:26 . 2010-01-20 19:31 -------- d-----w- c:\program files\ScreenCapture
2010-01-20 19:26 . 2010-01-20 19:26 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\InstallShield
2010-01-12 18:33 . 2010-01-12 18:33 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Identities
2010-01-12 16:45 . 2010-01-26 19:22 -------- d-----w- c:\documents and settings\Maja\Application Data\skypePM
2010-01-08 20:39 . 2010-01-08 21:39 -------- d-----w- c:\program files\Valve
2010-01-07 23:31 . 2010-01-07 23:31 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 10:51 . 2009-12-31 15:18 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\uTorrent
2010-02-02 15:01 . 2010-01-04 00:00 -------- d-----w- c:\program files\AIMP2
2010-02-01 17:32 . 2009-12-31 11:42 19224 ----a-w- c:\documents and settings\x-Death-x\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 20:08 . 2009-12-31 17:50 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Skype
2010-01-31 20:01 . 2009-12-31 17:51 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\skypePM
2010-01-27 21:47 . 2010-01-04 21:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-26 20:47 . 2010-01-04 21:37 -------- d-----w- c:\documents and settings\Maja\Application Data\Skype
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-20 19:27 . 2009-12-31 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 13:13 . 2009-12-31 11:44 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 11:57 . 2009-12-31 11:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-19 11:57 . 2009-12-31 11:43 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 11:46 . 2009-12-31 11:44 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 11:43 . 2009-12-31 11:44 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 11:43 . 2009-12-31 11:44 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 11:43 . 2009-12-31 11:44 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 11:42 . 2009-12-31 11:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 11:42 . 2009-12-31 11:44 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-09 15:43 . 2009-12-31 18:07 -------- d-----w- c:\program files\Common Files\Apple
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Microsoft
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-07 16:14 . 2010-01-07 16:14 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-07 12:25 . 2009-12-31 15:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-07 12:19 . 2010-01-07 12:16 -------- d-----w- c:\program files\PowerDVD
2010-01-07 12:19 . 2010-01-07 12:19 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\CyberLink
2010-01-07 12:18 . 2010-01-07 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-07 12:17 . 2010-01-07 12:16 -------- d-----w- c:\program files\CyberLink
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\SourceTec
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\Common Files\SourceTec
2010-01-06 15:15 . 2010-01-04 10:26 -------- d-----w- c:\documents and settings\Maja\Application Data\Free Download Manager
2010-01-05 20:44 . 2010-01-05 20:44 -------- d-----w- c:\documents and settings\Maja\Application Data\Corel
2010-01-05 20:40 . 2009-12-31 12:06 -------- d-----w- c:\program files\Realtek
2010-01-05 16:52 . 2010-01-05 16:52 -------- d-----w- c:\program files\D-Link AirPlus
2010-01-05 16:13 . 2010-01-05 16:11 -------- d-----w- c:\program files\Driver Magician
2010-01-04 21:37 . 2010-01-04 21:37 -------- d-----w- c:\program files\Common Files\Skype
2010-01-04 21:37 . 2009-12-31 17:48 -------- d-----r- c:\program files\Skype
2010-01-04 21:31 . 2010-01-04 21:31 -------- d-----w- c:\program files\Inpaint
2010-01-03 23:03 . 2010-01-03 22:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-03 22:14 . 2010-01-03 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-01-02 20:38 . 2010-01-02 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 20:38 . 2010-01-02 20:38 -------- d-----w- c:\program files\Java
2010-01-02 20:38 . 2010-01-02 20:38 152576 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-02 20:36 . 2010-01-02 20:36 79488 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-02 19:24 . 2010-01-02 19:24 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Leadertech
2010-01-02 19:12 . 2010-01-02 19:12 -------- d-----w- c:\program files\Deamon
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\program files\QuickTime
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-01 14:31 . 2009-12-31 18:10 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Apple Computer
2010-01-01 13:58 . 2010-01-01 13:58 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\AnvSoft
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-01 11:52 . 2009-12-31 11:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 18:10 . 2009-12-31 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-31 18:08 . 2009-12-31 18:08 -------- d-----w- c:\program files\Apple Software Update
2009-12-31 18:07 . 2009-12-31 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-31 17:51 . 2009-12-31 17:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 17:48 . 2009-12-31 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-31 15:31 . 2009-12-31 15:31 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Ambient Design
2009-12-31 15:19 . 2009-12-31 15:19 -------- d-----w- c:\program files\uTorrent
2009-12-31 14:03 . 2009-12-31 14:03 -------- d-----w- c:\program files\7-Zip
2009-12-31 14:01 . 2009-12-31 14:01 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 13:59 . 2009-12-31 13:59 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Corel
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Common Files\Corel
2009-12-31 12:36 . 2009-12-31 12:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Corel
2009-12-31 12:27 . 2009-12-31 12:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\program files\MSXML 4.0
2009-12-31 11:17 . 2009-12-31 11:17 -------- d-----w- c:\program files\microsoft frontpage
2009-12-31 11:12 . 2009-12-31 11:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-29 21:29 . 2009-12-31 19:44 258352 ----a-w- c:\windows\system32\unicows.dll
.

------- Sigcheck -------

[-] 2007-12-29 . 9F960FAC5166F8626B9CDE4DD9A0EB84 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf59ae24-5796-44fc-9575-8d4f383c65f8}]
2010-01-29 14:44 221184 ----a-w- c:\program files\YouTubeMP3Downloader\MinBHOMp3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}"= "c:\program files\YouTubeMP3Downloader\YouTubeMP3.dll" [2010-01-29 704512]

[HKEY_CLASSES_ROOT\clsid\{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3.1]
[HKEY_CLASSES_ROOT\TypeLib\{f20fd027-a5f3-451a-8db1-13298321f6a8}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\x-Death-x\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-24 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2010-1-5 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\YouTubeMP3Downloader\\YouTubeMP3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2.1.2010 20:12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2.1.2010 20:12 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.12.2009 12:44 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.12.2009 12:44 19024]
R3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\ISD14F.tmp --> c:\docume~1\X-DEAT~1\LOCALS~1\Temp\ISD14F.tmp [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 15:11 691696]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GARENAPENGINE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googlebreak.com/?CID=3&PID=STV
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\
FF - prefs.js: browser.search.selectedEngine - www.googlebreak.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 19:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x897A3AE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x897a3ae8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba5e0ba0
PacketIndicateHandler -> NDIS.sys @ 0xba5edb21
SendHandler -> NDIS.sys @ 0xba5cb87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\ISD14F.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\msi.dll
.
Completion time: 2010-02-06 19:50:26
ComboFix-quarantined-files.txt 2010-02-06 18:50

Pre-Run: 51.167.334.400 bytes free
Post-Run: 51.789.438.976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0CE7CD7EB18E4AAC87A0D7228EF91E14
Blog
Poslao: 06 Feb 2010 21:54
ProCarp
AMF pripravnik
 
Pridružio: 04 Jan 2009
Poruke: 1238


[Povratak na vrh]


Korak 1.

Preuzmi DeFogger sa ovog linka na Desktop .


  • Dvoklikom pokreni DeFogger;

  • Pojaviće se MsgBox na kome ćeš kliknuti na taster Disable;

  • Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes;

Sačekaj da se procesuiranje programa DeFogger izvrši pa nastavi prema sledećem uputstvu.

Napomena:Na kraju postupka ce biti potrebno ponovno pokretanje Windows-a.
Ovim postupkom će biti deaktivirani CD/DVD emulatori i omogućen neometan rad programa koje koristimo.



Korak 2.


Otvoriti Notepad i iskopirati sledeci tekst:

Kod:
FileLook::
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

RegLock::
[HKEY_USERS\S-1-5-21-527237240-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
Poslao: 07 Feb 2010 15:43
x-Death-x
Građanin
 
Pridružio: 12 Avg 2008
Poruke: 205


Blog: LupoBlog

[Povratak na vrh]


Evo ga...

ComboFix 10-02-05.04 - x-Death-x 07.02.2010 15:34:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470.993 [GMT 1:00]
Running from: c:\documents and settings\x-Death-x\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\x-Death-x\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-06 14:35 . 2010-02-06 22:43 -------- d-----w- c:\program files\Garena
2010-02-06 14:18 . 2010-02-06 19:32 98366 ----a-w- c:\windows\War3Unin.dat
2010-02-06 14:18 . 2010-02-06 14:24 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-06 14:18 . 2010-02-06 14:24 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-06 14:17 . 2010-02-06 22:35 -------- d-----w- c:\program files\Warcraft III
2010-02-06 14:11 . 2010-02-06 14:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 10:51 . 2010-02-06 10:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-05 23:41 . 2010-02-06 10:59 -------- d-----w- c:\program files\JDownloader
2010-02-04 21:50 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-04 21:50 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-04 16:43 . 2010-02-04 16:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-04 16:42 . 2010-02-04 16:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\x-Death-x\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2010-02-04 16:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 16:35 . 2010-02-04 16:58 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Adobe
2010-02-04 16:35 . 2010-02-04 16:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-04 16:35 . 2010-02-05 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-04 16:35 . 2010-02-04 16:35 -------- d-----w- c:\program files\NOS
2010-02-04 16:35 . 2010-01-25 09:02 31936 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-02-04 16:35 . 2010-01-25 09:02 29344 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\WinPcap
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\YouTubeMP3Downloader
2010-02-02 14:58 . 2010-02-02 14:58 78264 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-02 14:38 . 2010-02-02 14:38 -------- d-----w- c:\program files\Unlocker
2010-02-02 14:20 . 2010-02-02 14:20 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Nero
2010-02-02 04:33 . 2010-02-02 14:43 -------- d-----w- c:\program files\Windows Sidebar
2010-02-02 04:20 . 2010-02-02 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-01 19:20 . 2010-02-02 15:36 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\vlc
2010-02-01 19:17 . 2010-02-01 19:18 -------- d-----w- c:\program files\VLC
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\program files\MSBuild
2010-02-01 15:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-01 15:39 . 2010-02-01 15:40 -------- d-----w- C:\9d6e42c39e220bdf0352dc5ebce6
2010-02-01 15:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-01 15:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-01 15:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-01 15:36 . 2010-02-01 15:36 -------- d-----w- c:\program files\MSXML 6.0
2010-01-31 20:05 . 2010-01-31 20:05 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\TeamViewer
2010-01-31 20:04 . 2010-01-31 20:04 -------- d-----w- c:\program files\TeamViewer
2010-01-28 00:37 . 2010-01-28 00:37 -------- d-----w- c:\documents and settings\Turisti\Application Data\skypePM
2010-01-27 21:48 . 2010-01-28 01:19 -------- d-----w- c:\documents and settings\Turisti\Application Data\Skype
2010-01-25 19:05 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-25 19:05 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-24 20:44 . 2010-01-24 20:44 -------- d-----w- c:\program files\Stardock
2010-01-24 20:23 . 2010-01-25 22:08 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Stardock
2010-01-24 20:21 . 2010-02-06 10:52 -------- d-----w- c:\program files\AlienWare
2010-01-24 20:21 . 2010-02-06 10:48 -------- d-----w- c:\program files\Common Files\Stardock
2010-01-24 20:21 . 2003-02-26 21:27 36864 ----a-w- c:\windows\system32\wbsys.dll
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\program files\Alwil Software
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 22:02 . 2010-01-23 22:06 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Paint.NET
2010-01-23 21:58 . 2010-01-23 21:58 -------- d-----w- c:\program files\Reference Assemblies
2010-01-23 21:53 . 2010-01-23 21:53 -------- d-----r- C:\AHCache
2010-01-21 23:29 . 2010-01-21 23:29 -------- d-----w- c:\documents and settings\Turisti\Application Data\Corel
2010-01-21 10:49 . 2010-01-21 10:49 -------- d-----w- c:\documents and settings\Turisti\Local Settings\Application Data\Apple Computer
2010-01-21 10:40 . 2010-01-21 10:40 -------- d-----w- c:\documents and settings\Turisti
2010-01-20 19:26 . 2010-01-20 19:31 -------- d-----w- c:\program files\ScreenCapture
2010-01-20 19:26 . 2010-01-20 19:26 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\InstallShield
2010-01-12 18:33 . 2010-01-12 18:33 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Identities
2010-01-12 16:45 . 2010-01-26 19:22 -------- d-----w- c:\documents and settings\Maja\Application Data\skypePM
2010-01-08 20:39 . 2010-01-08 21:39 -------- d-----w- c:\program files\Valve

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 10:51 . 2009-12-31 15:18 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\uTorrent
2010-02-02 15:01 . 2010-01-04 00:00 -------- d-----w- c:\program files\AIMP2
2010-02-01 17:32 . 2009-12-31 11:42 19224 ----a-w- c:\documents and settings\x-Death-x\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 20:08 . 2009-12-31 17:50 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Skype
2010-01-31 20:01 . 2009-12-31 17:51 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\skypePM
2010-01-27 21:47 . 2010-01-04 21:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-26 20:47 . 2010-01-04 21:37 -------- d-----w- c:\documents and settings\Maja\Application Data\Skype
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-20 19:27 . 2009-12-31 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 13:13 . 2009-12-31 11:44 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 11:57 . 2009-12-31 11:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-19 11:57 . 2009-12-31 11:43 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 11:46 . 2009-12-31 11:44 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 11:43 . 2009-12-31 11:44 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 11:43 . 2009-12-31 11:44 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 11:43 . 2009-12-31 11:44 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 11:42 . 2009-12-31 11:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 11:42 . 2009-12-31 11:44 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-09 15:43 . 2009-12-31 18:07 -------- d-----w- c:\program files\Common Files\Apple
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Microsoft
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-07 16:14 . 2010-01-07 16:14 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-07 12:25 . 2009-12-31 15:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-07 12:19 . 2010-01-07 12:16 -------- d-----w- c:\program files\PowerDVD
2010-01-07 12:19 . 2010-01-07 12:19 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\CyberLink
2010-01-07 12:18 . 2010-01-07 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-07 12:17 . 2010-01-07 12:16 -------- d-----w- c:\program files\CyberLink
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\SourceTec
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\Common Files\SourceTec
2010-01-06 15:15 . 2010-01-04 10:26 -------- d-----w- c:\documents and settings\Maja\Application Data\Free Download Manager
2010-01-05 20:44 . 2010-01-05 20:44 -------- d-----w- c:\documents and settings\Maja\Application Data\Corel
2010-01-05 20:40 . 2009-12-31 12:06 -------- d-----w- c:\program files\Realtek
2010-01-05 16:52 . 2010-01-05 16:52 -------- d-----w- c:\program files\D-Link AirPlus
2010-01-05 16:13 . 2010-01-05 16:11 -------- d-----w- c:\program files\Driver Magician
2010-01-04 21:37 . 2010-01-04 21:37 -------- d-----w- c:\program files\Common Files\Skype
2010-01-04 21:37 . 2009-12-31 17:48 -------- d-----r- c:\program files\Skype
2010-01-04 21:31 . 2010-01-04 21:31 -------- d-----w- c:\program files\Inpaint
2010-01-03 23:03 . 2010-01-03 22:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-03 22:14 . 2010-01-03 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-01-02 20:38 . 2010-01-02 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 20:38 . 2010-01-02 20:38 -------- d-----w- c:\program files\Java
2010-01-02 20:38 . 2010-01-02 20:38 152576 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-02 20:36 . 2010-01-02 20:36 79488 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-02 19:24 . 2010-01-02 19:24 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Leadertech
2010-01-02 19:12 . 2010-01-02 19:12 -------- d-----w- c:\program files\Deamon
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\program files\QuickTime
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-01 14:31 . 2009-12-31 18:10 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Apple Computer
2010-01-01 13:58 . 2010-01-01 13:58 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\AnvSoft
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-01 11:52 . 2009-12-31 11:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 18:10 . 2009-12-31 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-31 18:08 . 2009-12-31 18:08 -------- d-----w- c:\program files\Apple Software Update
2009-12-31 18:07 . 2009-12-31 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-31 17:51 . 2009-12-31 17:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 17:48 . 2009-12-31 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-31 15:31 . 2009-12-31 15:31 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Ambient Design
2009-12-31 15:19 . 2009-12-31 15:19 -------- d-----w- c:\program files\uTorrent
2009-12-31 14:03 . 2009-12-31 14:03 -------- d-----w- c:\program files\7-Zip
2009-12-31 14:01 . 2009-12-31 14:01 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 13:59 . 2009-12-31 13:59 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Corel
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Common Files\Corel
2009-12-31 12:36 . 2009-12-31 12:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Corel
2009-12-31 12:27 . 2009-12-31 12:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\program files\MSXML 4.0
2009-12-31 11:17 . 2009-12-31 11:17 -------- d-----w- c:\program files\microsoft frontpage
2009-12-31 11:12 . 2009-12-31 11:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-29 21:29 . 2009-12-31 19:44 258352 ----a-w- c:\windows\system32\unicows.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 86016
Created time: 2010-02-04 16:35
Modified time: 2010-02-04 16:35
MD5: 8C27E380661ECBE327203F3B1456DD2C
SHA1: 56E3ABCA71E56065FB1E91BE7A070DDB8FE6F132


------- Sigcheck -------

[-] 2007-12-29 . 9F960FAC5166F8626B9CDE4DD9A0EB84 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-06_18.49.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 14:28 . 2010-02-07 14:28 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf59ae24-5796-44fc-9575-8d4f383c65f8}]
2010-01-29 14:44 221184 ----a-w- c:\program files\YouTubeMP3Downloader\MinBHOMp3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}"= "c:\program files\YouTubeMP3Downloader\YouTubeMP3.dll" [2010-01-29 704512]

[HKEY_CLASSES_ROOT\clsid\{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3.1]
[HKEY_CLASSES_ROOT\TypeLib\{f20fd027-a5f3-451a-8db1-13298321f6a8}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\x-Death-x\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-24 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2010-1-5 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\YouTubeMP3Downloader\\YouTubeMP3.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.12.2009 12:44 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.12.2009 12:44 19024]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\UZM361.tmp --> c:\docume~1\X-DEAT~1\LOCALS~1\Temp\UZM361.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2.1.2010 20:12 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2.1.2010 20:12 5248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 15:11 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ISAPNP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googlebreak.com/?CID=3&PID=STV
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\
FF - prefs.js: browser.search.selectedEngine - www.googlebreak.com
FF - prefs.js: browser.startup.homepage - hxxp://www.googlebreak.com/?CID=3&PID=STV
FF - plugin: c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 15:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\UZM361.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3328)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2010-02-07 15:40:23
ComboFix-quarantined-files.txt 2010-02-07 14:40
ComboFix2.txt 2010-02-06 18:50

Pre-Run: 51.729.027.072 bytes free
Post-Run: 51.699.220.480 bytes free

- - End Of File - - 863F0CAE70693A84743474C18B32237F
Blog
Poslao: 07 Feb 2010 16:27
ProCarp
AMF pripravnik
 
Pridružio: 04 Jan 2009
Poruke: 1238


[Povratak na vrh]


Ovo sad deluje ok.


Isprati još sledeća uputstva...

Korak 1.


Potrebno je deinstalirati ComboFix:
  • klikni start (ili ), a zatim RUN.

    Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

  • U liniju za unos teksta ukucaj (iskopiraj) sledeće:

  • ComboFix /Uninstall

    Primeti da postoji razmak između "ComboFix" i "/Uninstall".



  • a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Korak 2.


    Ponovo dvoklikom pokreni DeFogger;

  • Pojaviće se MsgBox na kome ćeš kliknuti na taster Re-enable;

  • Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes;

Sačekaj da se procesuiranje programa DeFogger izvrši pa nastavi prema sledećem uputstvu.

Napomena:Na kraju postupka ce biti potrebno ponovno pokretanje Windows-a.
Ovim postupkom će ponovo biti aktivirani CD/DVD emulatori.
Poslao: 07 Feb 2010 17:23
x-Death-x
Građanin
 
Pridružio: 12 Avg 2008
Poruke: 205


Blog: LupoBlog

[Povratak na vrh]


Hvala mnogo...Sada neko od modova neka stavi katanac ako hoce...da drugi nebi piskarali ovuda...

Imas moje postovanje...
Blog


 Napiši novu temu  Odgovori na poruku Strana 1 od 1  

(Registrovanim korisnicima se NE prikazuju reklame)


Srodne teme:
Forum Tema Datum
Windows projekat..HITNO:)???? 28 Avg 2008 22:32
Matematika Limes, hitno... 19 Dec 2009 23:44
Pascal Hitno potrebna pomoc 30 Okt 2008 15:47
Mali Oglasi Hitno potrebna knjiga 25 Feb 2009 13:52
Turizam Utisci iz Nesebara (Bugarska) HITNO!!! 06 Jul 2005 21:13
Mobilna telefonija hitno mi je potreban savet 19 Dec 2008 00:17
Moda Viseći bidermajer - pomoć - hitno! 23 Jun 2009 12:10
Windows tabela u wordu hitno 10 Apr 2006 18:47
Engleski jezik Prevod na engleski, HITNO!!!!!!!!!!!!!!! 26 Jan 2008 20:14
Pascal HITNO 24 Maj 2009 22:16


Vesti Nis music


 Ko je trenutno na forumu 
Ukupno su 225 korisnika na forumu :: 15 Registrovanih, 1 Sakrivenih i 209 Gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Registrovanih korisnika: Brano, Da vam Bata nešto kaže..., despot77, grbe, ivanzj, juba, kole017, maha, miron, MSMarkoN, oblak, Ričard, Sirius, tmst, Žan Klod vam dam
Najjeftiniji 042 Internet u Srbiji



Based on phpBB
 Creative Commons License eXTReMe Tracker
This work is licensed under a Creative Commons License.
Stranica generisana za 0.129 sec
[0.128008 sec (user time) + 0 sec (system time)]
Skripta zauzela u memoriji: 2.197.440 bajta
Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Najnovije poruke - Sitemap - Vojska - DIS - Igrice