MyCity » Ambulanta -> Arhiva Ambulante » Hidden & system neizbrisivi fajl gde mu nije mesto

Hidden & system neizbrisivi fajl gde mu nije mesto

Napisano na dan: 10.8.2008

Hidden & system neizbrisivi fajl gde mu nije mesto

Sledeća strana

Pagination

Odgovori

SlobaBgd Poslao: 10 Avg 2008 14:46 Idi na vrh
offline SlobaBgd Mod u pemziji Pridružio: 10 Okt 2005 Poruke: 13526 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U folderu koji sam ja kreirao, i koji mi služi za download, nalazi se fajl koji ne mogu da obrišem, a ima atribute hidden i system. Win je XP sa SP2, ADSL 512 konekcija. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:40:28, on 10-Aug-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sloba\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.ru/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gatecb.com/gatevc.php?id=icn01 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file) O3 - Toolbar: (no name) - {81705D67-3F73-4983-859B-97D0922E5ABE} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Total Commander.lnk = C:\Program Files\Total Commander\Totalcmd.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6346 bytes

Profil

dr_Bora Poslao: 10 Avg 2008 15:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Citat:U folderu koji sam ja kreirao, i koji mi služi za download, nalazi se fajl koji ne mogu da obrišem, a ima atribute hidden i system. Lokacija/naziv file-a je? Da li je to jedini problem?

Profil

SlobaBgd Poslao: 10 Avg 2008 15:07 Idi na vrh
offline SlobaBgd Mod u pemziji Pridružio: 10 Okt 2005 Poruke: 13526 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Lokacija i ime fajla: c:\Documents and Settings\Sloba\My Documents\Downloads\On my way to... Jedini problem koji ja primećujem je što ne mogu da ga obrišem. Commander mi kaže "not found", a ja ga vidim. Zato i sumnjam na neku infekciju.

Profil

dr_Bora Poslao: 10 Avg 2008 15:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uhh... Zašto mi se čini da znam odakle taj file tu? Postoje ovde i neki tragovi malware-a - uklonićemo to i usput i problematični file. Isprazni iz tog Downloads foldera sve što ti je bitno, pošto ćemo ga kompletnog obrisati... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

SlobaBgd Poslao: 11 Avg 2008 01:36 Idi na vrh
offline SlobaBgd Mod u pemziji Pridružio: 10 Okt 2005 Poruke: 13526 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prvo, izvinjavam se što nisam ranije odgovorio na uputstva, zezao je Telekomov ADSL celo popodne. A sad, evo teksta: ComboFix 08-08-10.02 - Sloba 2008-08-11 1:19:32.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.431 [GMT 2:00] Running from: C:\Documents and Settings\Sloba\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DVD 2\Util\TC Install\Desktop_.ini . ---- Previous Run ------- . C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url C:\WINDOWS\system32\eWebControl.dll C:\WINDOWS\system32\redirect.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 ))))))))))))))))))))))))))))))) . 2008-08-10 15:25 . 2008-08-10 15:26 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-08-10 14:55 . 2008-08-10 14:55 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-08-10 14:55 . 2008-08-11 00:44 45,056 --a------ C:\WINDOWS\NCUNINST.EXE 2008-08-10 13:23 . 2008-08-10 23:59 <DIR> d-------- C:\Flash Games 2008-08-10 12:45 . 2008-08-10 13:20 <DIR> d-------- C:\Documents and Settings\Sloba\Application Data\Eltima Software 2008-08-10 12:39 . 2008-08-10 12:39 <DIR> d--h----- C:\Documents and Settings\Sloba\Application Data\IFViewer 2008-08-10 12:39 . 2008-08-10 12:39 <DIR> d--h----- C:\Documents and Settings\Sloba\Application Data\FVSTemp 2008-08-10 12:38 . 2008-08-10 13:17 <DIR> d-------- C:\Program Files\Flash EXE Builder 1.0 2008-08-09 23:43 . 1998-06-24 00:00 198,456 --a------ C:\WINDOWS\system32\MCI32.OCX 2008-08-09 23:37 . 2008-08-09 23:37 10 --a------ C:\WINDOWS\popcinfo.dat 2008-08-08 23:15 . 2008-08-08 23:16 <DIR> d-------- C:\Program Files\911 CD Builder 2008-08-08 02:38 . 2008-06-29 14:15 109,333 --a------ C:\Temp\Favorites20.06.2008.zip 2008-08-07 13:55 . 2008-08-07 14:44 <DIR> d-------- C:\Documents and Settings\Sloba\Application Data\CDRoller 2008-08-06 22:04 . 2008-08-06 22:04 <DIR> d-------- C:\XHME3DCD 2008-08-05 22:27 . 2008-08-05 22:32 <DIR> d-------- C:\Program Files\FreeCommander 2008-08-05 16:40 . 2008-08-05 16:40 <DIR> d-------- C:\Documents and Settings\Sale 2008-08-02 22:21 . 2003-05-29 12:52 53,760 --------- C:\WINDOWS\uninstyler.exe 2008-08-02 21:35 . 2008-08-02 21:44 <DIR> d-------- C:\Program Files\World Atlas 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\mostxser.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\mostx.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\mostserf.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\most.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\lgot.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\cyrillic.for 2008-08-02 15:32 . 2008-08-02 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\3DWA_L 2008-08-02 00:46 . 2008-07-22 20:46 <DIR> d-------- C:\Documents and Settings\Sloba\Mosby's Medical Encyclopedia 2008-08-01 21:47 . 2008-08-03 13:41 <DIR> d-------- C:\Program Files\Multimedia 2008-08-01 19:39 . 2008-08-02 12:11 <DIR> d-a------ C:\Monitor Test 2008-07-31 22:00 . 2008-07-31 22:00 55,808 --a------ C:\WINDOWS\system32\DevCon.exe 2008-07-31 22:00 . 2008-07-31 22:00 24,576 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\UC.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\RAR.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\LHA.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\ARJ.PIF 2008-07-30 22:52 . 2008-07-30 22:52 0 --a------ C:\WINDOWS\BeoINFO.INI 2008-07-30 22:41 . 2008-07-31 00:49 <DIR> d-------- C:\Program Files\BeoINFO 2008-07-30 22:41 . 1996-12-16 18:30 1,039,360 -ra------ C:\WINDOWS\system32\msjet35.dll 2008-07-30 22:41 . 1999-10-26 23:00 929,844 --a------ C:\WINDOWS\system32\Mfc42d.dll 2008-07-30 22:41 . 1999-10-26 23:00 798,773 --a------ C:\WINDOWS\system32\Mfco42d.dll 2008-07-30 22:41 . 2000-03-06 23:00 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2008-07-30 22:41 . 1999-10-26 23:00 274,485 --a------ C:\WINDOWS\system32\Mfcd42d.dll 2008-07-30 22:41 . 1996-12-02 18:44 251,664 -ra------ C:\WINDOWS\system32\msrd2x35.dll 2008-07-30 22:41 . 1997-01-13 17:18 37,136 -ra------ C:\WINDOWS\system32\msjint35.dll 2008-07-30 22:41 . 1996-12-02 18:44 24,336 -ra------ C:\WINDOWS\system32\msjter35.dll 2008-07-30 18:16 . 2008-07-30 18:16 76,043 --a------ C:\Norton Removal Tool.pdf 2008-07-24 01:40 . 2008-07-24 23:36 <DIR> d-------- C:\Program Files\PE Explorer 2008-07-24 01:40 . 2008-07-24 01:40 <DIR> d-------- C:\Documents and Settings\Sloba\Application Data\PE Explorer 2008-07-21 01:01 . 2008-07-21 01:01 2,568,242 --a------ C:\Booklet.pdf 2008-07-18 01:00 . 2008-07-18 01:00 <DIR> d-------- C:\Documents and Settings\Sloba\.thumbnails 2008-07-16 21:32 . 2008-07-16 21:32 <DIR> d-------- C:\Program Files\Any Password 2008-07-12 23:12 . 2008-07-12 23:12 41 --a------ C:\WINDOWS\KWSW98.DAT 2008-07-11 20:32 . 2008-08-11 01:25 10,328,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-11 20:32 . 2008-08-11 01:11 123,956 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-11 20:28 . 2008-07-11 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 23:13 6,201,400 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-08-10 12:56 1,388,544 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL 2008-08-10 11:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-10 10:43 --------- d-----w C:\Program Files\TC UP 2008-08-08 13:02 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Orbit 2008-08-07 13:07 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Desktop Sidebar 2008-08-06 19:42 --------- d-----w C:\Documents and Settings\Sloba\Application Data\uTorrent 2008-08-06 10:41 --------- d-----w C:\Program Files\Microsoft Virtual PC 2008-08-06 09:23 --------- d-----w C:\Program Files\Windows Tools 2008-08-02 19:43 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-02 12:36 --------- d-----w C:\Documents and Settings\Sloba\Application Data\XnView 2008-08-02 12:00 --------- d-----w C:\Program Files\PhotoScape 2008-07-30 22:52 --------- d-----w C:\Program Files\Graphic 2008-07-30 22:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-30 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-27 19:53 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Winamp 2008-07-27 18:30 --------- d-----w C:\Program Files\Di recnik 2008-07-21 15:38 --------- d-----w C:\Program Files\Internet Tools 2008-07-20 22:24 --------- d-----w C:\Program Files\CD Tools 2008-07-17 23:55 --------- d-----w C:\Program Files\Players 2008-07-15 16:02 537,088 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-07-09 21:06 --------- d-----w C:\Program Files\intocartoonpro 2008-07-09 21:01 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Real Desktop 2008-07-09 19:16 --------- d-----w C:\Program Files\WinHTTrack 2008-07-09 19:02 51,712 ----a-w C:\WINDOWS\wc98pp.dll 2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-02 21:27 --------- d-----w C:\Program Files\Motherboard Monitor 5 2008-06-30 23:11 --------- d-----w C:\Program Files\Desktop Sidebar 2008-06-30 19:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-06-30 19:26 --------- d-----w C:\Documents and Settings\Sloba\Application Data\TuneUp Software 2008-06-30 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-06-21 20:32 --------- d-----w C:\Program Files\ATI Technologies 2008-06-18 15:29 32,256 ----a-w C:\WINDOWS\system32\bbcap.dll 2008-06-18 15:29 3,584 ----a-w C:\WINDOWS\system32\bbchlp.dll 2008-06-18 15:27 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Thinstall 2008-06-09 15:55 17,634,981 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_06_09_17_53_07_full.dmp.zip 2008-05-25 19:10 2,521,088 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-05-07 15:13 2 --shatr C:\WINDOWS\winstart.bat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 22:42 266497] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 15:03 106544 C:\WINDOWS\system32\tweakui.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary] C:\Program Files\Di recnik [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-08-12 22:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-04-26 01:23 288576 C:\Program Files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-06-14 19:32 132760 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDiskAutomount] --a------ 2006-05-28 04:28 139264 C:\Program Files\TC UP\PLUGINS\wfx\VirtualDisk\VirtualDisk.wfx [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2002-10-16 12:24 47104 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 15:50] S3 mpr_freader;MPR FileReader Driver;C:\DOCUME~1\Sloba\LOCALS~1\Temp\RarSFX0\mpr_freader.sys [] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-05-07 18:01] S3 WEBNTACCESS;WEBNTACCESS;C:\WINDOWS\system32\NTACCESS.SYS [2008-04-13 11:21] S3 Winpooch;Winpooch kernel spy;C:\Install\USB_swiss-army-knife\files\X-Winpooch_0.6.6_rev3\Bin\Winpooch\Winpooch.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:35] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file) MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe MSConfigStartUp-EVEREST AutoStart - C:\Everest Ultimate Edition 4.50.1380 www.softarchive.net\everest.exe MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Sloba\Application Data\Mozilla\Firefox\Profiles\shvhjj1b.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 01:25:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-11 1:29:56 ComboFix-quarantined-files.txt 2008-08-10 23:29:49 Pre-Run: 4,850,319,360 bytes free Post-Run: 4,822,392,832 bytes free 227

Profil

dr_Bora Poslao: 11 Avg 2008 16:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj sledeći file na proveru: C:\WINDOWS\uninstyler.exe preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Jesi li ispraznio folder Downloads? Sada ćemo ga obrisati... Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\Documents and Settings\Sloba\My Documents\Downloads FileLook:: C:\WINDOWS\system32\DevCon.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

SlobaBgd Poslao: 11 Avg 2008 22:21 Idi na vrh
offline SlobaBgd Mod u pemziji Pridružio: 10 Okt 2005 Poruke: 13526 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Traženi fajl (C:\WINDOWS\uninstyler.exe) uploadovan. Combofix log fajl : ComboFix 08-08-10.02 - Sloba 2008-08-11 22:06:27.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.434 [GMT 2:00] Running from: C:\Documents and Settings\Sloba\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Sloba\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Sloba\My Documents\Downloads C:\Documents and Settings\Sloba\My Documents\Downloads\On my way to school... . ((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))) . 2008-08-11 21:50 . 2003-05-29 12:52 53,760 --a------ C:\uninstyler.exe 2008-08-10 15:25 . 2008-08-10 15:26 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-08-10 14:55 . 2008-08-10 14:55 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-08-10 14:55 . 2008-08-11 00:44 45,056 --a------ C:\WINDOWS\NCUNINST.EXE 2008-08-10 13:23 . 2008-08-10 23:59 <DIR> d-------- C:\Flash Games 2008-08-10 12:45 . 2008-08-10 13:20 <DIR> d-------- C:\Documents and Settings\Sloba\Application Data\Eltima Software 2008-08-10 12:39 . 2008-08-10 12:39 <DIR> d--h----- C:\Documents and Settings\Sloba\Application Data\IFViewer 2008-08-10 12:39 . 2008-08-10 12:39 <DIR> d--h----- C:\Documents and Settings\Sloba\Application Data\FVSTemp 2008-08-10 12:38 . 2008-08-10 13:17 <DIR> d-------- C:\Program Files\Flash EXE Builder 1.0 2008-08-09 23:43 . 1998-06-24 00:00 198,456 --a------ C:\WINDOWS\system32\MCI32.OCX 2008-08-09 23:37 . 2008-08-09 23:37 10 --a------ C:\WINDOWS\popcinfo.dat 2008-08-08 23:15 . 2008-08-08 23:16 <DIR> d-------- C:\Program Files\911 CD Builder 2008-08-08 02:38 . 2008-06-29 14:15 109,333 --a------ C:\Temp\Favorites20.06.2008.zip 2008-08-07 13:55 . 2008-08-07 14:44 <DIR> d-------- C:\Documents and Settings\Sloba\Application Data\CDRoller 2008-08-06 22:04 . 2008-08-06 22:04 <DIR> d-------- C:\XHME3DCD 2008-08-05 22:27 . 2008-08-05 22:32 <DIR> d-------- C:\Program Files\FreeCommander 2008-08-05 16:40 . 2008-08-05 16:40 <DIR> d-------- C:\Documents and Settings\Sale 2008-08-02 22:21 . 2003-05-29 12:52 53,760 --------- C:\WINDOWS\uninstyler.exe 2008-08-02 21:35 . 2008-08-02 21:44 <DIR> d-------- C:\Program Files\World Atlas 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\mostxser.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\mostx.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\mostserf.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\most.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\lgot.for 2008-08-02 21:18 . 2008-08-02 21:18 1,409 --a------ C:\WINDOWS\cyrillic.for 2008-08-02 15:32 . 2008-08-02 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\3DWA_L 2008-08-02 00:46 . 2008-07-22 20:46 <DIR> d-------- C:\Documents and Settings\Sloba\Mosby's Medical Encyclopedia 2008-08-01 21:47 . 2008-08-03 13:41 <DIR> d-------- C:\Program Files\Multimedia 2008-08-01 19:39 . 2008-08-02 12:11 <DIR> d-a------ C:\Monitor Test 2008-07-31 22:00 . 2008-07-31 22:00 55,808 --a------ C:\WINDOWS\system32\DevCon.exe 2008-07-31 22:00 . 2008-07-31 22:00 24,576 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\UC.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\RAR.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\LHA.PIF 2008-07-31 22:00 . 2008-07-31 22:00 545 --a------ C:\WINDOWS\ARJ.PIF 2008-07-30 22:52 . 2008-07-30 22:52 0 --a------ C:\WINDOWS\BeoINFO.INI 2008-07-30 22:41 . 2008-07-31 00:49 <DIR> d-------- C:\Program Files\BeoINFO 2008-07-30 22:41 . 1996-12-16 18:30 1,039,360 -ra------ C:\WINDOWS\system32\msjet35.dll 2008-07-30 22:41 . 1999-10-26 23:00 929,844 --a------ C:\WINDOWS\system32\Mfc42d.dll 2008-07-30 22:41 . 1999-10-26 23:00 798,773 --a------ C:\WINDOWS\system32\Mfco42d.dll 2008-07-30 22:41 . 2000-03-06 23:00 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2008-07-30 22:41 . 1999-10-26 23:00 274,485 --a------ C:\WINDOWS\system32\Mfcd42d.dll 2008-07-30 22:41 . 1996-12-02 18:44 251,664 -ra------ C:\WINDOWS\system32\msrd2x35.dll 2008-07-30 22:41 . 1997-01-13 17:18 37,136 -ra------ C:\WINDOWS\system32\msjint35.dll 2008-07-30 22:41 . 1996-12-02 18:44 24,336 -ra------ C:\WINDOWS\system32\msjter35.dll 2008-07-30 18:16 . 2008-07-30 18:16 76,043 --a------ C:\Norton Removal Tool.pdf 2008-07-24 01:40 . 2008-07-24 23:36 <DIR> d-------- C:\Program Files\PE Explorer 2008-07-24 01:40 . 2008-07-24 01:40 <DIR> d-------- C:\Documents and Settings\Sloba\Application Data\PE Explorer 2008-07-21 01:01 . 2008-07-21 01:01 2,568,242 --a------ C:\Booklet.pdf 2008-07-18 01:00 . 2008-07-18 01:00 <DIR> d-------- C:\Documents and Settings\Sloba\.thumbnails 2008-07-16 21:32 . 2008-07-16 21:32 <DIR> d-------- C:\Program Files\Any Password 2008-07-12 23:12 . 2008-07-12 23:12 41 --a------ C:\WINDOWS\KWSW98.DAT 2008-07-11 20:32 . 2008-08-11 22:12 10,473,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-11 20:32 . 2008-08-11 21:59 125,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-11 20:28 . 2008-07-11 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-10 23:13 6,201,400 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-08-10 12:56 1,388,544 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL 2008-08-10 11:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-10 10:43 --------- d-----w C:\Program Files\TC UP 2008-08-08 13:02 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Orbit 2008-08-07 13:07 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Desktop Sidebar 2008-08-06 19:42 --------- d-----w C:\Documents and Settings\Sloba\Application Data\uTorrent 2008-08-06 10:41 --------- d-----w C:\Program Files\Microsoft Virtual PC 2008-08-06 09:23 --------- d-----w C:\Program Files\Windows Tools 2008-08-02 19:43 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-02 12:36 --------- d-----w C:\Documents and Settings\Sloba\Application Data\XnView 2008-08-02 12:00 --------- d-----w C:\Program Files\PhotoScape 2008-07-30 22:52 --------- d-----w C:\Program Files\Graphic 2008-07-30 22:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-30 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-27 19:53 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Winamp 2008-07-27 18:30 --------- d-----w C:\Program Files\Di recnik 2008-07-21 15:38 --------- d-----w C:\Program Files\Internet Tools 2008-07-20 22:24 --------- d-----w C:\Program Files\CD Tools 2008-07-17 23:55 --------- d-----w C:\Program Files\Players 2008-07-15 16:02 537,088 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-07-09 21:06 --------- d-----w C:\Program Files\intocartoonpro 2008-07-09 21:01 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Real Desktop 2008-07-09 19:16 --------- d-----w C:\Program Files\WinHTTrack 2008-07-09 19:02 51,712 ----a-w C:\WINDOWS\wc98pp.dll 2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-02 21:27 --------- d-----w C:\Program Files\Motherboard Monitor 5 2008-06-30 23:11 --------- d-----w C:\Program Files\Desktop Sidebar 2008-06-30 19:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-06-30 19:26 --------- d-----w C:\Documents and Settings\Sloba\Application Data\TuneUp Software 2008-06-30 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-06-21 20:32 --------- d-----w C:\Program Files\ATI Technologies 2008-06-18 15:29 32,256 ----a-w C:\WINDOWS\system32\bbcap.dll 2008-06-18 15:29 3,584 ----a-w C:\WINDOWS\system32\bbchlp.dll 2008-06-18 15:27 --------- d-----w C:\Documents and Settings\Sloba\Application Data\Thinstall 2008-06-09 15:55 17,634,981 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_06_09_17_53_07_full.dmp.zip 2008-05-25 19:10 2,521,088 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-05-07 15:13 2 --shatr C:\WINDOWS\winstart.bat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- C:\WINDOWS\system32\DevCon.exe ---- Company: Microsoft Corporation File Description: Windows Setup API File Version: 5.2.3718.0 (dnsrv.021114-1947) Product Name: Microsoftr Windowsr Operating System Copyright: c Microsoft Corporation. All rights reserved. Original file name: SETUPAPI.DLL MD5: c4b470269324517ee838789c7cf5e606 ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 22:42 266497] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 15:03 106544 C:\WINDOWS\system32\tweakui.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary] C:\Program Files\Di recnik [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-08-12 22:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-04-26 01:23 288576 C:\Program Files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-06-14 19:32 132760 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDiskAutomount] --a------ 2006-05-28 04:28 139264 C:\Program Files\TC UP\PLUGINS\wfx\VirtualDisk\VirtualDisk.wfx [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2002-10-16 12:24 47104 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 15:50] S3 mpr_freader;MPR FileReader Driver;C:\DOCUME~1\Sloba\LOCALS~1\Temp\RarSFX0\mpr_freader.sys [] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:56] S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-05-07 18:01] S3 WEBNTACCESS;WEBNTACCESS;C:\WINDOWS\system32\NTACCESS.SYS [2008-04-13 11:21] S3 Winpooch;Winpooch kernel spy;C:\Install\USB_swiss-army-knife\files\X-Winpooch_0.6.6_rev3\Bin\Winpooch\Winpooch.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:35] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 22:11:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-11 22:16:59 ComboFix-quarantined-files.txt 2008-08-11 20:16:44 ComboFix2.txt 2008-08-10 23:29:58 Pre-Run: 5,901,832,192 bytes free Post-Run: 5,871,812,608 bytes free 224

Profil

dr_Bora Poslao: 11 Avg 2008 22:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, file je legitman a mi smo ovde gotovi. Odradi još sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

SlobaBgd Poslao: 11 Avg 2008 22:52 Idi na vrh
offline SlobaBgd Mod u pemziji Pridružio: 10 Okt 2005 Poruke: 13526 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odrađeno sve po uputstvu. Hvala onoliko na trudu, i pohvale za entuzijazam i poznavanje materije.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Hidden & system neizbrisivi fajl gde mu nije mesto

Ko je trenutno na forumu

Ukupno su 1120 korisnika na forumu :: 49 registrovanih, 5 sakrivenih i 1066 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., Andrija357, bagor10, bladesu, Bobrock1, bojcistv, Boris90, BSD, cavatina, darcaud, djboj, Djokkinen, djordjekec, Dorcolac, draganv97, dragoljub11987, flash12, Gosha101980, goxin, ikan, ivan1973, Karla, Kibice, Klecaviks, Komentator, Kubovac, kybonacci, laki_bb, Mi lao shu, milenko crazy north, mrav pesadinac, Oscar, Parker, rovac, scimitar19, SR-3m, Stoilkovic, Tas011, theNedjeljko, Tvrtko I, uros, uruk, Vlada1389, voja64, vukovi, wizzardone, YugoSlav, ZetaMan

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by