MyCity » Ambulanta -> Arhiva Ambulante » Koci komp

Koci komp

Napisano na dan: 19.4.2010

Koci komp

Sledeća strana

Pagination

Odgovori

djole24 Poslao: 19 Apr 2010 12:46 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: evo loga mycity.rs/must-login.png ComboFix 10-04-17.07 - Djordje Milenkovic 19/04/2010 12:08:41.9.1 - x86 Running from: c:\documents and settings\Djordje Milenkovic\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100419-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Zwangie c:\documents and settings\All Users\Application Data\Zwangie\zwangie139.exe c:\program files\Zwangie c:\program files\Zwangie\uninstall.exe c:\program files\Zwangie\zwangie.dll c:\program files\Zwangie\zwangie.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_Zwangie_Service -------\Service_Zwangie Service ((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 ))))))))))))))))))))))))))))))) . 2010-04-17 20:15 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-04-17 20:05 . 2010-04-17 20:05 -------- d-----w- c:\windows\UbiSoft 2010-04-17 19:55 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2010-04-17 19:55 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2010-04-17 19:55 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe 2010-04-17 19:55 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll 2010-04-17 19:55 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv 2010-04-17 19:55 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll 2010-04-17 19:55 . 2010-04-17 19:55 4608 ----a-w- c:\windows\system32\w95inf32.dll 2010-04-17 19:55 . 2010-04-17 19:55 2272 ----a-w- c:\windows\system32\w95inf16.dll 2010-04-14 20:33 . 2010-04-14 20:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554} 2010-04-14 20:31 . 2010-04-14 20:31 -------- d-----w- c:\program files\CursorXP 2010-04-14 20:18 . 2010-04-14 20:36 -------- d-----w- c:\program files\FileSubmit 2010-04-12 20:17 . 1997-09-12 16:25 365056 ----a-w- c:\windows\system32\GLIDE2X.DLL 2010-04-12 20:17 . 1997-09-12 03:03 6816 ----a-w- c:\windows\system32\drivers\MAPMEM.SYS 2010-04-12 20:17 . 1997-09-12 03:03 6336 ----a-w- c:\windows\system32\drivers\NTREMAP.SYS 2010-04-12 20:17 . 1997-09-12 03:03 4832 ----a-w- c:\windows\system32\drivers\GENPORT.SYS 2010-04-10 21:10 . 2010-04-10 21:10 -------- d-----w- c:\program files\Microsoft Games 2010-04-07 15:48 . 2010-04-07 15:48 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\BluetoothDriverInstaller 2010-04-07 15:22 . 2008-04-14 03:42 53760 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll 2010-03-30 19:11 . 2010-03-30 19:11 -------- d-----w- c:\program files\Santa Claus in Trouble 2010-03-28 22:07 . 2010-04-19 09:25 -------- d-----w- c:\program files\Crawler 2010-03-28 17:56 . 2010-03-28 17:56 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-03-28 17:56 . 2010-03-28 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-03-28 17:56 . 2010-04-03 15:48 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\Spyware Terminator 2010-03-28 17:56 . 2010-04-04 19:35 -------- d-----w- c:\program files\Spyware Terminator 2010-03-28 17:52 . 2010-03-28 17:53 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\LimeWire 2010-03-28 17:51 . 2010-03-28 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2010-03-28 17:51 . 2010-03-28 17:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-23 20:39 . 2010-03-23 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-17 21:23 . 2008-08-23 15:11 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\uTorrent 2010-04-17 20:21 . 2007-01-30 19:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-15 07:22 . 2007-03-29 16:56 -------- d-----w- c:\program files\Google 2010-04-14 19:59 . 2007-02-18 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-07 16:02 . 2008-10-18 20:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-28 17:56 . 2010-03-28 17:56 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2010-03-28 17:56 . 2010-03-28 17:56 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys 2010-03-28 17:45 . 2009-02-20 17:24 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe 2010-03-28 17:00 . 2007-01-30 19:54 -------- d-----w- c:\program files\CyberLink 2010-03-28 16:58 . 2009-05-03 20:35 -------- d-----w- c:\program files\VideoLAN 2010-03-28 16:40 . 2008-11-23 13:18 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\IObit 2010-03-25 09:27 . 2010-04-17 20:27 1107264 ----a-w- c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll 2010-03-23 16:49 . 2010-04-14 20:33 2696416 -c--a-w- c:\documents and settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.exe 2010-03-20 08:13 . 2009-02-10 18:09 -------- d-----w- c:\program files\WinFlip 2010-03-17 17:36 . 2009-10-04 13:53 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\ViSplore 2010-03-17 17:35 . 2010-03-17 17:24 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\ViGlance 2010-03-17 17:25 . 2010-03-17 17:20 -------- d-----w- c:\program files\ViStart 2010-03-17 17:24 . 2007-10-15 18:36 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\ViStart 2010-03-17 17:24 . 2007-01-30 19:01 80032 ----a-w- c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-17 17:20 . 2009-02-10 18:09 -------- d-----w- c:\program files\ViSplore 2010-03-17 17:20 . 2009-02-10 18:09 -------- d-----w- c:\program files\TrueTransparency 2010-03-17 17:20 . 2010-03-17 17:20 -------- d-----w- c:\program files\ViGlance 2010-03-17 17:20 . 2010-03-17 17:20 -------- d-----w- c:\program files\Vista Rainbar 2010-03-17 17:20 . 2010-03-17 17:20 -------- d-----w- c:\program files\Vista Drive Icon 2010-03-14 07:36 . 2010-01-19 21:38 -------- d-----w- c:\program files\uTorrent 2010-03-10 06:15 . 2004-08-04 01:07 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-07 16:28 . 2010-03-07 16:28 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-07 16:28 . 2010-03-07 16:28 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-07 16:28 . 2010-03-07 16:27 -------- d-----w- c:\program files\Real 2010-03-06 19:02 . 2010-03-06 19:02 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2010-02-27 23:02 . 2008-11-05 23:09 10 ----a-w- c:\windows\popcinfo.dat 2010-02-25 06:24 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-04 01:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-22 09:46 . 2010-02-22 09:44 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-02-17 07:10 . 2004-08-04 01:07 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-04 01:07 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-04 01:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-11-08 15:39 . 2009-11-08 15:39 8 --sh--r- c:\windows\system32\2E35B4D994.sys 2008-05-19 16:56 . 2008-02-17 12:42 56 --sh--r- c:\windows\system32\CA22E06F88.sys 2009-11-08 15:39 . 2008-02-17 12:31 4340 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-04-14 . FE9BE8E13D786CBBFCDCBE2780188902 . 1432064 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544] "RunNarrator"="Narrator.exe" [2008-04-14 53760] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/04/2007 8:38 691696] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/08/2008 11:41 114768] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28/03/2010 19:56 141312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/08/2008 11:41 20560] R2 GenPort;GenPort;c:\windows\system32\drivers\GENPORT.SYS [12/04/2010 22:17 4832] R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [12/04/2010 22:17 6816] R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [12/04/2010 22:17 6336] S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;c:\windows\system32\drivers\ousbehci.sys [21/02/2008 0:49 29568] S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [29/11/2007 18:25 672128] S3 TOTS;TOTS;c:\docume~1\DJORDJ~1\LOCALS~1\Temp\TOTS.exe --> c:\docume~1\DJORDJ~1\LOCALS~1\Temp\TOTS.exe [?] . Contents of the 'Scheduled Tasks' folder 2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:39] 2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:39] 2010-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-854245398-1654914723-1003Core.job - c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 16:50] 2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-854245398-1654914723-1003UA.job - c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 16:50] 2010-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-854245398-1654914723-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-04-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-854245398-1654914723-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {2311E123-1CF1-11D8-85DE-E8A6F2801631} - hxxps://secure.24x7.co.yu/Volksbank/Retail/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab FF - ProfilePath - c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw= FF - component: c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Crawler\firefox\components\xcomm.dll FF - component: c:\program files\Crawler\firefox\components\xshared.dll FF - component: c:\program files\Crawler\firefox\components\xsupport.dll FF - component: c:\program files\Crawler\firefox\components\xwsg.dll FF - plugin: c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-Zwangie - c:\program files\Zwangie\uninstall.exe AddRemove-Program Files - c:\documents and settings\Djordje Milenkovic\My Documents\KONAMI\Pro Evolution Soccer 2008\save\Uninstal.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-04-19 12:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spyh.sys >>UNKNOWN [0x8778C938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf786cf28 \Driver\ACPI -> ACPI.sys @ 0xf76d4cb8 \Driver\atapi -> atapi.sys @ 0xf7669b40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7572bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7561a0d SendHandler -> NDIS.sys @ 0xf7575b40 user & kernel MBR OK ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-854245398-1654914723-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74EA5219-A6B5-4442-A2A6-E0E7F4EBB61D}] "bbkmhahkhimlbnfinbpoiimhbfcndjgoacce"=hex:61,61,00,00 "abkmhahkhimlbnfinbklnkanbjnmffhpio"=hex:61,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(748-) c:\windows\system32\cscui.dll - - - - - - - > 'explorer.exe'(1904) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\WgaTray.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\NetLimiter 2 Pro\nlsvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\SearchIndexer.exe . ************************************************************************* . Completion time: 2010-04-19 12:25:55 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-19 10:25 Pre-Run: 33.791.475.712 bytes free Post-Run: 33.683.521.536 bytes free Current=6 Default=6 Failed=4 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - 5761A8BDD746ACFCD99AD1CF6C938E63

Profil

Bogdan-Tc Poslao: 19 Apr 2010 15:33 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Citat:evo loga To nije log koji se ovde traži. Ovde piše koji su logovi potrebni http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

djole24 Poslao: 19 Apr 2010 18:24 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 19 Apr 2010 16:35 DDS (Ver_10-03-17.01) - NTFSx86 Run by Djordje Milenkovic at 16:23:36,84 on 19/04/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.399 [GMT 2:00] AV: avast! antivirus 4.8.1368 [VPS 100419-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Spyware Terminator\SpywareTerminator.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Documents and Settings\Djordje Milenkovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Djordje Milenkovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Djordje Milenkovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Djordje Milenkovic\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - TB: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - No File TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe dRunOnce: [RunNarrator] Narrator.exe IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {2311E123-1CF1-11D8-85DE-E8A6F2801631} - hxxps://secure.24x7.co.yu/Volksbank/Retail/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\djordj~1\applic~1\mozilla\firefox\profiles\l8ecqfar.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw= FF - component: c:\documents and settings\djordje milenkovic\application data\mozilla\firefox\profiles\l8ecqfar.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\documents and settings\djordje milenkovic\application data\mozilla\firefox\profiles\l8ecqfar.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\djordje milenkovic\application data\mozilla\firefox\profiles\l8ecqfar.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\djordje milenkovic\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-10 114768] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-3-28 141312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-10 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-10 138680] R2 GenPort;GenPort;c:\windows\system32\drivers\GENPORT.SYS [2010-4-12 4832] R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [2010-4-12 6816] R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [2010-4-12 6336] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-10 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-10 352920] S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;c:\windows\system32\drivers\ousbehci.sys [2008-2-21 29568] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?] S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?] S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?] S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2007-11-29 672128] S3 TOTS;TOTS;c:\docume~1\djordj~1\locals~1\temp\tots.exe --> c:\docume~1\djordj~1\locals~1\temp\TOTS.exe [?] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?] =============== Created Last 30 ================ 2010-04-19 13:57:49 0 d-----w- C:\Themes 2010-04-19 10:06:38 77312 ----a-w- c:\windows\MBR.exe 2010-04-19 10:06:38 261632 ----a-w- c:\windows\PEV.exe 2010-04-17 20:15:03 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-04-17 20:05:09 0 d-----w- c:\windows\UbiSoft 2010-04-17 19:55:27 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2010-04-17 19:55:27 140800 ----a-w- c:\windows\system32\tm20dec.ax 2010-04-17 19:55:25 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2010-04-17 19:55:19 63488 ----a-w- c:\windows\system32\unam4ie.exe 2010-04-17 19:55:16 5672 ----a-w- c:\windows\system32\quartz.vxd 2010-04-17 19:55:16 11776 ----a-w- c:\windows\system32\mciqtz.drv 2010-04-17 19:55:16 10240 ----a-w- c:\windows\system32\vidx16.dll 2010-04-17 19:55:15 194320 ----a-w- c:\windows\system32\qcut.dll 2010-04-17 19:55:14 4608 ----a-w- c:\windows\system32\w95inf32.dll 2010-04-17 19:55:14 2272 ----a-w- c:\windows\system32\w95inf16.dll 2010-04-17 19:54:02 714 ----a-w- c:\windows\disney.ini 2010-04-14 20:33:17 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0 2010-04-12 20:17:47 6816 ----a-w- c:\windows\system32\drivers\MAPMEM.SYS 2010-04-12 20:17:47 6336 ----a-w- c:\windows\system32\drivers\NTREMAP.SYS 2010-04-12 20:17:47 4832 ----a-w- c:\windows\system32\drivers\GENPORT.SYS 2010-04-12 20:17:47 365056 ----a-w- c:\windows\system32\GLIDE2X.DLL 2010-04-07 15:48:38 380416 -c--a-w- c:\windows\system32\dllcache\irprops.cpl 2010-04-07 15:48:38 380416 ----a-w- c:\windows\system32\irprops.cpl 2010-04-07 15:48:13 0 d-----w- c:\docume~1\djordj~1\applic~1\BluetoothDriverInstaller 2010-04-07 15:22:56 53760 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll 2010-03-30 19:11:20 0 d-----w- c:\program files\Santa Claus in Trouble 2010-03-28 17:56:53 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-03-28 17:56:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator 2010-03-28 17:56:51 0 d-----w- c:\docume~1\djordj~1\applic~1\Spyware Terminator 2010-03-28 17:56:46 0 d-----w- c:\program files\Spyware Terminator 2010-03-28 17:52:43 0 d-----w- c:\docume~1\djordj~1\applic~1\LimeWire 2010-03-28 17:51:18 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software 2010-03-28 17:51:15 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-03-23 20:39:00 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit ==================== Find3M ==================== 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 19:02:31 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 07:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2009-11-08 15:39:30 8 --sh--r- c:\windows\system32\2E35B4D994.sys 2008-05-19 16:56:47 56 --sh--r- c:\windows\system32\CA22E06F88.sys 2009-11-08 15:39:30 4340 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 16:25:53,25 =============== mycity.rs/must-login.png Dopuna: 19 Apr 2010 18:24 mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 20 Apr 2010 17:50 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeći tekst: `Driver:: TOTS RegNull:: [HKEY_USERS\S-1-5-21-606747145-854245398-1654914723-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74EA5219-A6B5-4442-A2A6-E0E7F4EBB61D}*]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.

Profil

djole24 Poslao: 20 Apr 2010 21:37 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-04-19.08 - Djordje Milenkovic 20/04/2010 18:43:41.10.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.630 [GMT 2:00] Running from: c:\documents and settings\Djordje Milenkovic\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Djordje Milenkovic\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100420-1] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TOTS -------\Service_TOTS ((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))))) . 2010-04-17 20:15 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-04-17 20:05 . 2010-04-17 20:05 -------- d-----w- c:\windows\UbiSoft 2010-04-17 19:55 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2010-04-17 19:55 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2010-04-17 19:55 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe 2010-04-17 19:55 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll 2010-04-17 19:55 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv 2010-04-17 19:55 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll 2010-04-17 19:55 . 2010-04-17 19:55 4608 ----a-w- c:\windows\system32\w95inf32.dll 2010-04-17 19:55 . 2010-04-17 19:55 2272 ----a-w- c:\windows\system32\w95inf16.dll 2010-04-12 20:17 . 1997-09-12 16:25 365056 ----a-w- c:\windows\system32\GLIDE2X.DLL 2010-04-12 20:17 . 1997-09-12 03:03 6816 ----a-w- c:\windows\system32\drivers\MAPMEM.SYS 2010-04-12 20:17 . 1997-09-12 03:03 6336 ----a-w- c:\windows\system32\drivers\NTREMAP.SYS 2010-04-12 20:17 . 1997-09-12 03:03 4832 ----a-w- c:\windows\system32\drivers\GENPORT.SYS 2010-04-07 15:48 . 2010-04-07 15:48 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\BluetoothDriverInstaller 2010-04-07 15:22 . 2008-04-14 03:42 53760 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll 2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll 2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-04-03 17:22 . 2010-04-03 17:22 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-03-30 19:11 . 2010-03-30 19:11 -------- d-----w- c:\program files\Santa Claus in Trouble 2010-03-28 17:52 . 2010-03-28 17:53 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\LimeWire 2010-03-28 17:51 . 2010-03-28 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2010-03-28 17:51 . 2010-03-28 17:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-23 20:39 . 2010-03-23 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-20 16:53 . 2008-08-23 15:11 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\uTorrent 2010-04-19 18:21 . 2009-09-15 08:53 -------- d-----w- c:\program files\NVIDIA Corporation 2010-04-19 17:56 . 2007-11-17 17:29 -------- d-----w- c:\program files\Common Files\Nero 2010-04-19 17:54 . 2007-11-17 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2010-04-19 14:03 . 2007-01-30 19:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-19 10:31 . 2007-03-29 16:56 -------- d-----w- c:\program files\Google 2010-04-14 19:59 . 2007-02-18 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-07 16:02 . 2008-10-18 20:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-02 14:54 . 2007-02-08 17:10 600680 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-03-28 17:45 . 2009-02-20 17:24 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe 2010-03-28 17:00 . 2007-01-30 19:54 -------- d-----w- c:\program files\CyberLink 2010-03-28 16:40 . 2008-11-23 13:18 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\IObit 2010-03-25 09:27 . 2010-04-17 20:27 1107264 ----a-w- c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll 2010-03-17 17:36 . 2009-10-04 13:53 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\ViSplore 2010-03-17 17:35 . 2010-03-17 17:24 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\ViGlance 2010-03-17 17:24 . 2007-10-15 18:36 -------- d-----w- c:\documents and settings\Djordje Milenkovic\Application Data\ViStart 2010-03-17 17:24 . 2007-01-30 19:01 80032 ----a-w- c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 07:36 . 2010-01-19 21:38 -------- d-----w- c:\program files\uTorrent 2010-03-10 06:15 . 2004-08-04 01:07 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-07 16:28 . 2010-03-07 16:28 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-07 16:28 . 2010-03-07 16:28 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-07 16:28 . 2010-03-07 16:28 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-07 16:28 . 2010-03-07 16:27 -------- d-----w- c:\program files\Real 2010-03-06 19:02 . 2010-03-06 19:02 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2010-02-27 23:02 . 2008-11-05 23:09 10 ----a-w- c:\windows\popcinfo.dat 2010-02-25 06:24 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-04 01:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-22 09:46 . 2010-02-22 09:44 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-02-17 07:10 . 2004-08-04 01:07 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-04 01:07 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-04 01:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-11-08 15:39 . 2009-11-08 15:39 8 --sh--r- c:\windows\system32\2E35B4D994.sys 2008-05-19 16:56 . 2008-02-17 12:42 56 --sh--r- c:\windows\system32\CA22E06F88.sys 2009-11-08 15:39 . 2008-02-17 12:31 4340 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-04-14 . FE9BE8E13D786CBBFCDCBE2780188902 . 1432064 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-13 319792] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544] "RunNarrator"="Narrator.exe" [2008-04-14 53760] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/04/2007 8:38 691696] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/08/2008 11:41 114768] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/08/2008 11:41 20560] R2 GenPort;GenPort;c:\windows\system32\drivers\GENPORT.SYS [12/04/2010 22:17 4832] R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [12/04/2010 22:17 6816] R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [12/04/2010 22:17 6336] S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;c:\windows\system32\drivers\ousbehci.sys [21/02/2008 0:49 29568] S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [29/11/2007 18:25 672128] . Contents of the 'Scheduled Tasks' folder 2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:39] 2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:39] 2010-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-854245398-1654914723-1003Core.job - c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 16:50] 2010-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-854245398-1654914723-1003UA.job - c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 16:50] 2010-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-854245398-1654914723-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-854245398-1654914723-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {2311E123-1CF1-11D8-85DE-E8A6F2801631} - hxxps://secure.24x7.co.yu/Volksbank/Retail/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab FF - ProfilePath - c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw= FF - component: c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\Djordje Milenkovic\Application Data\Mozilla\Firefox\Profiles\l8ecqfar.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\Djordje Milenkovic\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-DivX Subtitle Displayer_is1 - f:\divx subtitle displayer\unins000.exe AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-04-20 18:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spci.sys >>UNKNOWN [0x8778C938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf786cf28 \Driver\ACPI -> ACPI.sys @ 0xf76d4cb8 \Driver\atapi -> atapi.sys @ 0xf7669b40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7572bb0 PacketIndicateHandler -> NDIS.sys @ 0xf757fa21 SendHandler -> NDIS.sys @ 0xf755d87b user & kernel MBR OK ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\cscui.dll - - - - - - - > 'explorer.exe'(2020) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NETSHELL.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\NetLimiter 2 Pro\nlsvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\WgaTray.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe . ************************************************************************ . Completion time: 2010-04-20 19:02:28 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-20 17:02 Pre-Run: 40.469.291.008 bytes free Post-Run: 40.422.244.352 bytes free Current=6 Default=6 Failed=4 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - 25FDBF980307C3E58CB706ED9FE8649B

Profil

Bogdan-Tc Poslao: 20 Apr 2010 23:03 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada sve deluje ok što se tiče malicioznih programa. Ako ti se i dalje pojavljuje problem možeš se raspitati u Windows delu MyCity-ja. http://www.mycity.rs/Windows/ ----------------------- Isprati još sledeće... Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

djole24 Poslao: 21 Apr 2010 15:59 Idi na vrh
offline djole24 Građanin Pridružio: 23 Feb 2008 Poruke: 46 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok hvala puno !!!!!!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Koci komp

Ko je trenutno na forumu

Ukupno su 1226 korisnika na forumu :: 55 registrovanih, 7 sakrivenih i 1164 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, Apok, Areal84, babaroga, Ben Roj, bigfoot, Bobrock1, crnitrn, deLacy, delrey, DPera, draganca, dushan, FileFinder, FOX, galerija, goxin, Grah0, HrcAk47, ILGromovnik, Joco Skljoco, Karla, kjkszpj, Kubovac, ladro, Leonov, Lieutenant, madza, Marko Marković, Metanoja, MrNo, novator, ObelixSRB, Oscar, ozzy, Parker, pein, radoznao, rodoljub, ruger357, S1Mk3, Sirius, slonic_tonic, Steeeefan, stegonosa, styg, Tores, Trpe Grozni, vladulns, W123, wizzardone, wolf431, ZetaMan, zixmix, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by