MyCity » Ambulanta -> Arhiva Ambulante » Neki nepoznati procesi u Task Manager-u

Neki nepoznati procesi u Task Manager-u

Napisano na dan: 16.2.2010

Neki nepoznati procesi u Task Manager-u

Sledeća strana

Pagination

Odgovori

goust Poslao: 16 Feb 2010 14:44 Idi na vrh
offline goust Elitni građanin Pridružio: 09 Apr 2005 Poruke: 1799	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nesto mi je cudno u poslednje vreme. KIS 7 malo malo pa mi prijavi blocked: phishing address http://.guruman.cn/ URL: http://www.guruman.cn/x/re.php?ver=1&cver=0&id=20041 a pojavio mi se u task manageru ovaj proces kog ranije nisam sretao "setuper.exe" DDS (Ver_09-12-01.01) - NTFSx86 Run by Sasa at 14:20:12,43 on uto 16.02.2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.17 [GMT 1:00] AV: Kaspersky Internet Security On-access scanning enabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security enabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Mv2Player\Mv2PlayerPlus.exe C:\DOCUME~1\Sasa\LOCALS~1\Temp\setuper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Sasa\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Notify: klogon - c:\windows\system32\klogon.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sasa\applic~1\mozilla\firefox\profiles\2cv8dcm6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\documents and settings\sasa\application data\mozilla\firefox\profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: c:\documents and settings\sasa\application data\mozilla\firefox\profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2010-02-15 13:54:53 1047552 ----a-w- c:\windows\system\mfc71u.dll 2010-02-15 13:23:21 0 d-----w- c:\docume~1\sasa\applic~1\URSoft 2010-02-15 13:22:56 0 d-----w- c:\program files\Your Uninstaller 2006 2010-02-15 13:14:53 195 ----a-w- C:\dolphin_log.html 2010-02-15 13:14:04 161631 ----a-w- c:\windows\Animated Wallpaper Maker Uninstaller.exe 2010-02-15 13:13:51 0 d-----w- c:\program files\common files\Thraex Software 2010-02-15 08:38:43 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-02-15 08:38:39 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-02-15 08:38:32 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-02-15 08:38:32 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-02-14 00:03:05 17728 ----a-w- c:\windows\system32\nitrolocalui.dll 2010-02-14 00:03:04 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll 2010-02-14 00:01:04 0 d-----w- c:\program files\common files\Nitro PDF 2010-02-13 23:58:30 0 d-----w- c:\program files\Nitro PDF 2010-02-13 23:44:44 0 d-----w- c:\docume~1\sasa\applic~1\Downloaded Installations 2010-02-12 11:48:39 0 d-----w- c:\program files\BlazeVideo 2010-02-11 21:00:43 0 d-----w- c:\program files\History Sweeper 2010-02-11 17:51:04 0 d-----w- c:\program files\Sygate 2010-02-11 17:51:04 0 d-----w- c:\program files\QuickTime Alternative 2010-02-10 14:02:50 0 d-----w- c:\temp\installtemped 2010-02-10 14:02:50 0 d-----w- C:\Temp 2010-02-09 19:56:02 0 d-----w- c:\docume~1\sasa\applic~1\QuickScan 2010-02-09 12:31:44 0 d-----w- c:\program files\common files\Vbox 2010-02-09 12:31:10 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys 2010-02-09 11:15:37 73728 ----a-w- c:\windows\system\vdremote.dll 2010-02-09 11:15:37 65536 ----a-w- c:\windows\system\vdsvrlnk.dll 2010-02-08 22:07:15 0 d-----w- c:\program files\FreshDevices 2010-02-08 21:56:45 0 d-----w- c:\docume~1\sasa\applic~1\FreshDiagnose 2010-02-08 17:04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-02-08 15:44:59 0 d-----w- c:\windows\XSxS 2010-02-08 15:44:59 0 d-----w- c:\program files\Xenocode 2010-02-07 12:21:30 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest 2010-02-07 12:21:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-02-07 12:21:24 0 d-----w- c:\program files\ffdshow 2010-02-07 12:13:45 0 d-----w- c:\program files\Mv2Player 2010-02-07 11:41:55 0 d-----w- c:\docume~1\sasa\applic~1\Thinstall 2010-02-07 09:00:31 0 d-----w- c:\program files\CCleaner 2010-02-07 08:47:24 671744 ----a-r- c:\windows\system32\DolbyHph.dll 2010-02-07 08:47:24 0 d-----w- c:\program files\NVIDIA Corporation 2010-02-07 08:47:23 24576 ----a-r- c:\windows\system32\msxml3a.dll 2010-02-06 20:33:59 258048 ----a-r- c:\windows\system32\nvwrsel.dll 2010-02-06 20:27:10 623 ----a-w- c:\windows\unins000.dat 2010-02-06 18:48:58 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caa75d0a3ad88a.mof 2010-02-06 18:46:31 376 ----a-w- c:\windows\ODBC.INI 2010-02-06 18:46:11 17920 ----a-w- c:\windows\system32\mdimon.dll 2010-02-06 18:41:38 0 d-----w- c:\program files\Microsoft ActiveSync 2010-02-06 18:39:53 0 d-----w- c:\windows\SHELLNEW 2010-02-06 15:15:15 41984 ----a-r- c:\windows\system32\drivers\fetnd5b.sys 2010-02-06 15:00:20 4444 ----a-w- c:\windows\system32\pid.PNF 2010-02-06 14:55:41 0 d-----w- c:\program files\common files\ODBC 2010-02-06 14:55:35 0 d-----w- c:\program files\common files\SpeechEngines 2010-02-06 14:55:00 0 d-----r- c:\documents and settings\all users\Documents 2010-02-06 14:54:43 0 d-----w- c:\program files\common files\xing shared 2010-02-06 14:53:57 0 d-----w- c:\program files\common files\Real 2010-02-06 14:40:25 0 d-----w- c:\program files\VIA Technologies, Inc 2010-02-06 14:27:26 0 d-----w- c:\program files\Realtek Sound Manager 2010-02-06 14:27:24 0 d-----w- c:\program files\AvRack 2010-02-06 14:17:56 0 d-----w- c:\program files\Kaspersky Lab 2010-02-06 14:17:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2010-02-06 14:09:59 0 d-----w- c:\program files\msn gaming zone 2010-02-06 14:07:41 0 d-sh--w- c:\documents and settings\all users\DRM 2010-02-06 14:07:13 0 d--h--w- c:\program files\WindowsUpdate 2010-02-06 14:07:06 0 d-----w- c:\program files\Online Services 2010-02-06 14:06:25 0 d-----w- c:\program files\common files\MSSoap 2010-02-06 14:03:48 0 d-----w- c:\program files\Windows NT ==================== Find3M ==================== 2010-02-16 13:16:17 5105440 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-02-16 13:07:12 132128 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-02-16 00:12:22 84440 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-16 00:12:22 17276 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-02-15 16:23:35 1248 --sha-w- C:\hvnjovma.sys 2010-02-06 15:13:52 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-02-06 15:13:52 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-02-06 14:54:01 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-02-06 14:54:01 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-02-06 14:04:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-04 18:22:46 6021120 ----a-w- c:\windows\system32\common_res.dll 2010-02-02 11:35:30 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE 2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll ============= FINISH: 14:21:50,64 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Nadam se da sam ispostovao proceduru.

Profil

diarno Poslao: 16 Feb 2010 15:08 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

goust Poslao: 16 Feb 2010 21:02 Idi na vrh
offline goust Elitni građanin Pridružio: 09 Apr 2005 Poruke: 1799	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 16 Feb 2010 15:14 Nesto nece http://download.bleepingcomputer.com/sUBs/ComboFix.exe 404 - Not Found Dopuna: 16 Feb 2010 21:02 Evo tek sad sam uspeo da skinem combo i da iskeniram komp. Evo rezultata ComboFix 10-02-12.01 - Sasa 16.02.2010 20:48:56.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.139 [GMT 1:00] Running from: c:\documents and settings\Sasa\Desktop\ComboFix.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ADS - WINDOWS: deleted 128 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Sasa\LOCALS~1\Temp\svhost.exe . ((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 ))))))))))))))))))))))))))))))) . 2010-02-15 13:55 . 2010-02-15 13:55 -------- d-----w- c:\documents and settings\b 2010-02-15 13:54 . 2003-03-18 20:12 1047552 ----a-w- c:\windows\system\mfc71u.dll 2010-02-15 13:23 . 2010-02-15 13:23 -------- d-----w- c:\documents and settings\Sasa\Application Data\URSoft 2010-02-15 13:23 . 2010-02-15 13:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-15 13:22 . 2010-02-15 13:25 -------- d-----w- c:\program files\Your Uninstaller 2006 2010-02-15 13:14 . 2010-02-15 13:14 161631 ----a-w- c:\windows\Animated Wallpaper Maker Uninstaller.exe 2010-02-15 13:13 . 2010-02-15 13:13 -------- d-----w- c:\program files\Common Files\Thraex Software 2010-02-15 08:38 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-02-15 08:38 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-02-15 08:38 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-02-15 08:38 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-02-14 00:06 . 2010-02-14 00:11 -------- d-----w- c:\documents and settings\Sasa\Application Data\Nitro PDF 2010-02-14 00:03 . 2010-02-02 11:33 17728 ----a-w- c:\windows\system32\nitrolocalui.dll 2010-02-14 00:03 . 2010-02-02 11:33 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll 2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF 2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\program files\Common Files\Nitro PDF 2010-02-13 23:58 . 2010-02-13 23:58 -------- d-----w- c:\program files\Nitro PDF 2010-02-13 23:44 . 2010-02-13 23:44 -------- d-----w- c:\documents and settings\Sasa\Application Data\Downloaded Installations 2010-02-12 11:48 . 2010-02-12 11:48 -------- d-----w- c:\program files\BlazeVideo 2010-02-11 21:00 . 2010-02-11 21:00 -------- d-----w- c:\program files\History Sweeper 2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\Sygate 2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\QuickTime Alternative 2010-02-10 14:02 . 2010-02-10 14:04 -------- d-----w- c:\temp\installtemped 2010-02-10 14:02 . 2010-02-10 14:02 -------- d-----w- C:\Temp 2010-02-09 19:56 . 2010-02-09 20:00 -------- d-----w- c:\documents and settings\Sasa\Application Data\QuickScan 2010-02-09 19:55 . 2010-01-11 16:32 698184 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll 2010-02-09 19:55 . 2010-01-11 16:33 789320 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-02-09 12:31 . 2010-02-09 12:31 -------- d-----w- c:\program files\Common Files\Vbox 2010-02-09 12:31 . 2004-06-03 18:25 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys 2010-02-09 11:15 . 2009-12-24 18:57 73728 ----a-w- c:\windows\system\vdremote.dll 2010-02-09 11:15 . 2009-12-24 18:56 65536 ----a-w- c:\windows\system\vdsvrlnk.dll 2010-02-08 22:07 . 2010-02-08 22:07 -------- d-----w- c:\program files\FreshDevices 2010-02-08 21:56 . 2010-02-08 21:56 -------- d-----w- c:\documents and settings\Sasa\Application Data\FreshDiagnose 2010-02-08 17:04 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-02-08 15:44 . 2010-02-08 15:46 -------- d-----w- c:\windows\XSxS 2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\program files\Xenocode 2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Xenocode 2010-02-07 12:21 . 2010-01-28 11:14 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-02-07 12:21 . 2010-02-07 12:21 -------- d-----w- c:\program files\ffdshow 2010-02-07 12:13 . 2010-02-07 12:26 -------- d-----w- c:\program files\Mv2Player 2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Thinstall 2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Application Data\Thinstall 2010-02-07 09:00 . 2010-02-07 09:00 -------- d-----w- c:\program files\CCleaner 2010-02-07 08:47 . 2010-02-07 08:47 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-07 08:47 . 2003-04-30 12:25 671744 ----a-r- c:\windows\system32\DolbyHph.dll 2010-02-07 08:47 . 2003-04-30 12:24 24576 ----a-r- c:\windows\system32\msxml3a.dll 2010-02-06 23:30 . 2010-02-06 23:30 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\WMTools Downloaded Files 2010-02-06 21:03 . 2010-02-06 21:04 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Adobe 2010-02-06 21:00 . 2010-02-09 12:37 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-06 20:36 . 2010-02-06 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2010-02-06 20:33 . 2003-09-24 11:32 258048 ----a-r- c:\windows\system32\nvwrsel.dll 2010-02-06 20:27 . 2010-02-06 20:27 623 ----a-w- c:\windows\unins000.dat 2010-02-06 18:46 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-02-06 18:46 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft.NET 2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-02-06 18:39 . 2010-02-06 18:41 -------- d-----w- c:\windows\SHELLNEW 2010-02-06 15:15 . 2003-04-24 03:28 41984 ----a-r- c:\windows\system32\drivers\fetnd5b.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-16 19:56 . 2010-02-06 14:17 5270304 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-02-16 19:56 . 2010-02-06 14:17 139040 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-02-16 19:55 . 2010-02-06 14:17 18260 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-02-16 19:55 . 2010-02-06 14:17 87248 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-16 18:54 . 2010-02-06 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-02-15 16:23 . 2010-02-06 14:09 1248 --sha-w- C:\hvnjovma.sys 2010-02-10 17:43 . 2010-02-06 14:22 42168 ----a-w- c:\documents and settings\Sasa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-09 12:22 . 2010-02-06 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-09 12:21 . 2010-02-06 14:27 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-06 18:48 . 2010-02-06 14:07 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-06 15:13 . 2010-02-06 14:22 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-02-06 15:13 . 2010-02-06 14:22 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-02-06 14:54 . 2010-02-06 14:54 -------- d-----w- c:\program files\Common Files\xing shared 2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Real 2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Common Files\Real 2010-02-06 14:54 . 2010-02-06 14:54 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-02-06 14:54 . 2010-02-06 14:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-02-06 14:40 . 2010-02-06 14:40 -------- d-----w- c:\program files\VIA Technologies, Inc 2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\Realtek Sound Manager 2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\AvRack 2010-02-06 14:27 . 2010-02-06 14:27 0 ----a-w- c:\windows\nsreg.dat 2010-02-06 14:17 . 2010-02-06 14:17 -------- d-----w- c:\program files\Kaspersky Lab 2010-02-06 14:09 . 2010-02-06 14:09 -------- d-----w- c:\program files\microsoft frontpage 2010-02-06 14:04 . 2010-02-06 14:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-04 18:22 . 2009-10-03 17:36 6021120 ----a-w- c:\windows\system32\common_res.dll 2010-02-02 11:35 . 2010-02-02 11:35 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE 2010-01-05 10:00 . 2008-04-28 10:01 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2008-04-28 10:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2008-04-28 10:01 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-16 18:43 . 2010-02-06 14:03 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27 . 2008-04-13 22:57 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2008-04-14 00:01 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:11 . 2008-04-14 03:42 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:07 . 2001-08-23 09:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:07 . 2008-04-14 03:42 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:07 . 2008-04-14 03:41 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-21 15:51 . 2008-04-14 03:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . ------- Sigcheck ------- [-] 2008-04-28 . 2E7EA3E8D40C06F7D558E2485F8BD27E . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2010-01-05 124928] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2003-09-24 11:32 49152 ----a-r- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2003-06-10 11:12 55296 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe] 2006-06-02 22:42 176128 ----a-w- c:\program files\History Sweeper\sweeper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-02-06 14:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "nlsX86cc"=2 (0x2) "NitroDriverReadSpool"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4.4.2007 14:58 24344] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2.2.2010 12:35 188736] S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2.2.2010 12:35 65856] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Animated Wallpaper - c:\program files\Animated Wallpaper Maker\Wallpaper Manager.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-16 20:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(972) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\klogon.dll - - - - - - - > 'lsass.exe'(1028-) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll - - - - - - - > 'explorer.exe'(3300) c:\windows\system32\WININET.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-02-16 20:59:51 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-16 19:59 Pre-Run: 7.838.060.544 bytes free Post-Run: 7.918.051.328 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 75431EF72CC6368402E35D4399C4A6E2

Profil

diarno Poslao: 17 Feb 2010 15:12 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\hvnjovma.sys DirLook:: c:\documents and settings\b` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

goust Poslao: 17 Feb 2010 17:38 Idi na vrh
offline goust Elitni građanin Pridružio: 09 Apr 2005 Poruke: 1799	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-02-16.03 - Sasa 17.02.2010 17:25:26.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.134 [GMT 1:00] Running from: c:\documents and settings\Sasa\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sasa\Desktop\CFScript.txt AV: Kaspersky Internet Security On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} FILE :: "C:\hvnjovma.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\hvnjovma.sys . ((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 ))))))))))))))))))))))))))))))) . 2010-02-15 13:55 . 2010-02-15 13:55 -------- d-----w- c:\documents and settings\b 2010-02-15 13:54 . 2003-03-18 20:12 1047552 ----a-w- c:\windows\system\mfc71u.dll 2010-02-15 13:23 . 2010-02-15 13:23 -------- d-----w- c:\documents and settings\Sasa\Application Data\URSoft 2010-02-15 13:23 . 2010-02-17 10:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-15 13:22 . 2010-02-15 13:25 -------- d-----w- c:\program files\Your Uninstaller 2006 2010-02-15 13:14 . 2010-02-15 13:14 161631 ----a-w- c:\windows\Animated Wallpaper Maker Uninstaller.exe 2010-02-15 13:13 . 2010-02-15 13:13 -------- d-----w- c:\program files\Common Files\Thraex Software 2010-02-15 08:38 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-02-15 08:38 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-02-15 08:38 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-02-15 08:38 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-02-14 00:06 . 2010-02-14 00:11 -------- d-----w- c:\documents and settings\Sasa\Application Data\Nitro PDF 2010-02-14 00:03 . 2010-02-02 11:33 17728 ----a-w- c:\windows\system32\nitrolocalui.dll 2010-02-14 00:03 . 2010-02-02 11:33 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll 2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF 2010-02-14 00:01 . 2010-02-14 00:01 -------- d-----w- c:\program files\Common Files\Nitro PDF 2010-02-13 23:58 . 2010-02-13 23:58 -------- d-----w- c:\program files\Nitro PDF 2010-02-13 23:44 . 2010-02-13 23:44 -------- d-----w- c:\documents and settings\Sasa\Application Data\Downloaded Installations 2010-02-12 11:48 . 2010-02-12 11:48 -------- d-----w- c:\program files\BlazeVideo 2010-02-11 21:00 . 2010-02-11 21:00 -------- d-----w- c:\program files\History Sweeper 2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\Sygate 2010-02-11 17:51 . 2010-02-11 17:51 -------- d-----w- c:\program files\QuickTime Alternative 2010-02-10 14:02 . 2010-02-10 14:04 -------- d-----w- c:\temp\installtemped 2010-02-10 14:02 . 2010-02-10 14:02 -------- d-----w- C:\Temp 2010-02-09 19:56 . 2010-02-09 20:00 -------- d-----w- c:\documents and settings\Sasa\Application Data\QuickScan 2010-02-09 19:55 . 2010-01-11 16:32 698184 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll 2010-02-09 19:55 . 2010-01-11 16:33 789320 ----a-w- c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-02-09 12:31 . 2010-02-09 12:31 -------- d-----w- c:\program files\Common Files\Vbox 2010-02-09 12:31 . 2004-06-03 18:25 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys 2010-02-09 11:15 . 2009-12-24 18:57 73728 ----a-w- c:\windows\system\vdremote.dll 2010-02-09 11:15 . 2009-12-24 18:56 65536 ----a-w- c:\windows\system\vdsvrlnk.dll 2010-02-08 22:07 . 2010-02-08 22:07 -------- d-----w- c:\program files\FreshDevices 2010-02-08 21:56 . 2010-02-08 21:56 -------- d-----w- c:\documents and settings\Sasa\Application Data\FreshDiagnose 2010-02-08 17:04 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-02-08 15:44 . 2010-02-08 15:46 -------- d-----w- c:\windows\XSxS 2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\program files\Xenocode 2010-02-08 15:44 . 2010-02-08 15:44 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Xenocode 2010-02-07 12:21 . 2010-02-07 12:21 -------- d-----w- c:\program files\ffdshow 2010-02-07 12:13 . 2010-02-07 12:26 -------- d-----w- c:\program files\Mv2Player 2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Thinstall 2010-02-07 11:41 . 2010-02-07 11:41 -------- d-----w- c:\documents and settings\Sasa\Application Data\Thinstall 2010-02-07 09:00 . 2010-02-07 09:00 -------- d-----w- c:\program files\CCleaner 2010-02-07 08:47 . 2010-02-07 08:47 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-07 08:47 . 2003-04-30 12:25 671744 ----a-r- c:\windows\system32\DolbyHph.dll 2010-02-07 08:47 . 2003-04-30 12:24 24576 ----a-r- c:\windows\system32\msxml3a.dll 2010-02-06 23:30 . 2010-02-06 23:30 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\WMTools Downloaded Files 2010-02-06 21:03 . 2010-02-06 21:04 -------- d-----w- c:\documents and settings\Sasa\Local Settings\Application Data\Adobe 2010-02-06 21:00 . 2010-02-09 12:37 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-06 20:36 . 2010-02-06 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2010-02-06 20:33 . 2003-09-24 11:32 258048 ----a-r- c:\windows\system32\nvwrsel.dll 2010-02-06 20:27 . 2010-02-06 20:27 623 ----a-w- c:\windows\unins000.dat 2010-02-06 18:46 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-02-06 18:46 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft.NET 2010-02-06 18:41 . 2010-02-06 18:41 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-02-06 18:39 . 2010-02-06 18:41 -------- d-----w- c:\windows\SHELLNEW 2010-02-06 15:15 . 2003-04-24 03:28 41984 ----a-r- c:\windows\system32\drivers\fetnd5b.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-17 16:31 . 2010-02-06 14:17 5435168 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-02-17 16:31 . 2010-02-06 14:17 150560 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-02-17 07:03 . 2010-02-06 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-02-17 01:59 . 2010-02-06 14:17 87896 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-17 01:59 . 2010-02-06 14:17 18548 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-02-10 17:43 . 2010-02-06 14:22 42168 ----a-w- c:\documents and settings\Sasa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-09 12:22 . 2010-02-06 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-09 12:21 . 2010-02-06 14:27 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-06 18:48 . 2010-02-06 14:07 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-06 15:13 . 2010-02-06 14:22 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-02-06 15:13 . 2010-02-06 14:22 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-02-06 14:54 . 2010-02-06 14:54 -------- d-----w- c:\program files\Common Files\xing shared 2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Real 2010-02-06 14:54 . 2010-02-06 14:53 -------- d-----w- c:\program files\Common Files\Real 2010-02-06 14:54 . 2010-02-06 14:54 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-02-06 14:54 . 2010-02-06 14:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-02-06 14:40 . 2010-02-06 14:40 -------- d-----w- c:\program files\VIA Technologies, Inc 2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\Realtek Sound Manager 2010-02-06 14:27 . 2010-02-06 14:27 -------- d-----w- c:\program files\AvRack 2010-02-06 14:27 . 2010-02-06 14:27 0 ----a-w- c:\windows\nsreg.dat 2010-02-06 14:17 . 2010-02-06 14:17 -------- d-----w- c:\program files\Kaspersky Lab 2010-02-06 14:09 . 2010-02-06 14:09 -------- d-----w- c:\program files\microsoft frontpage 2010-02-06 14:04 . 2010-02-06 14:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-04 18:22 . 2009-10-03 17:36 6021120 ----a-w- c:\windows\system32\common_res.dll 2010-02-02 11:35 . 2010-02-02 11:35 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE 2010-01-05 10:00 . 2008-04-28 10:01 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2008-04-28 10:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2008-04-28 10:01 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-16 18:43 . 2010-02-06 14:03 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27 . 2008-04-13 22:57 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2008-04-14 00:01 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:11 . 2008-04-14 03:42 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:07 . 2001-08-23 09:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:07 . 2008-04-14 03:42 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:07 . 2008-04-14 03:41 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-21 15:51 . 2008-04-14 03:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\b ---- 2010-02-16 10:52 . 2010-02-16 10:56 5469 ----a-w- c:\documents and settings\b\Application Data\Camera Bits, Inc\Photo Mechanic\PM.log ------- Sigcheck ------- [-] 2008-04-28 . 2E7EA3E8D40C06F7D558E2485F8BD27E . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-16_19.56.42 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-23 08:11 . 2009-12-23 08:11 60273 c:\windows\system32\pthreadGC2.dll + 2009-12-23 08:11 . 2009-12-23 08:11 26624 c:\windows\system32\ff_wmv9.dll + 2009-12-23 08:11 . 2009-12-23 08:11 38400 c:\windows\system32\ff_unrar.dll + 2009-12-23 08:11 . 2009-12-23 08:11 79872 c:\windows\system32\ff_tremor.dll + 2009-12-23 08:11 . 2009-12-23 08:11 97280 c:\windows\system32\ff_realaac.dll + 2009-12-23 08:11 . 2009-12-23 08:11 40960 c:\windows\system32\ff_liba52.dll + 2009-12-23 08:11 . 2009-12-23 08:11 7680 c:\windows\system32\ff_vfw.dll + 2009-12-23 08:11 . 2009-12-23 08:11 662016 c:\windows\system32\xvidcore.dll + 2009-12-23 08:11 . 2009-12-23 08:11 200704 c:\windows\system32\TomsMoComp_ff.dll + 2009-12-23 08:11 . 2009-12-23 08:11 823296 c:\windows\system32\ppsynthesis.dll + 2009-12-23 08:11 . 2009-12-23 08:11 405504 c:\windows\system32\libmplayer.dll + 2009-12-23 08:11 . 2009-12-23 08:11 114688 c:\windows\system32\libmpeg2_ff.dll + 2009-12-23 08:11 . 2009-12-23 08:11 511488 c:\windows\system32\ff_x264.dll + 2009-12-23 08:11 . 2009-12-23 08:11 143360 c:\windows\system32\ff_theora.dll + 2009-12-23 08:11 . 2009-12-23 08:11 122880 c:\windows\system32\ff_samplerate.dll + 2009-12-23 08:11 . 2009-12-23 08:11 118784 c:\windows\system32\ff_libmad.dll + 2009-12-23 08:11 . 2009-12-23 08:11 245760 c:\windows\system32\ff_libfaad2.dll + 2009-12-23 08:11 . 2009-12-23 08:11 155648 c:\windows\system32\ff_libdts.dll + 2009-12-23 08:11 . 2009-12-23 08:11 221184 c:\windows\system32\ff_kernelDeint.dll + 2009-12-23 08:11 . 2009-12-23 08:11 741376 c:\windows\system32\audxlib.dll + 2008-03-26 06:16 . 2008-03-26 06:16 1060864 c:\windows\system32\mfc71.dll + 2009-12-23 08:11 . 2009-12-23 08:11 3190784 c:\windows\system32\libavcodec.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2010-01-05 124928] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2003-09-24 11:32 49152 ----a-r- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2003-06-10 11:12 55296 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe] 2006-06-02 22:42 176128 ----a-w- c:\program files\History Sweeper\sweeper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-02-06 14:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "nlsX86cc"=2 (0x2) "NitroDriverReadSpool"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4.4.2007 14:58 24344] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2.2.2010 12:35 188736] S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2.2.2010 12:35 65856] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\2cv8dcm6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-17 17:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(972) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\klogon.dll - - - - - - - > 'lsass.exe'(1028-) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll . Completion time: 2010-02-17 17:33:51 ComboFix-quarantined-files.txt 2010-02-17 16:33 ComboFix2.txt 2010-02-16 19:59 Pre-Run: 7.875.366.912 bytes free Post-Run: 7.843.905.536 bytes free - - End Of File - - 046438A9B38C2BD26B6B86E073C553CC

Profil

diarno Poslao: 17 Feb 2010 17:40 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

goust Poslao: 17 Feb 2010 19:14 Idi na vrh
offline goust Elitni građanin Pridružio: 09 Apr 2005 Poruke: 1799	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U Task Manager-u nemam vise setuper.exe a i ne pojavljuje mi se upozorenje blocked: phishing address...

Profil

diarno Poslao: 17 Feb 2010 21:57 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok..ovde smo zavrsili..pozzz Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Neki nepoznati procesi u Task Manager-u

Ko je trenutno na forumu

Ukupno su 873 korisnika na forumu :: 25 registrovanih, 7 sakrivenih i 841 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Sale, aleksmajstor, Andrija357, Apok, comi_pfc, drimer, frenki1986, hooraay, HrcAk47, Ivica1102, kihot, ksyyaj, Kubovac, MegaVLAdaR, miodrag, operniki, panzerwaffe, robert1979, Rogan33, savaskytec, Srki94, Srle993, virked, wulfy, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by