Winlogon.exe PROBLEM

1

Winlogon.exe PROBLEM

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Kada pokrecem komp poceo je da zabada...a AVG Internet Security mi takodje prijavljuje da winlogon.exe zaraze.

Evo Hijack This log-a:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:40, on 22.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dule\Desktop\New Folder (2)\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = yahoo.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89CB4372-B410-3B5E-8871-86EBCEEBE643} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [avgtray.exe] C:\Program Files\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{22402CD4-CFF5-411C-AD65-7B75DA04C325}: NameServer = 194.106.162.10 194.106.162.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{22402CD4-CFF5-411C-AD65-7B75DA04C325}: NameServer = 194.106.162.10 194.106.162.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{22402CD4-CFF5-411C-AD65-7B75DA04C325}: NameServer = 194.106.162.10 194.106.162.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 5923 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-----------------------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

ComboFix 09-02-21.01 - Dule 2009-02-22 19:30:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2046.1464 [GMT 1:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\ws2help.dll
c:\windows\adober.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-22 18:43 . 2009-02-22 18:43 <DIR> d-------- c:\program files\Trend Micro
2009-02-22 16:58 . 2009-02-22 16:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 16:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 16:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 15:47 . 2009-02-22 19:19 <DIR> d-------- c:\program files\Microsoft Games
2009-02-22 05:56 . 2009-02-22 05:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-02-22 05:17 . 2009-02-22 05:17 <DIR> d-------- c:\documents and settings\LocalService\Application Data\PC Suite
2009-02-22 04:37 . 2009-02-22 04:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-02-22 04:13 . 2009-02-22 04:13 <DIR> d-------- c:\documents and settings\Administrator
2009-02-22 02:58 . 2009-02-22 02:58 <DIR> d-------- c:\program files\EACom
2009-02-16 22:17 . 2009-02-16 22:18 <DIR> d-------- c:\program files\Ubisoft
2009-02-16 13:41 . 2009-02-16 13:47 <DIR> d-------- c:\documents and settings\Dule\Application Data\Chessmaster Challenge
2009-02-08 22:29 . 2009-02-08 22:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-08 22:28 . 2009-02-08 22:28 <DIR> d-------- c:\documents and settings\Dule\Application Data\Nokia
2009-02-08 22:28 . 2009-02-08 22:28 <DIR> d-------- c:\documents and settings\Dule\Application Data\Datalayer
2009-02-08 22:27 . 2009-02-08 22:28 <DIR> d-------- c:\documents and settings\Dule\Phone Browser
2009-02-08 22:23 . 2009-02-08 22:24 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-08 22:22 . 2009-02-08 22:24 <DIR> d-------- c:\program files\Nokia
2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\documents and settings\Dule\Application Data\PC Suite
2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2009-02-08 22:22 . 2009-02-08 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-02-08 22:22 . 2006-05-29 08:26 127,488 --a------ c:\windows\system32\drivers\nmwcd.sys
2009-02-08 22:22 . 2006-05-29 08:26 50,688 --a------ c:\windows\system32\nmwcdcls.dll
2009-02-08 22:22 . 2006-05-29 08:26 30,720 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-08 22:22 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcm.sys
2009-02-08 22:22 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcj.sys
2009-02-08 22:22 . 2006-05-29 08:26 8,704 --a------ c:\windows\system32\drivers\nmwcdc.sys
2009-02-08 22:22 . 2006-05-29 08:26 4,608 --a------ c:\windows\system32\nmwcdlog.dll
2009-02-03 22:42 . 2009-02-03 22:42 <DIR> d-------- c:\windows\Sun
2009-02-03 20:28 . 2009-02-03 20:28 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-03 20:28 . 2009-02-03 20:28 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-28 22:20 . 2009-01-28 22:20 <DIR> d-------- c:\program files\IObit
2009-01-28 21:35 . 2009-01-28 21:35 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-01-28 21:35 . 2009-01-28 21:35 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-01-28 12:24 . 2009-02-22 15:27 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-28 11:42 . 2009-02-22 00:13 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-28 11:42 . 2009-02-15 13:03 <DIR> d-------- c:\documents and settings\Dule\Application Data\AVGTOOLBAR
2009-01-28 11:42 . 2009-02-22 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-28 11:42 . 2009-01-28 11:53 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-28 11:42 . 2009-01-28 11:53 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-28 11:42 . 2009-01-28 11:52 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-28 11:42 . 2009-01-28 11:53 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-28 11:40 . 2009-01-28 11:40 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-28 11:40 . 2009-01-28 11:40 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-27 23:08 . 2009-01-27 23:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\Locktime
2009-01-27 23:06 . 2009-01-27 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime
2009-01-27 19:20 . 2009-01-27 19:20 <DIR> d--h----- c:\windows\PIF
2009-01-25 23:40 . 2008-04-14 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-25 18:43 . 2009-01-25 18:43 <DIR> d-------- c:\program files\Java
2009-01-25 18:43 . 2009-01-25 18:43 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-25 18:43 . 2009-01-25 18:43 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-25 15:39 . 2009-01-26 20:35 <DIR> d-------- c:\documents and settings\Dule\Application Data\IObit
2009-01-25 11:19 . 2009-01-25 11:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-01-25 11:13 . 2007-12-18 02:25 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat
2009-01-25 11:13 . 2007-12-18 02:25 3,107,788 -ra------ c:\windows\system32\ativva5x.dat
2009-01-25 11:13 . 2007-12-18 02:25 887,724 -ra------ c:\windows\system32\ativva6x.dat
2009-01-25 11:13 . 2008-12-01 14:35 614,400 --------- c:\windows\system32\ati2sgag.exe
2009-01-25 11:13 . 2008-12-01 21:52 425,984 --a------ c:\windows\system32\ATIDEMGX.dll
2009-01-25 11:13 . 2008-12-01 21:19 307,200 --a------ c:\windows\system32\atiiiexx.dll
2009-01-25 11:13 . 2008-10-30 15:45 180,720 --a------ c:\windows\system32\atiicdxx.dat
2009-01-25 11:13 . 2008-10-17 15:19 15,079 --a------ c:\windows\atiogl.xml
2009-01-25 11:13 . 2007-08-31 02:20 7,167 -ra------ c:\windows\system32\atifglpf.xml
2009-01-25 11:12 . 2009-01-25 11:16 <DIR> d-------- c:\program files\ATI Technologies
2009-01-25 11:06 . 2009-01-25 11:06 10 --a------ c:\windows\WININIT.INI
2009-01-25 01:54 . 2009-01-25 01:54 <DIR> d-------- C:\ATI
2009-01-25 00:05 . 2009-02-22 02:03 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-25 00:05 . 2009-01-25 00:05 1,409 --a------ c:\windows\QTFont.for
2009-01-24 23:19 . 2009-01-24 23:19 <DIR> dr-h----- c:\documents and settings\Dule\Application Data\SecuROM
2009-01-24 23:17 . 2009-01-24 23:17 <DIR> d-------- c:\windows\system32\xlive
2009-01-24 23:17 . 2009-01-24 23:17 <DIR> d-------- c:\windows\Logs
2009-01-24 23:17 . 2009-01-24 23:44 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-24 23:17 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2009-01-24 23:17 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2009-01-24 23:17 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2009-01-24 22:51 . 2009-01-24 22:51 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-24 22:50 . 2009-01-24 22:50 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-24 22:50 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-24 22:49 . 2009-01-26 20:32 <DIR> d-------- c:\program files\Rockstar Games
2009-01-23 21:01 . 2009-01-23 21:01 268 --ah----- C:\sqmdata19.sqm
2009-01-23 21:01 . 2009-01-23 21:01 244 --ah----- C:\sqmnoopt19.sqm
2009-01-23 21:00 . 2009-01-23 21:00 268 --ah----- C:\sqmdata18.sqm
2009-01-23 21:00 . 2009-01-23 21:00 244 --ah----- C:\sqmnoopt18.sqm
2009-01-23 20:20 . 2009-01-23 21:07 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-01-23 20:20 . 2009-01-23 21:07 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-01-23 18:00 . 2009-01-23 18:00 <DIR> d-------- c:\documents and settings\Dule\Application Data\Malwarebytes
2009-01-23 18:00 . 2009-01-23 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-23 17:56 . 2009-01-23 17:56 268 --ah----- C:\sqmdata17.sqm
2009-01-23 17:56 . 2009-01-23 17:56 244 --ah----- C:\sqmnoopt17.sqm
2009-01-23 02:49 . 2009-01-23 02:49 268 --ah----- C:\sqmdata16.sqm
2009-01-23 02:49 . 2009-01-23 02:49 244 --ah----- C:\sqmnoopt16.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 18:29 --------- d-----w c:\documents and settings\Dule\Application Data\uTorrent
2009-02-22 02:34 --------- d-----w c:\program files\Electronic Arts
2009-02-22 02:33 --------- d-----w c:\program files\Chess3D
2009-02-21 23:48 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-17 12:39 --------- d-----w c:\documents and settings\Dule\Application Data\dvdcss
2009-02-15 20:53 --------- d-----w c:\program files\Bridge Building Game
2009-02-15 19:17 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-08 21:22 --------- d-----w c:\program files\DIFX
2009-01-26 19:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 21:53 --------- d-----w c:\program files\MSBuild
2009-01-23 20:03 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-17 16:24 --------- d-----w c:\documents and settings\Dule\Application Data\iolo
2009-01-17 00:04 --------- d-----w c:\program files\City Interactive
2009-01-16 15:23 --------- d-----w c:\documents and settings\Dule\Application Data\Leadertech
2009-01-15 22:34 307,200 ----a-w c:\windows\iun506.exe
2009-01-15 16:21 --------- d-----w c:\program files\Mario Forever
2008-12-31 21:28 --------- d-----w c:\program files\KONAMI
2008-12-31 21:26 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-28 13:44 --------- d-----w c:\documents and settings\Dule\Application Data\vlc
2008-12-28 13:02 --------- d-----w c:\program files\Chec
2008-12-27 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-12-25 22:29 --------- d-----w c:\program files\MSN Messenger
2008-12-25 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-25 21:52 --------- d-----w c:\program files\Microsoft Works
2008-12-25 21:51 --------- d-----w c:\program files\Microsoft.NET
2008-12-25 21:50 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-25 21:48 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Lite
2008-12-25 20:00 --------- d-----w c:\program files\uTorrent
2008-12-25 18:54 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Pro
2008-12-25 18:54 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools
2008-12-25 18:53 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-25 18:46 --------- d-----w c:\program files\EA GAMES
2008-12-25 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-25 18:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-25 18:24 --------- d-----w c:\program files\Common Files\Ahead
2008-12-25 18:24 --------- d-----w c:\program files\Ahead
2008-12-25 18:22 --------- d-----w c:\program files\VideoLAN
2008-12-25 18:19 --------- d-----w c:\program files\Google
2008-12-25 18:13 --------- d-----w c:\program files\AVG
2008-12-25 17:45 --------- d-----w c:\documents and settings\Dule\Application Data\Media Player Classic
2008-12-25 17:35 32 ----a-w c:\windows\system32\drivers\adidsl.cfg
2008-12-25 17:33 --------- d-----w c:\program files\SAGEM
2008-12-25 17:09 --------- d-----w c:\program files\Real Alternative
2008-12-25 17:09 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-25 17:08 --------- d-----w c:\program files\QuickTime Alternative
2008-12-25 17:08 --------- d-----w c:\program files\Media Player Classic
2008-12-25 17:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-25 16:49 16,512 ----a-w c:\windows\gdrv.sys
2008-12-25 16:41 --------- d-----w c:\program files\Winamp
2008-12-25 16:29 --------- d-----w c:\documents and settings\Dule\Application Data\ATI
2008-12-25 16:18 --------- d-----w c:\program files\Realtek
2008-12-25 16:18 --------- d-----w c:\documents and settings\Dule\Application Data\InstallShield
2008-12-25 16:16 335,872 ----a-w c:\windows\HideWin.exe
2008-12-25 16:10 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2008-04-14 13:00 1051136 27fdbacb2b21d2f3a17a8e811e291de3 c:\windows\explorer.exe
2008-04-14 13:00 1050624 0f7b82b5ca859a87416147a3ee7e1c75 c:\windows\system32\dllcache\explorer.exe

2008-04-14 13:00 32768 636ea09eb02a085791b76ececac40444 c:\windows\system32\ctfmon.exe
2008-04-14 13:00 32768 b4aed8d9adb576917f15c04162fadf80 c:\windows\system32\dllcache\ctfmon.exe

2008-04-14 13:00 75264 18abb99c746b27d9ccce2aef7d4df7e3 c:\windows\system32\spoolsv.exe
2008-04-14 13:00 74752 2a5a429d53192dda303fa31dac95067f c:\windows\system32\dllcache\spoolsv.exe

2008-04-14 13:00 43008 2cdf628d2dd1827c6e25b8c908408fed c:\windows\system32\userinit.exe
2008-04-14 13:00 43520 2de9bb9449ff92857e09dadcd7fde898 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 32768]
"avgtray.exe"="c:\program files\AVG\AVG8\avgtray.exe" [2009-01-28 1601304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-25 1205840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-28 11:53 10520 c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2009-01-09 15:54 2262352 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 237000 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 176128 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
--a------ 2009-01-06 11:42 202064 c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-25 18:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 18:38 52224 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 221184 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 90112 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-08-20 08:38 16403968 c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16962:TCP"= 16962:TCP:NortonAV
"17667:TCP"= 17667:TCP:NortonAV

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-28 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-28 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-28 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-28 1339600]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-22 170640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-28 29208]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-12-25 104344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-22 15504]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-12-25 69656]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-28 29208]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
.
Contents of the 'Scheduled Tasks' folder

2009-02-21 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37]

2009-02-21 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-02-22 18:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{89CB4372-B410-3B5E-8871-86EBCEEBE643} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
TCP: {22402CD4-CFF5-411C-AD65-7B75DA04C325} = 194.106.162.10 194.106.162.3
FF - ProfilePath - c:\documents and settings\Dule\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-22 19:33:10
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1409082233-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:5f,f4,01,f8,84,21,ef,ea,06,95,47,82,cf,fb,96,90,34,05,e8,e1,d4,
87,25,30,71,8f,fa,e3,cf,e3,10,90,ca,3a,bb,33,8c,b8,54,5d,e8,a3,b5,d0,5d,ca,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-22 19:34:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 18:34:40

Pre-Run: 50.505.838.592 bytes free
Post-Run: 50,504,982,528 bytes free

305 --- E O F --- 2009-01-25 22:40:12

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Nesto nije u redu sa programom...ne mogu da ga pokrenem,jel ima neki drugi?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\windows\system32\userinit.exe

preko:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Uradio....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Probaj ovo:

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Iskopiraj sadržaj tog izveštaja u iduću poruku.

--------------------------

Jel imas neki AVG log, da vidim sta pise?

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 17
  • Gde živiš: Novi Beograd

Moram da restartujem komp da bih ti pokazao....
Zato sto samo napise....da je pronadjena zarazena datoteka pod procesom winlogon.exe,a ne mogu da je odstranim i pise ime datoteke(nesto trojan.sc/ds/php <---- nije tacan naziv al' znam da na kraju ima php....

Dopuna: 22 Feb 2009 20:46

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/02/22 20:37
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xF77CF000 Size: 30592 File Visible: No
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7677000 Size: 60416 File Visible: No
Status: -

Name: PCI_PNP8342
Image Path: \Driver\PCI_PNP8342
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xA4A0D000 Size: 6464 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA492E000 Size: 45056 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: spwx.sys
Image Path: spwx.sys
Address: 0xF74D6000 Size: 1048576 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Temp\358f35d4-30a5-4be8-a9de-82bb94aedf81.tmp
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: C:\Documents and Settings\Dule\Local Settings\temp\etilqs_ainLkIDNoi30WprdnPzk
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\FA50B60Ad01
Status: Size mismatch (API: 16988, Raw: 17017)

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\_CACHE_001_
Status: Size mismatch (API: 740422, Raw: 739207)

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\01\13-{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v13-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\15\15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-Partial.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\miloslalic@hotmail.com\DFSR\Staging\CS{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}\01\12-{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v12-Downloaded.frx
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_CREATE]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_CLOSE]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_POWER]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_PNP]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CREATE]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLOSE]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_READ]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SHUTDOWN]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLEANUP]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_PNP]
Process: System Address: 0x895c63a0 Size: -

Dopuna: 22 Feb 2009 21:05

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/02/22 20:37
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xF77CF000 Size: 30592 File Visible: No
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7677000 Size: 60416 File Visible: No
Status: -

Name: PCI_PNP8342
Image Path: \Driver\PCI_PNP8342
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xA4A0D000 Size: 6464 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA492E000 Size: 45056 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: spwx.sys
Image Path: spwx.sys
Address: 0xF74D6000 Size: 1048576 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Temp\358f35d4-30a5-4be8-a9de-82bb94aedf81.tmp
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: C:\Documents and Settings\Dule\Local Settings\temp\etilqs_ainLkIDNoi30WprdnPzk
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\FA50B60Ad01
Status: Size mismatch (API: 16988, Raw: 17017)

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Mozilla\Firefox\Profiles\sx6w9550.default\Cache\_CACHE_001_
Status: Size mismatch (API: 740422, Raw: 739207)

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\01\13-{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v13-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\milanadamovic@live.com\DFSR\Staging\CS{DC4F8574-7216-292C-A7EB-B62B6B2FB7F6}\15\15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-{6E816F0B-5CD2-4462-9364-AF75F6EC82F2}-v15-Partial.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Dule\Local Settings\Application Data\Microsoft\Messenger\dushan1389@gmail.com\SharingMetadata\miloslalic@hotmail.com\DFSR\Staging\CS{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}\01\12-{3DD21A01-858B-4A1D-A064-B3B6DF5FE428}-v1-{6FDCBFE1-C3CD-4BC4-9347-F9CCD7979093}-v12-Downloaded.frx
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89c0e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89a1a500 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89b9c1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8995a1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89c101f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_CREATE]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_CLOSE]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_POWER]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: Sys, IRP_MJ_PNP]
Process: System Address: 0x899251f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x88ec51f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x899fe1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x88eb41f8 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CREATE]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLOSE]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_READ]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_SHUTDOWN]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_CLEANUP]
Process: System Address: 0x895c63a0 Size: -

Object: Hidden Code [Driver: HDAUDIO#, IRP_MJ_PNP]
Process: System Address: 0x895c63a0 Size: -

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Prijatelju, imam za tebe veoma lose vesti, zarazio si se sa takvom infekcijom, da ti nema pomoci.

Ono što je potrebno da imaš na umu jeste da je Virut (ono cime si zarazen) file infektor (klasičan virus), što znači da ako formatiraš samo sistemsku particiju a ne i ostale (ako ih imaš), postoji mogućnost da na ostalim particijama postoje inficirani file-ovi.

A to opet znači da prva stvar koju treba da uradiš nakon instalacije Windows-a jeste da skeniraš sve što nije formatirano kako bi izbegao reinfekciju.

Srecno....

Ko je trenutno na forumu
 

Ukupno su 1048 korisnika na forumu :: 47 registrovanih, 8 sakrivenih i 993 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Asparagus, babaroga, bankulen, bojanM84, bokisha253, BORUTUS, BraneS, brundo65, CrazyDiablo, Dannyboy, doklevise, DonRumataEstorski, Duh sa sekirom, GandorCC, GenZee, Georgius, havoc995, ikan, Ivan Campo, Karla, kunktator, kybonacci, ljuba, ljubacv, LUDI, Luka Blažević, Metanoja, mgolub, misa1xx, mrav pesadinac, naki011, Nemanja.M, nenad81, operniki, Parker, raptorsi, sap, sasakrajina, savaskytec, slonic_tonic, solic, stalja, Stija zmija, vladulns, Wrangler, zlaya011