MyCity » Ambulanta -> Arhiva Ambulante » sumnjam na virus

sumnjam na virus

Napisano na dan: 19.11.2008

sumnjam na virus

Sledeća strana

Pagination

Odgovori

Sub Zero Poslao: 19 Nov 2008 19:00 Idi na vrh
offline Sub Zero Ugledni građanin Pridružio: 13 Nov 2008 Poruke: 467 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:45:39, on 19.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\ups.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\gigabyte\RCApp\RCApp.exe C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Korisnik\Desktop\gf\gf.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.4um.rs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RCApp] C:\Program Files\gigabyte\RCApp\RCApp.exe O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: Paleta Alatki RoboForm-a - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Podesi Meni - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Puni Formular - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Saèuvaj Formular - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Puni - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Puni Formular - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Sacuvaj - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Sacuvaj Formular - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Paleta Alatki RoboForm-a - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.4um.rs O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6.....8363179156 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - AppInit_DLLs: ,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe (file missing) -- End of file - 11243 bytes Od pre par dana posle izlaska iz standby nalazim neke ikonice na desktopu pomerene,nemam pristup netu sve do resetovanja racunara i ponekad kada ga upalim ikonice se pojave tek posle minut dva. KAV,A-squared,Malwarebytes ne nalaze nista.

Profil

Piksi Poslao: 19 Nov 2008 22:39 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Priloženi log ne pokazuje tragove malware-a. Ipak, izvršićemo još jednu proveru -> * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Sub Zero Poslao: 20 Nov 2008 12:39 Idi na vrh
offline Sub Zero Ugledni građanin Pridružio: 13 Nov 2008 Poruke: 467 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-19.08 - Korisnik 2008-11-20 12:25:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.597 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\setup.exe . ((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 ))))))))))))))))))))))))))))))) . 2008-11-16 15:50 . 2008-11-16 15:50 <DIR> d-------- c:\program files\Common Files\McAfee 2008-11-16 15:49 . 2008-11-18 15:02 <DIR> d-------- c:\program files\McAfee 2008-11-16 15:40 . 2008-11-16 15:40 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\SiteAdvisor 2008-11-16 15:40 . 2008-11-16 15:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-11-16 15:40 . 2008-11-16 15:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-11-13 11:20 . 2008-11-13 11:20 <DIR> d-------- c:\program files\Tall Emu 2008-11-13 11:20 . 2008-11-20 12:22 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\OnlineArmor 2008-11-13 11:20 . 2008-11-13 11:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\OnlineArmor 2008-11-13 11:20 . 2008-10-07 00:09 178,376 --a------ c:\windows\system32\drivers\OADriver.sys 2008-11-13 11:20 . 2008-10-07 00:09 30,920 --a------ c:\windows\system32\drivers\OAmon.sys 2008-11-13 11:20 . 2008-10-07 00:09 28,872 --a------ c:\windows\system32\drivers\OAnet.sys 2008-11-12 10:58 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 10:57 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-09 19:11 . 2008-11-09 19:11 <DIR> d-------- c:\program files\Common Files\Scanner 2008-11-09 17:28 . 2006-02-28 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys_old 2008-11-08 16:14 . 2008-11-08 16:15 <DIR> d-------- c:\windows\system32\Adobe 2008-11-02 16:19 . 2008-11-02 16:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-02 16:19 . 2008-11-02 16:19 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Malwarebytes 2008-11-02 16:19 . 2008-11-02 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-02 16:19 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-02 16:19 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-10-27 16:37 . 2008-10-27 16:39 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-10-24 14:01 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 11:34 . 2008-11-18 20:56 <DIR> d-------- c:\program files\Spyware Terminator 2008-10-21 11:34 . 2008-11-18 20:56 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Spyware Terminator 2008-10-21 11:34 . 2008-11-18 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2008-10-21 11:34 . 2008-10-21 11:34 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2008-10-20 10:08 . 2008-10-20 10:08 <DIR> d-------- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-20 11:30 5,555,232 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-11-20 11:30 491,552 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-11-20 11:30 45,528 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-11-20 11:30 3,808 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-11-20 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-19 13:50 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-11-19 12:58 --------- d-----w c:\program files\a-squared Free 2008-11-18 14:40 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-11 10:46 --------- d-----w c:\documents and settings\Korisnik\Application Data\temp 2008-11-08 13:01 --------- d-----w c:\program files\Opera 2008-10-27 17:34 --------- d-----w c:\program files\7-Zip 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 10:14 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-14 10:03 --------- d-----w c:\program files\VS Revo Group 2008-10-10 13:39 249,592 ----a-w c:\windows\system32\cssdll32.dll 2008-10-10 09:25 96,976 ----a-w c:\windows\system32\drivers\klin.dat 2008-10-10 09:07 87,855 ----a-w c:\windows\system32\drivers\klick.dat 2008-10-10 09:06 --------- d-----w c:\program files\Kaspersky Lab 2008-10-09 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-10-04 13:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-03 14:30 --------- d-----w c:\program files\AGEIA Technologies 2008-10-02 13:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-10-01 10:00 --------- d-----w c:\documents and settings\Korisnik\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-10-01 09:58 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-10-01 09:58 --------- d-----w c:\program files\Common Files\Adobe 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-25 15:24 --------- d-----w c:\program files\Windows Media Connect 2 2008-09-25 10:48 --------- d-----w c:\program files\Auslogics 2008-09-25 10:48 --------- d-----w c:\documents and settings\Korisnik\Application Data\Auslogics 2008-09-25 09:55 --------- d-----w c:\program files\Conduit 2008-09-25 09:49 50,688 -c--a-w c:\windows\system32\wbhelp2.dll 2008-09-24 16:32 --------- d-----w c:\program files\Windows Live 2008-09-24 11:11 --------- d-----w c:\documents and settings\Korisnik\Application Data\IObit 2008-09-24 10:45 --------- d-----w c:\program files\IObit 2008-09-23 13:52 --------- d-----w c:\program files\Nokia 2008-09-23 13:52 --------- d-----w c:\program files\Common Files\Nokia 2008-09-23 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-09-17 07:55 453,152 -c--a-w c:\windows\system32\nvudisp.exe 2008-09-16 19:27 453,152 -c--a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 -c----w c:\windows\system32\msxml6.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-04 07:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-08-29 06:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-25 15:00 413,696 -c--a-w c:\windows\system32\wrap_oal.dll 2008-08-25 15:00 110,592 -c--a-w c:\windows\system32\OpenAL32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "RCApp"="c:\program files\gigabyte\RCApp\RCApp.exe" [2007-04-24 689664] "SmartRAM"="c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-26 185896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-10-07 6223048] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-21 1783808] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Tall Emu\Online Armor\oaevent.dll" [2008-10-07 886984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a--c-t- 2008-09-02 20:45 133104 c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a--c--- 2008-08-11 07:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] --a--c--- 2008-10-25 12:06 160592 c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] --a------ 2008-10-21 11:34 1783808 c:\progra~1\Spyware Terminator\SpywareTerminatorShield.Exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys [2008-11-13 178376] R1 OAmon;OAmon;\??\c:\windows\system32\drivers\OAmon.sys [2008-11-13 30920] R1 OAnet;OAnet;\??\c:\windows\system32\drivers\OAnet.sys [2008-11-13 28872] R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-21 141312] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-16 203280] R2 OAcat;Online Armor Helper Service;"c:\program files\Tall Emu\Online Armor\oacat.exe" [2008-11-13 1402568] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2008-11-13 3321032] R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-03-22 826752] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328] S2 sbbotdi;sbbotdi;\??\c:\progra~1\SpeedBit Video Accelerator\sbbotdi.sys [] S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [] S3 cpuz129;cpuz129;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\cpuz_x32.sys [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-13 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-13 8320] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7706e2a-446b-11dc-b6ae-806d6172696f}] \Shell\AutoRun\command - C:\setup.exe . Contents of the 'Scheduled Tasks' folder 2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 20:45] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\89tveu0z.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1703502&SearchSource=3&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/ FF -: plugin - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll FF -: plugin - c:\program files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-20 12:31:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\a-squared Free\a2service.exe c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\nvsvc32.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Tall Emu\Online Armor\oahlp.exe . ************************************************************************ . Completion time: 2008-11-20 12:33:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-20 11:33:20 Pre-Run: 30.857.101.312 bytes free Post-Run: 30,763,147,264 bytes free 221 --- E O F --- 2008-11-12 10:03:39

Profil

Piksi Poslao: 20 Nov 2008 20:32 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uplaoduj mi sledeće file-ove na proveru: c:\windows\system32\drivers\beep.sys c:\windows\system32\drivers\beep.sys_old Upload link: http://www.mycity.rs/ambulanta-upload.php Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili

Profil

Sub Zero Poslao: 20 Nov 2008 22:32 Idi na vrh
offline Sub Zero Ugledni građanin Pridružio: 13 Nov 2008 Poruke: 467 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-20 22:01:03 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF0E3A81A] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwAllocateVirtualMemory [0xF0BF40F0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwAssignProcessToJobObject [0xF0BF46E0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xF0E3ADC6] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwConnectPort [0xF0BF3370] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateFile [0xF0C00E80] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateKey [0xF0BFF1B0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreatePort [0xF0BF31D0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateProcess [0xF0BF0A10] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateProcessEx [0xF0BF0DE0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateSection [0xF0BF0520] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF0E3E18C] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateThread [0xF0BF1C80] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDebugActiveProcess [0xF0BF27B0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteFile [0xF0C019C0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteKey [0xF0BFF760] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteValueKey [0xF0C000B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xF0E3C4EC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xF0E3E698] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwEnumerateKey [0xF0C00E20] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwEnumerateValueKey [0xF0C00E50] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xF0E3C3A2] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwLoadDriver [0xF0BF3BC0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenFile [0xF0C015D0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenKey [0xF0BFF9A0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenProcess [0xF0BF1780] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenSection [0xF0BF07A0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenThread [0xF0BF2140] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwProtectVirtualMemory [0xF0BF4390] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwQueryKey [0xF0C00DC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xF0E3A4BC] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwQueryValueKey [0xF0C00DF0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xF0E3DEB8] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwReplaceKey [0xF0C008A0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwRequestWaitReplyPort [0xF0BF3750] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwRestoreKey [0xF0C00B00] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwResumeThread [0xF0BF2E80] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSaveKey [0xF0C00DA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xF0E3C6CC] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetContextThread [0xF0BF25D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xF0E3DD4A] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetSystemInformation [0xF0BF2930] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetValueKey [0xF0BFF9C0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwShutdownSystem [0xF0BF3AC0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSuspendProcess [0xF0BF3030] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSuspendThread [0xF0BF2CB0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSystemDebugControl [0xF0BF2B10] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwTerminateProcess [0xF0BF1AE0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwTerminateThread [0xF0BF2400] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwUnloadDriver [0xF0BF3DE0] SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwWriteVirtualMemory [0xF0BF4540] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [ D0, 31, BF, F0, 10, 0A, BF, ... ] .text ntoskrnl.exe!ZwYieldExecution + 260 804E4A9A 2 Bytes [ BF, F0 ] .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [ 30, 30, BF, F0, B0, 2C, BF, ... ] .text ntoskrnl.exe!IoIsOperationSynchronous 804EAFAE 5 Bytes JMP F0E513D6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F4593 5 Bytes JMP F0E5101C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\explorer.exe[844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 70, 85 ] .text C:\WINDOWS\explorer.exe[844] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\explorer.exe[844] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A .text C:\Program Files\Tall Emu\Online Armor\oacat.exe[1540] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 13, 84 ] .text C:\Program Files\Tall Emu\Online Armor\oacat.exe[1540] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Tall Emu\Online Armor\oacat.exe[1540] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A .text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 48, 84 ] .text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1708] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1708] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1832] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1832] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ] .text C:\WINDOWS\Explorer.EXE[1980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 63, 86 ] .text C:\WINDOWS\Explorer.EXE[1980] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[1980] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A .text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F8, 84 ] .text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3560] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3560] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[3608] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[3608] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ] .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 85, 84 ] .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3624] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0145EBE0 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3624] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation) .text C:\Program Files\Tall Emu\Online Armor\oahlp.exe[3720] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 87, 84 ] .text C:\Program Files\Tall Emu\Online Armor\oahlp.exe[3720] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Tall Emu\Online Armor\oahlp.exe[3720] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F79023B0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7902410] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F79026C0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7002DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7002DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7902700] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F79026C0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7902410] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F79023B0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\System32\drivers\ws2ifsl.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\USBSTOR.SYS[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F79026C0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7902700] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F79023B0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7902410] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd) IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F7002D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Devices - GMER 1.0.14 ---- Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd) AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd) ---- EOF - GMER 1.0.14 ---- Dopuna: 20 Nov 2008 22:16 GMER 1.0.14.14536 - http://www.gmer.net Autostart scan 2008-11-20 22:09:15 Windows 5.1.2600 Service Pack 3 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll klogon@DLLName = C:\WINDOWS\system32\klogon.dll HKLM\SYSTEM\CurrentControlSet\Services\ >>> a2free@ = "C:\Program Files\a-squared Free\a2service.exe" AVP@ = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe" CLCapSvc@ = "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" ? ( ?????\| ~ H?" ???\|~ x?? H?Z E??\|???\| ?s???\| CLSched@ = "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe" C i n e m a \ K e r n e l \ T V \ C L C a p S v c . e x e gusvc@ = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" McAfee SiteAdvisor Service@ = "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" NVSvc@ = %SystemRoot%\system32\nvsvc32.exe OAcat@ = "C:\Program Files\Tall Emu\Online Armor\oacat.exe" RichVideo@ = "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" ?????????????????????????????????????????????????????? ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys sp_rssrv@ = "C:\Program Files\Spyware Terminator\sp_rsser.exe" SvcOnlineArmor@ = C:\Program Files\Tall Emu\Online Armor\oasrv.exe VideoAcceleratorService@ = C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm /file not found/ HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup @RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE @RCAppC:\Program Files\gigabyte\RCApp\RCApp.exe = C:\Program Files\gigabyte\RCApp\RCApp.exe @SmartRAMC:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m /file not found/ = C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m /file not found/ @TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit @@OnlineArmor GUI"C:\Program Files\Tall Emu\Online Armor\oaui.exe" = "C:\Program Files\Tall Emu\Online Armor\oaui.exe" @SpywareTerminator"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" @AVP"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background @Google Update"C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c = "C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{4F07DA45-8170-4859-9B5F-037EF2970034} = C:\PROGRA~1\Tall Emu\Online Armor\oaevent.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Display Panning CPL Extension/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{596AB062-B4D2-4215-9F74-E9109B0A8153} /Previous Versions Property Page/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /Previous Versions/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll @{30D02401-6A81-11d0-8274-00C04FD5AE38} /IE Search Band/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3028902F-6374-48b2-8DC6-9725E775B926} /IE AutoComplete/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /Shell DocObject Viewer/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /InternetShortcut/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /Microsoft Url History Service/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /History/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /Temporary Internet Files/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /Temporary Internet Files/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /Microsoft Url Search Hook/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /The Internet/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /Internet Name Space/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /Autoplay for SlideShow/(null) = @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /Extensions Manager Folder/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll @{A70C977A-BF00-412C-90B7-034C51DA2439} /NvCpl DesktopContext Class/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /Desktop Explorer/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /Desktop Explorer Menu/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /nView Desktop Context Menu/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{32020A01-506E-484D-A2A8-BE3CF17601C3} /AlcoholShellEx/(null) = @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /Shell Extensions for RealOne Player/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll @{35786D3C-B075-49b9-88DD-029876E11C01} /Portable Devices/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /Portable Devices Menu/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /Shell Extension for Malware scanning/(null) = @{23170F69-40C1-278A-1000-000100020000} /7-Zip Shell Extension/C:\Program Files\7-Zip\7-zip.dll = C:\Program Files\7-Zip\7-zip.dll @{0563DB41-F538-4B37-A92D-4659049B7766} /WLMD Message Handler/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /Messenger Sharing Folders/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll @{BD88A479-9623-4897-8546-BC62B9628F44} /SPTHandler/C:\Program Files\Spyware Terminator\sptcontmenu.dll = C:\Program Files\Spyware Terminator\sptcontmenu.dll @{D9872D13-7651-4471-9EEE-F0A00218BEBB} /Multiscan/(null) = @{52B87208-9CCF-42C9-B88E-069281105805} /Trojan Remover Shell Extension/(null) = @{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /Nokia Phone Browser/C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll = C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll @{A155339D-CCCD-4714-85EB-3754B804C9DF} /a-squared Free Shell Extension/C:\PROGRAM FILES\A-SQUARED FREE\a2freecontmenu.dll = C:\PROGRAM FILES\A-SQUARED FREE\a2freecontmenu.dll @{06A2568A-CED6-4187-BB20-400B8C02BE5A} //(null) = @{00F33137-EE26-412F-8D71-F84E4C2C6625} //C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll @{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /Windows Live Photo Gallery Autoplay Drop Target/(null) = @{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /Windows Live Photo Gallery Viewer Drop Target/(null) = @{00F374B7-B390-4884-B372-2FC349F2172B} /Windows Live Photo Gallery Editor Drop Target/(null) = @{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /Windows Live Photo Gallery Viewer Drop Target Shim/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll @{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /Windows Live Photo Gallery Editor Drop Target Shim/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll @{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /Windows Live Photo Gallery Autoplay Drop Target Shim/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll @{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /IE Microsoft BrowserBand/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /IE Fade Task/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{205D7A97-F16D-4691-86EF-F3075DCCA57D} /IE Menu Desk Bar/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{43886CD5-6529-41c4-A707-7B3C92C05E68} /IE Navigation Bar/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{44C76ECD-F7FA-411c-9929-1B77BA77F524} /IE Menu Site/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{4B78D326-D922-44f9-AF2A-07805C2A3560} /IE Menu Band/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /IE Microsoft History AutoComplete List/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /IE Tracking Shell Menu/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6CF48EF8-44CD-45d2-8832-A16EA016311B} /IE IShellFolderBand/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{73CFD649-CD48-4fd8-A272-2070EA56526B} /IE BandProxy/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /IE MRU AutoComplete List/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /IE RSS Feeder Folder/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /IE Microsoft Shell Folder AutoComplete List/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{B31C5FAE-961F-415b-BAF0-E697A5178B94} /IE Microsoft Multiple AutoComplete List Container/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /Microsoft Browser Architecture/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /IE Shell Rebar BandSite/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{E6EE9AAC-F76B-4947-8260-A9F136138E11} /IE Shell Band Site Menu/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{F2CF5485-4E02-4f68-819C-B92DE9277049} /&Links/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /IE Registry Tree Options Utility/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /IE User Assist/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /IE Custom MRU AutoCompleted List/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /Web traffic protection statistics/C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /Play on my TV helper/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{4F07DA46-8170-4859-9B5F-037EF2970034} /Online Armor Shell Extension/C:\PROGRA~1\Tall Emu\Online Armor\oaevent.dll = C:\PROGRA~1\Tall Emu\Online Armor\oaevent.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> 7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = C:\PROGRA~1\Tall Emu\Online Armor\oaevent.dll SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Program Files\Spyware Terminator\sptcontmenu.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> a-squared Free Shell Extension@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRAM FILES\A-SQUARED FREE\a2freecontmenu.dll Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = C:\PROGRA~1\Tall Emu\Online Armor\oaevent.dll SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Program Files\Spyware Terminator\sptcontmenu.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll @{3049C3E9-B461-4BC5-8870-4C09146192CA}C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll @{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll @{724d43a9-0d85-11d4-9908-00400523e39a}C:\Program Files\Siber Systems\AI RoboForm\roboform.dll = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll @{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar3.dll = c:\program files\google\googletoolbar3.dll @{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll @{B164E929-A1B6-4A06-B104-2CD0E90A88FF}c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll = c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157 @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.google.rs/ = http://www.google.rs/ @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\system32\itss.dll livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL sacore@CLSID = c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\system32\wiascr.dll wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll ---- EOF - GMER 1.0.14 ---- uradio sam upload ona dva drivera Dopuna: 20 Nov 2008 22:32 https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

Piksi Poslao: 21 Nov 2008 16:12 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Potpuno čisti logovi, ne pokazuju znakove malware-a. Skini [url=https://www.mycity.rs/must-login.png fajl na Desktop. Dvoklikni na njega i kada se pojavi upit, klikni Yes. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve...

Profil

Sub Zero Poslao: 21 Nov 2008 16:32 Idi na vrh
offline Sub Zero Ugledni građanin Pridružio: 13 Nov 2008 Poruke: 467 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kada ukucam combofix/u izlazi mi obavestenje windows ne moze da pronadje combofix/u

Profil

Piksi Poslao: 21 Nov 2008 16:46 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Treba da postoji razmak između combofix i /u.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » sumnjam na virus

Ko je trenutno na forumu

Ukupno su 863 korisnika na forumu :: 7 registrovanih, 1 sakriven i 855 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., ALBION101, Boris90, gorantrojka, Marko Marković, Maschinekalibar, suton

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by