Antivirus 2009

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-01-17.02 - Nesa Savkovic 2009-01-17 23:51:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.405 [GMT 1:00]
Running from: c:\documents and settings\Nesa Savkovic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nesa Savkovic\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\winsystems.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winsystems.dll
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 22:30 . 2009-01-17 22:30 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Flock
2009-01-17 22:29 . 2009-01-17 23:01 <DIR> d-------- c:\program files\Flock
2009-01-17 21:49 . 2009-01-17 22:11 <DIR> d-------- c:\windows\LastGood.Tmp
2009-01-17 21:42 . 2009-01-17 22:24 32,223,214 --------- c:\windows\wmp12.exe
2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Malwarebytes
2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 19:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 19:24 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 17:35 . 2009-01-17 17:44 <DIR> d-------- c:\program files\Shock Utility
2009-01-17 17:34 . 2009-01-17 17:44 65,536 --a------ c:\windows\IFinst27.exe
2009-01-17 16:56 . 2009-01-17 16:56 <DIR> d-------- c:\program files\FogelSoft
2009-01-17 16:31 . 2009-01-17 16:31 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-17 16:30 . 2009-01-17 16:30 <DIR> d-------- c:\program files\MSBuild
2009-01-17 16:30 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-17 16:30 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-17 16:30 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-17 16:30 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-17 16:30 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-17 16:30 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-17 16:30 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-17 16:25 . 2009-01-17 16:25 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-17 00:17 . 2009-01-17 00:18 <DIR> d-------- c:\program files\Swatians Team
2009-01-16 23:26 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-16 23:26 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-16 23:26 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-16 23:26 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-16 23:26 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-01-16 23:26 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2009-01-16 23:26 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-16 23:25 . 2009-01-16 23:26 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-16 23:25 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2009-01-16 23:25 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-16 23:25 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-16 17:45 . 2009-01-16 17:45 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-01-16 17:45 . 2009-01-16 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-01-16 14:54 . 2009-01-17 12:05 <DIR> d-------- c:\program files\vghd
2009-01-15 14:49 . 2009-01-15 15:04 <DIR> d-------- c:\program files\Serious Sam 2
2009-01-15 01:07 . 2009-01-15 01:07 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-15 00:38 . 2009-01-15 00:38 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\MAGIX
2009-01-15 00:37 . 2009-01-15 00:37 <DIR> d-------- c:\program files\MAGIX
2009-01-15 00:37 . 2009-01-15 00:37 <DIR> d-------- c:\program files\Common Files\MAGIX Shared
2009-01-15 00:37 . 2009-01-15 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2009-01-15 00:36 . 2009-01-15 00:38 <DIR> d-------- c:\windows\system32\MAGIX
2009-01-15 00:36 . 2007-12-04 15:20 700,416 --a------ c:\windows\system32\mgxoschk.dll
2009-01-15 00:36 . 2009-01-15 00:37 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-14 21:29 . 2009-01-17 23:49 <DIR> d-------- c:\program files\MODEM Mobile Connection
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbser6k.sys
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbnmea.sys
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-01-14 15:26 . 2009-01-16 15:01 5 --a------ c:\windows\sbacknt.bin
2009-01-14 15:24 . 2009-01-16 15:01 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\vghd
2009-01-14 15:24 . 2009-01-16 14:54 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-14 01:47 . 2009-01-14 01:47 <DIR> d-------- c:\program files\EA GAMES
2009-01-14 01:47 . 2004-08-18 04:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-01-14 01:21 . 2009-01-14 01:21 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-14 01:21 . 2001-07-06 05:41 569,344 --a------ c:\windows\system32\imagr5.dll
2009-01-14 01:21 . 2001-07-06 03:44 544,768 --a------ c:\windows\system32\imagx5.dll
2009-01-14 01:21 . 2001-07-06 09:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2009-01-14 01:21 . 2008-05-09 21:13 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-14 01:21 . 2003-03-29 06:45 89,184 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-14 01:21 . 2003-05-26 05:12 57,344 --------- c:\windows\system32\ImageDrive.cpl
2009-01-14 01:21 . 2001-06-25 23:15 38,912 --a------ c:\windows\system32\picn20.dll
2009-01-13 23:40 . 2009-01-13 23:40 <DIR> d-------- c:\windows\Sun
2009-01-13 23:23 . 2009-01-13 23:23 <DIR> d-------- c:\program files\SopFilter
2009-01-13 23:14 . 2009-01-13 23:14 <DIR> d-------- C:\ProgramData
2009-01-13 23:02 . 2009-01-13 23:02 <DIR> d-------- c:\program files\Readon Technology
2009-01-13 22:17 . 2009-01-13 22:17 <DIR> d-------- c:\program files\AskBarDis
2009-01-13 22:03 . 2009-01-13 22:07 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\VoipDiscount
2009-01-13 22:02 . 2009-01-13 22:02 <DIR> d-------- c:\windows\PaltalkScene
2009-01-13 22:02 . 2009-01-14 21:24 <DIR> d-------- c:\program files\Paltalk Messenger
2009-01-13 22:02 . 2009-01-14 21:24 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Paltalk
2009-01-13 21:00 . 2009-01-15 15:23 <DIR> d-------- c:\program files\Steam
2009-01-13 20:21 . 2009-01-14 01:16 <DIR> d-------- c:\program files\SpeedBit Video Accelerator
2009-01-13 20:21 . 2009-01-13 20:21 <DIR> d-------- c:\program files\AskSBar
2009-01-13 20:15 . 2009-01-17 19:09 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 20:14 . 2009-01-14 01:16 <DIR> d-------- c:\program files\DAP
2009-01-13 19:47 . 2009-01-13 19:47 144 --a------ c:\windows\Eudcedit.ini
2009-01-13 19:16 . 2009-01-13 19:17 <DIR> d-------- c:\program files\CDCheck
2009-01-13 19:07 . 2009-01-13 19:07 <DIR> d-------- c:\program files\Skyler Lyon
2009-01-13 19:03 . 2009-01-17 14:17 <DIR> d---s---- c:\documents and settings\Nesa Savkovic\My Documents
2009-01-13 18:44 . 2009-01-13 18:44 <DIR> d-------- c:\documents and settings\Nesa Savkovic\EurekaLog
2009-01-13 18:41 . 2009-01-13 18:41 <DIR> d-------- c:\program files\Innovative Solutions
2009-01-13 18:34 . 2009-01-13 18:34 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:34 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}
2009-01-13 17:59 . 2009-01-13 18:01 69 --a------ c:\windows\NeroDigital.ini
2009-01-13 17:28 . 2009-01-17 14:09 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Nero
2009-01-13 16:50 . 2009-01-13 16:50 4,767 --a------ c:\windows\Irremote.ini
2009-01-13 16:46 . 2009-01-13 16:46 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-13 16:27 . 2009-01-13 16:49 <DIR> d-------- c:\program files\Nero
2009-01-13 16:26 . 2009-01-13 17:25 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-13 16:26 . 2009-01-13 16:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-13 15:25 . 2009-01-13 15:25 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-13 15:25 . 2009-01-13 15:25 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-13 15:13 . 2009-01-13 15:13 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools Pro
2009-01-13 15:13 . 2009-01-13 15:13 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools
2009-01-13 15:11 . 2009-01-13 15:19 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-13 15:11 . 2009-01-13 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-13 15:07 . 2009-01-13 15:14 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools Lite
2009-01-13 15:07 . 2009-01-13 15:07 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-12 19:38 . 2009-01-12 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby
2009-01-12 19:31 . 2009-01-12 19:31 <DIR> d--hs---- c:\documents and settings\Nesa Savkovic\PrivacIE
2009-01-12 19:19 . 2009-01-12 19:19 <DIR> d--h-c--- c:\windows\ie8
2009-01-12 18:47 . 2009-01-12 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winferno
2009-01-12 18:44 . 2009-01-12 18:44 <DIR> d-------- c:\program files\Digsby
2009-01-12 18:44 . 2009-01-12 19:38 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Digsby
2009-01-12 18:41 . 2009-01-12 18:41 <DIR> d-------- c:\program files\Smart-Shopper
2009-01-12 18:41 . 2009-01-17 17:37 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Smart-Shopper
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Real
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 00:51 . 2009-01-12 15:10 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-11 21:10 . 2009-01-11 21:10 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\vlc
2009-01-11 21:04 . 2009-01-11 21:04 <DIR> d-------- c:\program files\VideoLAN
2009-01-11 20:47 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-11 20:47 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-11 20:46 . 2009-01-11 20:46 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-10 23:52 . 2009-01-10 23:52 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\CyberLink
2009-01-10 16:59 . 2009-01-10 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-10 16:58 . 2009-01-10 16:58 <DIR> d-------- c:\program files\CyberLink
2009-01-10 16:03 . 2009-01-16 19:35 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\FaxCtr
2009-01-10 15:59 . 2009-01-10 15:59 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Lexmark Productivity Studio
2009-01-10 15:57 . 2009-01-10 15:57 <DIR> d-------- c:\program files\lx_cats

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 20:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 00:21 --------- d-----w c:\program files\Ahead
2009-01-13 19:14 --------- d-----w c:\program files\Google
2009-01-09 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-29 15:34 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-29 11:08 --------- d-----w c:\program files\PowerQuest
2008-12-29 11:03 --------- d-----w c:\program files\ESET
2008-12-29 11:03 --------- d-----w c:\documents and settings\Nesa Savkovic\Application Data\ESET
2008-12-29 11:00 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-29 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-29 10:39 --------- d-----w c:\program files\Realtek
2008-12-29 10:38 --------- d-----w c:\program files\totalcmd
2008-12-29 10:36 --------- d-----w c:\program files\Analog Devices
2008-12-29 10:27 --------- d-----w c:\program files\Intel
2008-12-29 10:18 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2004-08-04 09:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
2004-08-04 09:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe

2004-08-04 09:56 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\wuauclt.exe
2004-08-04 09:56 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-17_21.08.17.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-18 20:04:50 315,904 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-11-03 09:01:20 317,952 ----a-w c:\windows\inf\unregmp2.exe
- 2008-12-29 10:21:05 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-17 20:40:01 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-29 10:21:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-17 20:40:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-29 10:21:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-17 20:40:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-18 20:04:54 1,669,120 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-03 09:02:36 1,678,848 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
- 2006-10-18 20:04:50 315,904 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2006-11-03 09:01:20 317,952 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-24 06:03:44 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-01-13 20:18:11 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-17 21:29:47 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-06-12 10:27:58 16,928 ------w c:\windows\system32\spmsg.dll
+ 2006-09-25 16:58:48 14,640 ------w c:\windows\system32\spmsg.dll
- 2006-10-18 21:47:20 8,231,936 ----a-w c:\windows\system32\wmploc.dll
+ 2008-01-15 16:34:26 16,561,664 ----a-w c:\windows\system32\wmploc.dll
- 2006-10-18 21:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll
+ 2009-01-17 23:05:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_144.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-02 3399727]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-13 119280]
"Anonymizer"="c:\program files\Anonymizer\Anonymizer Software\Anonymizer.exe" [2008-11-17 1557176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodLogin"="c:\program files\ESET\ESET Smart Security\nodlogin.exe" [2008-06-19 358632]
"TrialReset"="c:\windows\fix.exe" [2008-04-28 208353]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-07-24 3712512]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2008-05-09 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 10:22 7618560 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Documents and Settings\\Nesa Savkovic\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Nesa Savkovic\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2815:TCP"= 2815:TCP:*:Disabled:SolidNetworkManager
"2815:UDP"= 2815:UDP:*:Disabled:SolidNetworkManager

R4 AnonMgmtSvc;Anonymizer Management Service;c:\program files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2008-11-17 37560]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-06-10 468224]
R4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-15 1527900]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-01-15 544768]
S4 Adidrvqrsw;Adidrvqrsw; [x]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-01-10 99248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1425521274-839522115-1003.job
- c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-13 12:56]

2009-01-17 c:\windows\Tasks\User_Feed_Synchronization-{EFE6DB31-551B-458A-B3E5-2F7509E8D4CD}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
FF - ProfilePath - c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-18 00:05:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1288-)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\slserv.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\rundll32.exe
c:\program files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe
.
**************************************************************************
.
Completion time: 2009-01-18 0:08:55 - machine was rebooted [Nesa Savkovic]
ComboFix-quarantined-files.txt 2009-01-17 23:08:52
ComboFix2.txt 2009-01-17 20:08:59

Pre-Run: 16.326.774.784 bytes free
Post-Run: 16,413,556,736 bytes free

354

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?

Ima li nekih problema?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jel sam Cist?
Sada radi dobro!!!!!!!!!!!!!!!!!!!!!
hvala!!!!!!!!!!!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nismo jos gotovi:

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Priloži dobijeni izveštaj uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo i file!!!!!!!!
Jel sam sad cist?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gde je file?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/01/18 00:30
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xF7BE7000 Size: 30592 File Visible: No
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF788F000 Size: 60416 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF481F000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D61000 Size: 8192 File Visible: No
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7DF8000 Size: 1664 File Visible: No
Status: -

Name: PCI_PNP6430
Image Path: \Driver\PCI_PNP6430
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF7DBF000 Size: 6464 File Visible: No
Status: -

Name: RecAgent.sys
Image Path: RecAgent.sys
Address: 0xF7C43000 Size: 14432 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA324000 Size: 45056 File Visible: No
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF7D35000 Size: 5248 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: spvg.sys
Image Path: spvg.sys
Address: 0xF770E000 Size: 1048576 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Nesa Savkovic\Local Settings\temp\etilqs_Nj5VCuzWnZXKIWgwLBRo
Status: Allocation size mismatch (API: 32768, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spvg.sys" at address 0xf770f0e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spvg.sys" at address 0xf772dca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spvg.sys" at address 0xf772e030

#: 119 Function Name: NtOpenKey
Status: Hooked by "spvg.sys" at address 0xf770f0c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spvg.sys" at address 0xf772e108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spvg.sys" at address 0xf772df88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spvg.sys" at address 0xf772e19a

Stealth Objects
-------------------
Object: Hidden Module [Name: AnonServiceLib.dll]
Process: AnonMgmtSvc.exe (PID: 1988-) Address: 0x01360000 Size: 53248

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: AnonMgmtSvc.exe (PID: 1988-) Address: 0x01590000 Size: 307200

Object: Hidden Module [Name: App4R.DevMons.NetworkCardDevMon.dll]
Process: lxddamon.exe (PID: 3592) Address: 0x010e0000 Size: 28672

Object: Hidden Module [Name: App4R.Monitor.Common.dll]
Process: lxddamon.exe (PID: 3592) Address: 0x00f60000 Size: 36864

Object: Hidden Module [Name: App4R.Monitor.Core.dll]
Process: lxddamon.exe (PID: 3592) Address: 0x00d30000 Size: 53248

Object: Hidden Module [Name: App4R.DevMons.MCMDevMon.dll]
Process: lxddamon.exe (PID: 3592) Address: 0x010b0000 Size: 69632

Object: Hidden Module [Name: App4R.DevMons.ScanDevMon.dll]
Process: lxddamon.exe (PID: 3592) Address: 0x01100000 Size: 28672

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: lxddamon.exe (PID: 3592) Address: 0x01240000 Size: 307200

Object: Hidden Module [Name: Skins.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x045a0000 Size: 290816

Object: Hidden Module [Name: AnonServiceLib.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x016d0000 Size: 53248

Object: Hidden Module [Name: AnxCommonLib.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x017f0000 Size: 512000

Object: Hidden Module [Name: DevExpress.Utils.v6.3.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x03b40000 Size: 2600960

Object: Hidden Module [Name: DevExpress.Data.v6.3.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x047e0000 Size: 462848

Object: Hidden Module [Name: AnonNyms.Anx]
Process: Anonymizer.exe (PID: 4020) Address: 0x053f0000 Size: 847872

Object: Hidden Module [Name: AnonHome.Anx]
Process: Anonymizer.exe (PID: 4020) Address: 0x05260000 Size: 348160

Object: Hidden Module [Name: DevExpress.XtraNavBar.v6.3.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x05780000 Size: 307200

Object: Hidden Module [Name: DevExpress.XtraEditors.v6.3.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x05640000 Size: 1273856

Object: Hidden Module [Name: AnonSurf.Anx]
Process: Anonymizer.exe (PID: 4020) Address: 0x05580000 Size: 733184

Object: Hidden Module [Name: System.Data.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x063a0000 Size: 2961408

Object: Hidden Module [Name: DevExpress.XtraGrid.v6.3.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x066d0000 Size: 1363968

Object: Hidden Module [Name: DevExpress.XtraTreeList.v6.3.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x06aa0000 Size: 684032

Object: Hidden Module [Name: DevExpress.XtraBars.v6.3.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x06850000 Size: 1396736

Object: Hidden Module [Name: NymsInterface.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x06fe0000 Size: 184320

Object: Hidden Module [Name: System.Web.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x07a50000 Size: 5246976

Object: Hidden Module [Name: System.Transactions.dll]
Process: Anonymizer.exe (PID: 4020) Address: 0x08350000 Size: 270336

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8676a1f8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8676b1f8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8676b1f8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8676b1f8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8676b1f8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8676b1f8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8676b1f8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8676b1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x864c1500 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_CREATE]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_CLOSE]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_READ]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_WRITE]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_QUERY_EA]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_SET_EA]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_CLEANUP]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_SET_SECURITY]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_POWER]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_SET_QUOTA]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: Imagedrv, IRP_MJ_PNP]
Process: System Address: 0x867da1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8676c1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x865241f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x865241f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865241f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865241f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x865241f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x865241f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x865241f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x867db1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x85d421f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x85d421f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d421f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d421f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x85d421f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x85d421f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8643e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8643e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8643e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8643e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8643e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8643e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8643e1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8613c1f8 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_CREATE]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_CLOSE]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_READ]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_CLEANUP]
Process: System Address: 0x8654a500 Size: -

Object: Hidden Code [Driver: CdfsЅఐ卆浩
, IRP_MJ_PNP]
Process: System Address: 0x8654a500 Size: -

Dopuna: 18 Jan 2009 0:57

Sta sada?
Jel je ovo gotovo ili ima jos...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

O, covece, nisam ja kompjuter. Za proveru treba vremena, a mozda imam i drugih stvari da obavim u zivotu.

Suta oko 18 h uvece ili kad vec budes mogao, ces da mi postavis novi ComboFix log. Da vidim da li se infekcija vraca.

Pozzz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK,samo mi onda jos reci da li ces to uraditi veceras ili sutra,pa da idem na spavanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Editovao sam poruku pa mozda nisi video.

Idi da spavas, i ja cu, posto se zabavljam ovde na forumu sa virusima od 11 ujutru.

Znaci sutra mi postavi novi ComboFix log.

Pozz