MyCity » Ambulanta -> Arhiva Ambulante » Koci,usporava zaledjuje...

Koci,usporava zaledjuje...

Napisano na dan: 31.1.2009

Strana:
1
2

Koci,usporava zaledjuje...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

MonteCarlo Poslao: 31 Jan 2009 13:37 Idi na vrh
offline MonteCarlo Građanin Pridružio: 18 Jan 2009 Poruke: 205	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Najvise probleme prilikom koriscenja interneta.Zaledi,ukoci,usporava,izbacuje pojedine stranice,ponekad nece ni da otvori ni jednu stranicu iako konekcija postoji. Imam NOD32 i nikakvu drugu zastitu.Koristim WindowsHP SP2. ADSL telekom 1mb. Ako moze neka pomoc. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29:28, on 31.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\1\Desktop\TR3.exe..exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdirk.exe] C:\WINDOWS\system32\kdirk.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 7899 bytes

Profil

diarno Poslao: 31 Jan 2009 14:20 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

MonteCarlo Poslao: 31 Jan 2009 14:46 Idi na vrh
offline MonteCarlo Građanin Pridružio: 18 Jan 2009 Poruke: 205	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokrenuo sam Combofix i otvorio se prozor gde pise: Current date is sub 31.01.2009. ComboFix haS EXSPIRED cLIK YES TO RUN IN reduced functionality mode Clik NO to exit . I ima yes i No. Sta da izberem? Dopuna: 31 Jan 2009 14:46 U toku rada ComboFixa vise puta je pitao nisto klikao sam na Yes.I skidao je nesto sa Mocrosofta valjda. ComboFix 09-01-21.04 - 1 2009-01-31 14:39:19.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.893 [GMT 1:00] Running from: c:\documents and settings\1\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.50 On-access scanning disabled (Updated) * Created a new restore point . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\tmp.reg c:\windows\wiaserviv.log c:\windows\ynh.dx . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))) . 2009-01-23 22:51 . 1997-10-10 21:28 515,072 --a------ c:\windows\system32\Worldscr.dll 2009-01-23 22:51 . 1997-10-09 00:40 10,736 --a------ c:\windows\system32\Worldscr.hlp 2009-01-23 22:51 . 1997-10-08 22:29 193 --a------ c:\windows\system32\Worldscr.cnt 2009-01-23 22:50 . 2009-01-23 22:50 <DIR> d-------- c:\program files\Pinball Wizards 2009-01-17 10:50 . 2009-01-17 17:47 <DIR> d-------- C:\marko igrice 2009-01-15 19:29 . 2009-01-15 19:29 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-15 19:29 . 2009-01-15 19:29 1,409 --a------ c:\windows\QTFont.for 2009-01-15 11:01 . 2009-01-15 11:01 230,424 --a------ C:\img1-001.raw 2009-01-07 20:10 . 2009-01-07 20:10 <DIR> d-------- c:\windows\Teddy Factory 2009-01-07 20:10 . 2009-01-24 13:06 <DIR> d-------- c:\program files\Teddy Factory 2009-01-07 20:10 . 2009-01-07 20:10 <DIR> d-------- c:\documents and settings\1\Application Data\EleFun Games 2009-01-07 20:09 . 2009-01-07 20:09 <DIR> d-------- c:\windows\Cake Shop 2009-01-07 20:09 . 2009-01-07 20:10 <DIR> d-------- c:\program files\Cake Shop 2009-01-06 22:50 . 2009-01-06 22:50 <DIR> d-------- c:\windows\Parking Dash 2009-01-06 22:50 . 2009-01-06 22:50 <DIR> d-------- c:\program files\Parking Dash 2009-01-06 20:44 . 2009-01-06 20:44 <DIR> d-------- c:\windows\Westward III Gold Rush 2009-01-06 20:44 . 2009-01-06 20:45 <DIR> d-------- c:\program files\Westward III Gold Rush 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- c:\program files\PanzerGeneralIII 2009-01-05 23:17 . 2009-01-24 13:10 <DIR> d-------- c:\program files\Fitness Frenzy 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- c:\program files\A Christmas Tree Screensaver 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- C:\New Folder 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- C:\MyAudio 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- C:\Mortal Kombat 4 2009-01-04 16:03 . 2009-01-04 16:03 63 --a------ c:\windows\1 2009-01-04 15:02 . 2009-01-05 23:17 <DIR> d-------- c:\program files\Euro Truck Simulator 2009-01-04 12:38 . 2009-01-30 23:27 <DIR> d-------- C:\Downloads 2009-01-04 00:53 . 2009-01-04 00:53 <DIR> d-------- c:\program files\Virtual Hottie 2 2009-01-03 02:00 . 2009-01-03 02:00 <DIR> d-------- c:\program files\Cinemaware Marquee 2009-01-03 01:29 . 2009-01-03 01:29 <DIR> d-------- c:\program files\EVE Interactive 2009-01-02 21:26 . 2009-01-05 23:17 <DIR> d-------- c:\program files\Poker Indicator 2008-12-29 23:53 . 2008-12-29 23:53 69,720 --a------ c:\windows\uninstall.dat 2008-12-29 23:53 . 2008-12-29 23:53 4,484 --a------ c:\windows\uninstall.xml 2008-12-18 23:59 . 2008-12-18 23:59 144 --a------ c:\windows\PG3prefs.ini 2008-12-18 23:39 . 2008-12-29 23:57 <DIR> d-------- c:\program files\Airport Mania - First Flight 2008-12-11 20:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-10 12:24 . 2008-12-10 12:25 <DIR> d-------- c:\program files\Image Grabber II 2008-12-09 23:11 . 2008-12-09 23:15 <DIR> d-------- c:\program files\BS.Player ControlBar 2008-12-09 23:10 . 2009-01-04 18:19 <DIR> d-------- c:\documents and settings\1\Application Data\BSplayer 2008-12-09 19:36 . 2008-12-09 23:10 <DIR> d-------- c:\program files\Webteh 2008-12-09 19:36 . 2008-12-09 23:10 <DIR> d-------- c:\documents and settings\1\Application Data\BSplayer PRO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 12:58 --------- d-----w c:\documents and settings\1\Application Data\uTorrent 2009-01-29 18:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-24 15:53 --------- d-sh--w c:\documents and settings\1\Application Data\.# 2009-01-17 22:13 --------- d-----w c:\program files\SystemRequirementsLab 2009-01-12 00:10 --------- d-----w c:\program files\Ultra Video Joiner 2009-01-06 21:51 --------- d-----w c:\documents and settings\1\Application Data\PlayFirst 2008-12-15 20:14 --------- d-----w c:\program files\Call of Duty 2008-12-14 16:00 --------- d-----w c:\program files\AirStrike II - Gulf Thunder 2008-12-12 21:02 --------- d-----w c:\program files\Winamp 2008-12-12 09:54 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-07 13:29 --------- d-----w c:\program files\Neptunes Secret 2008-12-07 13:21 --------- d-----w c:\program files\Ice Cream Tycoon 2008-12-07 13:10 45,056 ----a-w c:\windows\NCUNINST.EXE 2008-12-04 20:17 --------- d-----w c:\program files\MP4Tool 2008-12-03 22:27 88,776 ----a-w c:\documents and settings\1\Application Data\GDIPFONTCACHEV1.DAT 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-01 09:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-29 23:19 --------- d-----w c:\program files\Wesnoth 2008-11-29 23:17 --------- d-----w c:\program files\MotoGP2 2008-11-29 23:16 --------- d-----w c:\program files\Compdesk 2008-11-29 23:13 --------- d-----w c:\program files\Babysitting Mania 2008-11-09 16:01 602 ----a-w c:\documents and settings\1\Application Data\filterclsid.dat 2008-11-02 16:08 96 ----a-w c:\program files\GAMEOPT.INI 2008-11-02 16:08 7 ----a-w c:\program files\UsrPrefs.xml 2005-01-28 23:20 3,194,880 ----a-w c:\program files\playboy_-_the_mansion.exe 2005-01-28 06:12 374 ----a-w c:\program files\setup.bat 2005-01-27 13:33 348,160 ----a-w c:\program files\msvcr71.dll 2005-01-27 13:15 499,712 ----a-w c:\program files\msvcp71.dll 2005-01-11 11:33 14,032 ----a-w c:\program files\readme.txt 2004-11-08 07:03 151 ----a-w c:\program files\CtlPrefs.xml 2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-04-12 917504] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-30 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.3ivx"= 3ivxVfWCodec.dll "msacm.divxa32"= DivXa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.AP41"= APmpg4v1.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll, [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "d:\\Install\\utorrent.exe"= "c:\\WINDOWS\\system32\\winver.exe"= R1 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2006-11-16 26428] R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2007-04-10 30336] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-12-26 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-12-26 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-12-26 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-12-26 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-12-26 83344] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-06-15 42512] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe HKLM-Run-RAMfreer - c:\program files\RAMfreer\RAMfreer.exe HKLM-Run-c:\windows\system32\kdirk.exe - c:\windows\system32\kdirk.exe . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Yahoo! Search - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycsms.htm LSP: imon.dll Trusted Zone: bancaintesabeograd.com\online DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-31 14:40:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-1767777339-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(500) c:\windows\system32\iac25_32.ax c:\windows\system32\l3codecp.acm c:\windows\system32\vorbis.acm c:\windows\system32\DivXa32.acm c:\windows\system32\imc32.acm c:\windows\system32\ac3acm.acm - - - - - - - > 'lsass.exe'(556) c:\windows\system32\imon.dll . Completion time: 2009-01-31 14:41:49 ComboFix-quarantined-files.txt 2009-01-31 13:41:47 Pre-Run: 7.575.261.184 bytes free Post-Run: 10,553,700,352 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 202

Profil

diarno Poslao: 31 Jan 2009 15:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Iskopiraj sadržaj tog izveštaja u iduću poruku.

Profil

MonteCarlo Poslao: 31 Jan 2009 16:13 Idi na vrh
offline MonteCarlo Građanin Pridružio: 18 Jan 2009 Poruke: 205	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/01/31 15:50 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: Image Path: Address: 0xF7473000 Size: 98304 File Visible: No Status: - Name: Image Path: Address: 0x00000000 Size: 0 File Visible: No Status: - Name: catchme.sys Image Path: C:\ComboFix\catchme.sys Address: 0xF779F000 Size: 30592 File Visible: No Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAFCEA000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79EB000 Size: 8192 File Visible: No Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xF79FB000 Size: 6464 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAEE2B000 Size: 45056 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\sccfg.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Messenger\eva78bor@hotmail.com\SharingMetadata\nuhi-25@live.de\DFSR\Staging\CS{7A2029D7-D139-336D-8736-DC37BC732EB8}\01\29-{7A2029D7-D139-336D-8736-DC37BC732EB8}-v1-{64B3F9FB-6EB3-46AB-9FD3-F785A85A509D}-v29-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Messenger\eva78bor@hotmail.com\SharingMetadata\ssalijevic@hotmail.com\DFSR\Staging\CS{446DDD9C-0C81-A53E-8D4A-BF586EFD3FDB}\01\24-{446DDD9C-0C81-A53E-8D4A-BF586EFD3FDB}-v1-{64B3F9FB-6EB3-46AB-9FD3-F785A85A509D}-v24-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Messenger\eva78bor@hotmail.com\SharingMetadata\veljko_lazar@hotmail.com\DFSR\Staging\CS{74913BEC-DAC6-09A3-EB44-C911C1D20AB7}\01\25-{74913BEC-DAC6-09A3-EB44-C911C1D20AB7}-v1-{64B3F9FB-6EB3-46AB-9FD3-F785A85A509D}-v25-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\1\Application Data\Macromedia\Flash Player\#SharedObjects\N2SCP9HU\image.com.com\gamespot\images\cne_flash\production\media_player\proteus\gs:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\1\Application Data\Macromedia\Flash Player\#SharedObjects\N2SCP9HU\image.com.com\gamespot\images\cne_flash\production\media_player\proteus\gs:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\1\Application Data\Macromedia\Flash Player\#SharedObjects\N2SCP9HU\image.com.com\gamespot\images\cne_flash\production\media_player\proteus\gs:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "vax347b.sys" at address 0xf75bcbb8 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf77db36a #: 041 Function Name: NtCreateKey Status: Hooked by "vax347b.sys" at address 0xf75bcb70 #: 045 Function Name: NtCreatePagingFile Status: Hooked by "vax347b.sys" at address 0xf75b0c70 #: 071 Function Name: NtEnumerateKey Status: Hooked by "vax347b.sys" at address 0xf75b14fe #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "vax347b.sys" at address 0xf75bccb0 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf77dbcd8 #: 119 Function Name: NtOpenKey Status: Hooked by "vax347b.sys" at address 0xf75bcb34 #: 145 Function Name: NtQueryDirectoryFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf77db842 #: 154 Function Name: NtQueryInformationProcess Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf77d81e0 #: 160 Function Name: NtQueryKey Status: Hooked by "vax347b.sys" at address 0xf75b151e #: 177 Function Name: NtQueryValueKey Status: Hooked by "vax347b.sys" at address 0xf75bcc06 #: 224 Function Name: NtSetInformationFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf77dc142 #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "vax347b.sys" at address 0xf75bc450 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89721b60 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x86e2de18 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_READ] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x892f8008 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8936c918 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_READ] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP] Process: System Address: 0x8931c9b8 Size: - Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ] Process: System Address: 0x893f9c88 Size: - Object: Hidden Code [Driver: Srv, IRP_MJ_READ] Process: System Address: 0x895eeb98 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x894058a0 Size: - Object: Hidden Code [Driver: Npfsȅ瑎てȁఅ瑎獆晀, IRP_MJ_READ] Process: System Address: 0x8941c588 Size: - Object: Hidden Code [Driver: Msfsȅ瑎てȁః瑎て, IRP_MJ_READ] Process: System Address: 0x893e5ce0 Size: - Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ] Process: System Address: 0x89418190 Size: - Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭䃐h쁨܀SysLin, IRP_MJ_READ] Process: System Address: 0x89786ea0 Size: -

Profil

diarno Poslao: 31 Jan 2009 19:14 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kucaj u run > combofix /u Zatim skini Combofix sa onih adresa koje sam ti postavio....

Profil

MonteCarlo Poslao: 31 Jan 2009 19:22 Idi na vrh
offline MonteCarlo Građanin Pridružio: 18 Jan 2009 Poruke: 205	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deinstaliran je ComboFix.Skinuo sam ponovo.Jel treba ponovo da ga pokrenem i da postavim rezultatat?

Profil

diarno Poslao: 31 Jan 2009 20:12 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da...

Profil

MonteCarlo Poslao: 31 Jan 2009 21:29 Idi na vrh
offline MonteCarlo Građanin Pridružio: 18 Jan 2009 Poruke: 205	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-31.01 - 1 2009-01-31 20:53:29.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.857 [GMT 1:00] Running from: c:\documents and settings\1\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.50 On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\1\Application Data\.# c:\documents and settings\1\Favorites\Videos.url c:\documents and settings\1\Start Menu\Programs\Videos.url c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IWIN_SERVICE -------\Legacy_NETH -------\Legacy_WIN_PPPE -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))) . 2009-01-23 22:51 . 1997-10-10 21:28 515,072 --a------ c:\windows\system32\Worldscr.dll 2009-01-23 22:51 . 1997-10-09 00:40 10,736 --a------ c:\windows\system32\Worldscr.hlp 2009-01-23 22:51 . 1997-10-08 22:29 193 --a------ c:\windows\system32\Worldscr.cnt 2009-01-23 22:50 . 2009-01-23 22:50 <DIR> d-------- c:\program files\Pinball Wizards 2009-01-17 10:50 . 2009-01-17 17:47 <DIR> d-------- C:\marko igrice 2009-01-15 19:29 . 2009-01-15 19:29 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-15 19:29 . 2009-01-15 19:29 1,409 --a------ c:\windows\QTFont.for 2009-01-15 11:01 . 2009-01-15 11:01 230,424 --a------ C:\img1-001.raw 2009-01-07 20:10 . 2009-01-07 20:10 <DIR> d-------- c:\windows\Teddy Factory 2009-01-07 20:10 . 2009-01-24 13:06 <DIR> d-------- c:\program files\Teddy Factory 2009-01-07 20:10 . 2009-01-07 20:10 <DIR> d-------- c:\documents and settings\1\Application Data\EleFun Games 2009-01-07 20:09 . 2009-01-07 20:09 <DIR> d-------- c:\windows\Cake Shop 2009-01-07 20:09 . 2009-01-07 20:10 <DIR> d-------- c:\program files\Cake Shop 2009-01-06 22:50 . 2009-01-06 22:50 <DIR> d-------- c:\windows\Parking Dash 2009-01-06 22:50 . 2009-01-06 22:50 <DIR> d-------- c:\program files\Parking Dash 2009-01-06 20:44 . 2009-01-06 20:44 <DIR> d-------- c:\windows\Westward III Gold Rush 2009-01-06 20:44 . 2009-01-06 20:45 <DIR> d-------- c:\program files\Westward III Gold Rush 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- c:\program files\PanzerGeneralIII 2009-01-05 23:17 . 2009-01-24 13:10 <DIR> d-------- c:\program files\Fitness Frenzy 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- c:\program files\A Christmas Tree Screensaver 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- C:\New Folder 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- C:\MyAudio 2009-01-05 23:17 . 2009-01-05 23:17 <DIR> d-------- C:\Mortal Kombat 4 2009-01-04 16:03 . 2009-01-04 16:03 63 --a------ c:\windows\1 2009-01-04 15:02 . 2009-01-05 23:17 <DIR> d-------- c:\program files\Euro Truck Simulator 2009-01-04 12:38 . 2009-01-30 23:27 <DIR> d-------- C:\Downloads 2009-01-04 00:53 . 2009-01-04 00:53 <DIR> d-------- c:\program files\Virtual Hottie 2 2009-01-03 02:00 . 2009-01-03 02:00 <DIR> d-------- c:\program files\Cinemaware Marquee 2009-01-03 01:29 . 2009-01-03 01:29 <DIR> d-------- c:\program files\EVE Interactive 2009-01-02 21:26 . 2009-01-05 23:17 <DIR> d-------- c:\program files\Poker Indicator 2008-12-29 23:53 . 2008-12-29 23:53 69,720 --a------ c:\windows\uninstall.dat 2008-12-29 23:53 . 2008-12-29 23:53 4,484 --a------ c:\windows\uninstall.xml 2008-12-18 23:59 . 2008-12-18 23:59 144 --a------ c:\windows\PG3prefs.ini 2008-12-18 23:39 . 2008-12-29 23:57 <DIR> d-------- c:\program files\Airport Mania - First Flight 2008-12-11 20:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-10 12:24 . 2008-12-10 12:25 <DIR> d-------- c:\program files\Image Grabber II 2008-12-09 23:11 . 2008-12-09 23:15 <DIR> d-------- c:\program files\BS.Player ControlBar 2008-12-09 23:10 . 2009-01-04 18:19 <DIR> d-------- c:\documents and settings\1\Application Data\BSplayer 2008-12-09 19:36 . 2008-12-09 23:10 <DIR> d-------- c:\program files\Webteh 2008-12-09 19:36 . 2008-12-09 23:10 <DIR> d-------- c:\documents and settings\1\Application Data\BSplayer PRO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 12:58 --------- d-----w c:\documents and settings\1\Application Data\uTorrent 2009-01-29 18:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-17 22:13 --------- d-----w c:\program files\SystemRequirementsLab 2009-01-12 00:10 --------- d-----w c:\program files\Ultra Video Joiner 2009-01-06 21:51 --------- d-----w c:\documents and settings\1\Application Data\PlayFirst 2008-12-15 20:14 --------- d-----w c:\program files\Call of Duty 2008-12-14 16:00 --------- d-----w c:\program files\AirStrike II - Gulf Thunder 2008-12-12 21:02 --------- d-----w c:\program files\Winamp 2008-12-12 09:54 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-07 13:29 --------- d-----w c:\program files\Neptunes Secret 2008-12-07 13:21 --------- d-----w c:\program files\Ice Cream Tycoon 2008-12-07 13:10 45,056 ----a-w c:\windows\NCUNINST.EXE 2008-12-04 20:17 --------- d-----w c:\program files\MP4Tool 2008-12-03 22:27 88,776 ----a-w c:\documents and settings\1\Application Data\GDIPFONTCACHEV1.DAT 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-01 09:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-29 23:19 --------- d-----w c:\program files\Wesnoth 2008-11-29 23:17 --------- d-----w c:\program files\MotoGP2 2008-11-29 23:16 --------- d-----w c:\program files\Compdesk 2008-11-29 23:13 --------- d-----w c:\program files\Babysitting Mania 2008-11-09 16:01 602 ----a-w c:\documents and settings\1\Application Data\filterclsid.dat 2008-11-02 16:08 96 ----a-w c:\program files\GAMEOPT.INI 2008-11-02 16:08 7 ----a-w c:\program files\UsrPrefs.xml 2005-01-28 23:20 3,194,880 ----a-w c:\program files\playboy_-_the_mansion.exe 2005-01-28 06:12 374 ----a-w c:\program files\setup.bat 2005-01-27 13:33 348,160 ----a-w c:\program files\msvcr71.dll 2005-01-27 13:15 499,712 ----a-w c:\program files\msvcp71.dll 2005-01-11 11:33 14,032 ----a-w c:\program files\readme.txt 2004-11-08 07:03 151 ----a-w c:\program files\CtlPrefs.xml 2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-04-12 917504] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-30 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.3ivx"= 3ivxVfWCodec.dll "msacm.divxa32"= DivXa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.AP41"= APmpg4v1.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "d:\\Install\\utorrent.exe"= "c:\\WINDOWS\\system32\\winver.exe"= R1 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2006-11-16 26428] R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2007-04-10 30336] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-12-26 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-12-26 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-12-26 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-12-26 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-12-26 83344] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Yahoo! Search - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - [Link mogu videti samo ulogovani korisnici]\program files\Yahoo!\Common/ycsms.htm LSP: imon.dll Trusted Zone: bancaintesabeograd.com\online DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-31 20:58:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-1767777339-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(740) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Eset\nod32krn.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\windows\system32\wscntfy.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************* . Completion time: 2009-01-31 21:02:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-31 20:02:16 ComboFix2.txt 2009-01-31 13:41:56 Pre-Run: 10.869.977.088 bytes free Post-Run: 10,845,483,008 bytes free 200

Profil

diarno Poslao: 31 Jan 2009 21:42 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Koci,usporava zaledjuje...

Ko je trenutno na forumu

Ukupno su 1920 korisnika na forumu :: 60 registrovanih, 9 sakrivenih i 1851 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., advokat84, ArchaBasha, Asteker, Ba4e, Bane5, BasCelik, Bojcca, Boskovic, Comyymoc, cyprus, debeli, Ercomero, feanor, GH69, Giskard, glados, gorval, Jose, Karaula, kikisp, komsija1, krokodokodil, kuntakinte, Levi, Makarid, Marko1238, markolopin, mat, mercedesamg, mikoyan21, milenko crazy north, MK10, Mrav Obrad, mrvica78, N.e.m.a.nj.a., Neno25, obsc, oldusername, ozzy, Papadubi, pein, peraklio, Permaldar, Prašinar, Prečanin30, Prle90, sarma, singa, Sky diver 29, tanzanija, Tila Painen, Tricko4190, tubular, user24, vidra boy, Vlada78, vrgudinac, Zastava, Žoržo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by