Konstantni problemi sa IE

2

Konstantni problemi sa IE

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:04, on 22.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
D:\filmovi\USD\USD\USDownloader.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\1\Desktop\New Folder\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - srtest.com/srl_bin/sysreqlab_srl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7374 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Postavi mi novi ComboFix log, da vidim da li je uredu.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

Evo ga :

ComboFix 09-04-23.02 - 1 23.04.2009 0:12.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.877 [GMT 2:00]
Running from: c:\documents and settings\1\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.50 *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-22 10:31 . 2009-04-22 10:31 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-22 10:31 . 2009-04-22 10:31 1409 ----a-w c:\windows\QTFont.for
2009-03-30 14:35 . 2009-03-30 14:35 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-30 14:35 . 2009-03-30 14:35 -------- d-----w c:\documents and settings\1\Application Data\skypePM
2009-03-30 14:33 . 2009-04-22 14:17 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-25 12:12 . 2009-03-25 12:12 1986469 ----a-w C:\PacManicworld.exe
2009-03-25 10:55 . 2009-03-25 10:55 1244246 ----a-w C:\teenage_mutant_ninja_turtles_the_hyperstone_heist.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 15:41 . 2007-04-11 15:23 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-22 15:40 . 2008-06-14 12:56 -------- d-----w c:\program files\Burger Shop
2009-04-22 15:40 . 2008-07-03 17:28 -------- d-----w c:\program files\Supercow
2009-04-22 14:09 . 2009-03-12 13:30 -------- d-----w c:\documents and settings\1\Application Data\Windows Live Writer
2009-04-22 14:09 . 2009-04-22 14:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-22 14:09 . 2006-07-21 17:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 14:07 . 2009-02-28 18:03 -------- d-----w c:\program files\Sega
2009-04-22 14:07 . 2009-03-08 18:00 -------- d-----w c:\program files\Windows Live
2009-04-22 14:07 . 2006-07-24 02:06 -------- d-----w c:\program files\MSN Messenger
2009-04-22 14:07 . 2007-07-11 21:11 -------- d-----w c:\program files\Belltech Business Card Designer Pro
2009-04-22 14:07 . 2006-07-21 17:24 -------- d-----w c:\program files\Mv2Player
2009-04-22 14:07 . 2009-03-14 09:50 -------- d-----w c:\documents and settings\All Users\Application Data\NFS Underground
2009-04-22 14:06 . 2009-03-25 10:56 -------- d-----w c:\program files\Teenage Mutant Ninja Turtles - The Hyperstone Heist
2009-04-22 14:05 . 2007-04-11 20:55 -------- d--h--r c:\documents and settings\1\Application Data\yahoo!
2009-04-18 12:07 . 2008-07-20 21:16 -------- d-----w c:\program files\Warcraft III
2009-04-15 15:07 . 2008-03-16 20:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 13:29 . 2007-05-24 22:32 -------- d-----w c:\program files\ChickenInvadersROTYXmas
2009-04-11 08:25 . 2009-01-07 19:10 -------- d-----w c:\program files\Teddy Factory
2009-04-07 15:25 . 2007-06-17 09:39 3364 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-07 14:45 . 2006-07-25 17:21 -------- d-----w c:\program files\Call of Duty
2009-04-06 15:15 . 2006-11-16 16:31 45056 ----a-w c:\windows\NCUNINST.EXE
2009-03-31 13:16 . 2009-03-31 13:16 -------- d-----w c:\program files\KONAMI
2009-03-20 15:20 . 2007-02-24 19:54 -------- d-----w c:\program files\QuickTime
2009-03-20 15:20 . 2009-02-27 21:47 -------- d-----w c:\program files\Cooking Academy 2 World Cuisine
2009-03-14 09:34 . 2009-03-14 09:34 -------- d-----w c:\program files\EA GAMES
2009-03-13 17:59 . 2007-05-06 12:59 -------- d-----w c:\documents and settings\1\Application Data\MegauploadToolbar
2009-03-12 13:29 . 2009-03-12 13:29 1002752 ----a-w C:\JournalViewer1.5_KB886179_ENU.exe
2009-03-11 17:55 . 2009-01-15 10:01 230424 ----a-w C:\img1-001.raw
2009-03-08 18:10 . 2006-07-28 06:28 89360 ----a-w c:\documents and settings\1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 18:06 . 2009-03-08 18:06 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-08 18:05 . 2009-03-08 18:05 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-08 18:00 . 2009-03-08 18:00 -------- d-----w c:\program files\Microsoft
2009-03-08 17:40 . 2009-03-08 17:40 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-08 17:38 . 2009-03-08 17:37 1150824 ----a-w c:\program files\wlsetup-custom.exe
2009-03-02 14:20 . 2008-12-18 22:39 -------- d-----w c:\program files\Airport Mania - First Flight
2009-02-27 21:48 . 2008-07-20 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-02-27 09:43 . 2007-04-14 01:36 -------- d-----w c:\documents and settings\1\Application Data\uTorrent
2009-02-26 08:38 . 2008-10-27 08:06 -------- d-----w c:\program files\MP4Tool
2009-02-06 18:20 . 2009-02-06 18:20 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-03 22:27 . 2006-10-25 10:12 88776 ----a-w c:\documents and settings\1\Application Data\GDIPFONTCACHEV1.DAT
2008-11-09 16:01 . 2008-11-09 15:24 602 ----a-w c:\documents and settings\1\Application Data\filterclsid.dat
2008-11-02 16:08 . 2008-05-12 15:45 7 ----a-w c:\program files\UsrPrefs.xml
2008-11-02 16:08 . 2008-05-31 11:56 96 ----a-w c:\program files\GAMEOPT.INI
2005-01-28 23:20 . 2008-05-12 15:44 3194880 ----a-w c:\program files\playboy_-_the_mansion.exe
2005-01-28 06:12 . 2008-05-12 15:44 374 ----a-w c:\program files\setup.bat
2005-01-27 13:33 . 2008-05-12 15:44 348160 ----a-w c:\program files\msvcr71.dll
2005-01-27 13:15 . 2008-05-12 15:44 499712 ----a-w c:\program files\msvcp71.dll
2005-01-11 11:33 . 2008-05-12 15:46 14032 ----a-w c:\program files\readme.txt
2004-11-08 07:03 . 2008-05-12 15:50 151 ----a-w c:\program files\CtlPrefs.xml
2006-10-11 08:2008-05-03 20:27 04:58 . c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:2008-05-03 20:27 04:59 . c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:2008-05-03 20:27 05:03 . c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:2008-05-03 20:27 05:03 . c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:2008-05-03 20:27 04:58 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-04-12 917504]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-30 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
"wave1"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Install\\utorrent.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R3 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2007-12-26 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2007-12-26 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2007-12-26 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2007-12-26 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2007-12-26 83344]
S1 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2002-07-11 26428]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]

.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
Trusted Zone: bancaintesabeograd.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-23 00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1767777339-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\msi.dll
.
Completion time: 2009-04-22 0:17
ComboFix-quarantined-files.txt 2009-04-22 22:17
ComboFix2.txt 2009-04-22 20:03
ComboFix3.txt 2009-01-31 20:02

Pre-Run: 7.104.188.416 bytes free
Post-Run: 7.095.037.952 bytes free

155

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Kakvo je sad stanje, rekao bih da je OK?

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

I meni se cini da je super.Videcu do sutra kako se ponasa pa javljam. Hvala puno.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Pogledao bih jos nesto:

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Iskopiraj sadržaj tog izveštaja u iduću poruku.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

ComboFix 09-04-23.02 - 1 23.04.2009 0:12.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.877 [GMT 2:00]
Running from: c:\documents and settings\1\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.50 *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-22 10:31 . 2009-04-22 10:31 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-22 10:31 . 2009-04-22 10:31 1409 ----a-w c:\windows\QTFont.for
2009-03-30 14:35 . 2009-03-30 14:35 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-30 14:35 . 2009-03-30 14:35 -------- d-----w c:\documents and settings\1\Application Data\skypePM
2009-03-30 14:33 . 2009-04-22 14:17 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-25 12:12 . 2009-03-25 12:12 1986469 ----a-w C:\PacManicworld.exe
2009-03-25 10:55 . 2009-03-25 10:55 1244246 ----a-w C:\teenage_mutant_ninja_turtles_the_hyperstone_heist.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 15:41 . 2007-04-11 15:23 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-22 15:40 . 2008-06-14 12:56 -------- d-----w c:\program files\Burger Shop
2009-04-22 15:40 . 2008-07-03 17:28 -------- d-----w c:\program files\Supercow
2009-04-22 14:09 . 2009-03-12 13:30 -------- d-----w c:\documents and settings\1\Application Data\Windows Live Writer
2009-04-22 14:09 . 2009-04-22 14:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-22 14:09 . 2006-07-21 17:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 14:07 . 2009-02-28 18:03 -------- d-----w c:\program files\Sega
2009-04-22 14:07 . 2009-03-08 18:00 -------- d-----w c:\program files\Windows Live
2009-04-22 14:07 . 2006-07-24 02:06 -------- d-----w c:\program files\MSN Messenger
2009-04-22 14:07 . 2007-07-11 21:11 -------- d-----w c:\program files\Belltech Business Card Designer Pro
2009-04-22 14:07 . 2006-07-21 17:24 -------- d-----w c:\program files\Mv2Player
2009-04-22 14:07 . 2009-03-14 09:50 -------- d-----w c:\documents and settings\All Users\Application Data\NFS Underground
2009-04-22 14:06 . 2009-03-25 10:56 -------- d-----w c:\program files\Teenage Mutant Ninja Turtles - The Hyperstone Heist
2009-04-22 14:05 . 2007-04-11 20:55 -------- d--h--r c:\documents and settings\1\Application Data\yahoo!
2009-04-18 12:07 . 2008-07-20 21:16 -------- d-----w c:\program files\Warcraft III
2009-04-15 15:07 . 2008-03-16 20:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 13:29 . 2007-05-24 22:32 -------- d-----w c:\program files\ChickenInvadersROTYXmas
2009-04-11 08:25 . 2009-01-07 19:10 -------- d-----w c:\program files\Teddy Factory
2009-04-07 15:25 . 2007-06-17 09:39 3364 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-07 14:45 . 2006-07-25 17:21 -------- d-----w c:\program files\Call of Duty
2009-04-06 15:15 . 2006-11-16 16:31 45056 ----a-w c:\windows\NCUNINST.EXE
2009-03-31 13:16 . 2009-03-31 13:16 -------- d-----w c:\program files\KONAMI
2009-03-20 15:20 . 2007-02-24 19:54 -------- d-----w c:\program files\QuickTime
2009-03-20 15:20 . 2009-02-27 21:47 -------- d-----w c:\program files\Cooking Academy 2 World Cuisine
2009-03-14 09:34 . 2009-03-14 09:34 -------- d-----w c:\program files\EA GAMES
2009-03-13 17:59 . 2007-05-06 12:59 -------- d-----w c:\documents and settings\1\Application Data\MegauploadToolbar
2009-03-12 13:29 . 2009-03-12 13:29 1002752 ----a-w C:\JournalViewer1.5_KB886179_ENU.exe
2009-03-11 17:55 . 2009-01-15 10:01 230424 ----a-w C:\img1-001.raw
2009-03-08 18:10 . 2006-07-28 06:28 89360 ----a-w c:\documents and settings\1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 18:06 . 2009-03-08 18:06 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-08 18:05 . 2009-03-08 18:05 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-08 18:00 . 2009-03-08 18:00 -------- d-----w c:\program files\Microsoft
2009-03-08 17:40 . 2009-03-08 17:40 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-08 17:38 . 2009-03-08 17:37 1150824 ----a-w c:\program files\wlsetup-custom.exe
2009-03-02 14:20 . 2008-12-18 22:39 -------- d-----w c:\program files\Airport Mania - First Flight
2009-02-27 21:48 . 2008-07-20 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-02-27 09:43 . 2007-04-14 01:36 -------- d-----w c:\documents and settings\1\Application Data\uTorrent
2009-02-26 08:38 . 2008-10-27 08:06 -------- d-----w c:\program files\MP4Tool
2009-02-06 18:20 . 2009-02-06 18:20 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-03 22:27 . 2006-10-25 10:12 88776 ----a-w c:\documents and settings\1\Application Data\GDIPFONTCACHEV1.DAT
2008-11-09 16:01 . 2008-11-09 15:24 602 ----a-w c:\documents and settings\1\Application Data\filterclsid.dat
2008-11-02 16:08 . 2008-05-12 15:45 7 ----a-w c:\program files\UsrPrefs.xml
2008-11-02 16:08 . 2008-05-31 11:56 96 ----a-w c:\program files\GAMEOPT.INI
2005-01-28 23:20 . 2008-05-12 15:44 3194880 ----a-w c:\program files\playboy_-_the_mansion.exe
2005-01-28 06:12 . 2008-05-12 15:44 374 ----a-w c:\program files\setup.bat
2005-01-27 13:33 . 2008-05-12 15:44 348160 ----a-w c:\program files\msvcr71.dll
2005-01-27 13:15 . 2008-05-12 15:44 499712 ----a-w c:\program files\msvcp71.dll
2005-01-11 11:33 . 2008-05-12 15:46 14032 ----a-w c:\program files\readme.txt
2004-11-08 07:03 . 2008-05-12 15:50 151 ----a-w c:\program files\CtlPrefs.xml
2006-10-11 08:2008-05-03 20:27 04:58 . c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:2008-05-03 20:27 04:59 . c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:2008-05-03 20:27 05:03 . c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:2008-05-03 20:27 05:03 . c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:2008-05-03 20:27 04:58 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-04-12 917504]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-30 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
"wave1"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Install\\utorrent.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R3 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2007-12-26 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2007-12-26 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2007-12-26 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2007-12-26 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2007-12-26 83344]
S1 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2002-07-11 26428]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]

.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
Trusted Zone: bancaintesabeograd.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-23 00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1767777339-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\msi.dll
.
Completion time: 2009-04-22 0:17
ComboFix-quarantined-files.txt 2009-04-22 22:17
ComboFix2.txt 2009-04-22 20:03
ComboFix3.txt 2009-01-31 20:02

Pre-Run: 7.104.188.416 bytes free
Post-Run: 7.095.037.952 bytes free

155

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Pogresan log, trebalo je da postavis log od programa: RootRepeal.

offline
  • Pridružio: 18 Jan 2009
  • Poruke: 199

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/04/23 00:36
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7473000 Size: 98304 File Visible: No
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\1\LOCALS~1\Temp\catchme.sys
Address: 0xF77E7000 Size: 31744 File Visible: No
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7657000 Size: 60416 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAF465000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAC3D000 Size: 8192 File Visible: No
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF79D9000 Size: 6464 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE670000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\sccfg.sys
Status: Invisible to the Windows API!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "vax347b.sys" at address 0xf75bcbb8

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf777336a

#: 041 Function Name: NtCreateKey
Status: Hooked by "vax347b.sys" at address 0xf75bcb70

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "vax347b.sys" at address 0xf75b0c70

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "vax347b.sys" at address 0xf75b14fe

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "vax347b.sys" at address 0xf75bccb0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7773cd8

#: 119 Function Name: NtOpenKey
Status: Hooked by "vax347b.sys" at address 0xf75bcb34

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7773842

#: 154 Function Name: NtQueryInformationProcess
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf77701e0

#: 160 Function Name: NtQueryKey
Status: Hooked by "vax347b.sys" at address 0xf75b151e

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "vax347b.sys" at address 0xf75bcc06

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf7774142

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "vax347b.sys" at address 0xf75bc450

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89788370 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x89309140 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x892f67e0 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_READ]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP]
Process: System Address: 0x892b8928 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8923c458 Size: -

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x89367030 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89265430 Size: -

Object: Hidden Code [Driver: NpfsЅఅ坓慤͈⃳�ᇐឹꀀ⋉阱, IRP_MJ_READ]
Process: System Address: 0x89259cf0 Size: -

Object: Hidden Code [Driver: Msfsȅ䵃慄쪈Ȃం扏楄䒸嶠褢, IRP_MJ_READ]
Process: System Address: 0x8923d468 Size: -

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x892752d8 Size: -

Object: Hidden Code [Driver: Cdfsȅ卆浩ȁం䵃䥖�Ũ叁Ȃ఍敋ꁹ, IRP_MJ_READ]
Process: System Address: 0x8933a758 Size: -

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8488
  • Gde živiš: Novi Beograd

Jel ima nekih problema?

Ko je trenutno na forumu
 

Ukupno su 646 korisnika na forumu :: 28 registrovanih, 4 sakrivenih i 614 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, arsa, Bane san, Duh sa sekirom, Dukelander, goxin, ikan, Kaplar2, liman, Marko Marković, MB120mm, moldway, mrav pesadinac, mrvica78, neutr-al, nikoladim, raptorsi, Simon simonović, Srki94, Vlad000, vlahale, vlvl, vobo, willie, x9, zexoni, 223223