MyCity » Ambulanta -> Arhiva Ambulante » Treba mi pomoc

Treba mi pomoc

Napisano na dan: 4.11.2010

Strana:
1
2
3

Treba mi pomoc

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

friends555 Poslao: 04 Nov 2010 17:51 Idi na vrh
offline friends555 Građanin Pridružio: 30 Nov 2007 Poruke: 161	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ovo mi se pojavljuje : [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 04 Nov 2010 17:55 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tvoj Windows je 32 bitni. Isprati odgovarajuće uputstvo.

Profil

friends555 Poslao: 04 Nov 2010 21:12 Idi na vrh
offline friends555 Građanin Pridružio: 30 Nov 2007 Poruke: 161	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: DDS (Ver_10-11-03.01) - NTFSx86 Run by user at 20:47:02.25 on Thu 11/04/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1576 [GMT 1:00] AV: ESET NOD32 Antivirus 4.2 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\FaxTalk Communicator\FTCtrl32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe D:\Program Files\BitTorrent\BitTorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\FlvTube Toolbar\FlvTubeSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\FlvTube Toolbar\FlvTubeVideoToMp3.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Documents and Settings\All Users\Application Data\QueryBrowser\querybrowser111.exe C:\WINDOWS\system32\inetsrv\svchost.exe /service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\QueryBrowser\querybrowser.exe C:\WINDOWS\slrundll.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\user\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL TB: FlvTube Toolbar: {851552f5-b878-4b03-904f-2ad6a4cc8994} - "c:\program files\flvtube toolbar\flvtubetb.dll" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [BitTorrent] "d:\program files\bittorrent\BitTorrent.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [RegistryBooster] "d:\program files\uniblue\registrybooster\launcher.exe" delay 20000 mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [CallControl 4.5] c:\program files\faxtalk communicator\FTCtrl32.exe /autoload mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe" mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici] Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: cryptnet32 - cryptnet32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\4vcd0zkp.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: e:\program files\veetle\player\npvlc.dll FF - plugin: e:\program files\veetle\plugins\npVeetle.dll FF - plugin: e:\program files\veetle\vlcbroadcast\npvbp.dll ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-10-25 95896] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50:29];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144] R2 FlvTube Toolbar Helper;FlvTube Toolbar Helper;c:\program files\flvtube toolbar\FLVTubeSvc.exe [2010-10-12 255240] R2 QueryBrowser Service;QueryBrowser Service;c:\documents and settings\all users\application data\querybrowser\querybrowser111.exe [2010-10-28 57616] R2 svchost32;Windows Service Manager;c:\windows\system32\inetsrv\svchost.exe /service [2010-10-31 47484] =============== Created Last 30 ================ 2010-11-02 17:24:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\KONAMI 2010-10-31 22:39:25 296225 ----a-w- c:\windows\system32\shimg.dll 2010-10-31 22:39:24 46592 ----a-w- c:\windows\system32\cryptnet32.dll 2010-10-31 18:42:15 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll 2010-10-31 18:42:15 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll 2010-10-31 18:42:15 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe 2010-10-31 18:42:15 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll 2010-10-31 18:42:15 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll 2010-10-31 18:42:13 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll 2010-10-31 18:42:12 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll 2010-10-31 18:20:13 -------- d-----w- c:\docume~1\user\locals~1\applic~1\VirtuaTennis2009 2010-10-31 18:13:51 -------- d-----w- c:\windows\Logs 2010-10-31 18:12:44 -------- d-----w- c:\windows\system32\XPSViewer 2010-10-31 18:12:24 28160 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-10-31 18:12:18 14048 ------w- c:\windows\system32\spmsg2.dll 2010-10-31 16:23:55 32214 ----a-w- c:\windows\Sysvxd.exe 2010-10-31 15:23:46 47484 ----a-w- C:\~.exe 2010-10-28 13:14:12 -------- d-----w- c:\program files\QueryBrowser 2010-10-28 13:14:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\QueryBrowser 2010-10-28 13:13:43 -------- d-----w- c:\docume~1\user\applic~1\FlvTube Toolbar 2010-10-28 13:13:36 -------- d-----w- c:\program files\FlvTube Toolbar 2010-10-25 14:39:52 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple 2010-10-25 14:39:34 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple Computer 2010-10-14 13:22:28 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2010-10-14 13:22:26 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2010-10-14 13:22:26 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2010-10-14 13:22:23 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2010-10-14 13:22:23 255848 ----a-w- c:\windows\system32\xactengine2_6.dll 2010-10-08 16:55:00 -------- d-----w- c:\docume~1\user\locals~1\applic~1\PowerDVDCox 2010-10-08 16:54:55 -------- d-----w- c:\docume~1\user\locals~1\applic~1\PowerDVDCinema ==================== Find3M ==================== 2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-31 08:48:59 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-31 08:48:59 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-08-31 08:48:58 505128 ----a-w- c:\windows\system32\msvcp71.dll ============= FINISH: 20:47:10.53 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 04 Nov 2010 23:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

friends555 Poslao: 05 Nov 2010 00:34 Idi na vrh
offline friends555 Građanin Pridružio: 30 Nov 2007 Poruke: 161	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-11-03.04 - user 11/05/2010 0:27.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1458 [GMT 1:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\~.exe c:\documents and settings\All Users\Documents\Server\admin.txt c:\program files\FlvTube Toolbar\flvtubetb.dll c:\windows\system32\crt.dat c:\windows\system32\cryptnet32.dll c:\windows\system32\shimg.dll c:\windows\Sysvxd.exe c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SVCHOST32 -------\Service_svchost32 ((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 ))))))))))))))))))))))))))))))) . 2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI 2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009 2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs 2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer 2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies 2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-10-28 13:14 . 2010-10-29 05:44 -------- d-----w- c:\program files\QueryBrowser 2010-10-28 13:14 . 2010-10-28 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\QueryBrowser 2010-10-28 13:13 . 2010-10-28 13:14 -------- d-----w- c:\documents and settings\user\Application Data\FlvTube Toolbar 2010-10-28 13:13 . 2010-11-04 23:30 -------- d-----w- c:\program files\FlvTube Toolbar 2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer 2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead 2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll 2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox 2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema 2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll . ------- Sigcheck ------- [-] 2008-07-25 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-04-14 . 2ED23E969A00E67D1C2EF2534B943BC1 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 0C17E035CD1336F46F6D7C7727EF4059 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-07-25 123904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "d:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144] R2 FlvTube Toolbar Helper;FlvTube Toolbar Helper;c:\program files\FlvTube Toolbar\FLVTubeSvc.exe [10/12/2010 10:38 PM 255240] R2 QueryBrowser Service;QueryBrowser Service;c:\documents and settings\All Users\Application Data\QueryBrowser\querybrowser111.exe [10/28/2010 2:16 PM 57616] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: e:\program files\Veetle\Player\npvlc.dll FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll . - - - - ORPHANS REMOVED - - - - Toolbar-{851552F5-B878-4b03-904F-2AD6A4CC8994} - c:\program files\FlvTube Toolbar\flvtubetb.dll WebBrowser-{851552F5-B878-4B03-904F-2AD6A4CC8994} - c:\program files\FlvTube Toolbar\flvtubetb.dll HKCU-Run-RegistryBooster - d:\program files\Uniblue\RegistryBooster\launcher.exe AddRemove-QueryBrowser - c:\program files\QueryBrowser\uninstall.exe ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3620) c:\program files\QueryBrowser\querybrowser.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\FlvTube Toolbar\FlvTubeVideoToMp3.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\FaxTalk Communicator\FAPIEXE.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\IoctlSvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\windows\system32\dllhost.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\windows\system32\wscntfy.exe c:\windows\eHome\ehmsas.exe c:\windows\slrundll.exe c:\program files\QueryBrowser\querybrowser.exe . ************************************************************************ . Completion time: 2010-11-05 00:33:55 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-04 23:33 Pre-Run: 29,819,215,872 bytes free Post-Run: 30,485,401,600 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - D608FDCAA8E8A677DFF1F80D4C5846AB

Profil

dr_Bora Poslao: 05 Nov 2010 15:26 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deinstaliraj (ukoliko je moguće) sledeće programe: FlvTube Toolbar Homepage Protection Service QueryBrowser 1.0 build 111 Uploaduj file-ove: c:\windows\system32\winlogon.exe c:\windows\explorer.exe preko ovog linka: [Link mogu videti samo ulogovani korisnici] Otvoriti Notepad i iskopirati sledeci tekst: Folder:: c:\program files\QueryBrowser c:\documents and settings\All Users\Application Data\QueryBrowser c:\documents and settings\user\Application Data\FlvTube Toolbar c:\program files\FlvTube Toolbar Driver:: FlvTube Toolbar Helper QueryBrowser Service Firefox:: FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords= FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube RegLock:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

friends555 Poslao: 05 Nov 2010 21:50 Idi na vrh
offline friends555 Građanin Pridružio: 30 Nov 2007 Poruke: 161	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 05 Nov 2010 20:13 Uspio sam da obrisem onaj flv tube i ovaj drugi ali ovaj treci nisam uspio naci i postavio sam ono na upload ComboFix 10-11-05.01 - user 11/05/2010 20:02:46.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1430 [GMT 1:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\QueryBrowser c:\documents and settings\All Users\Application Data\QueryBrowser\querybrowser111.exe c:\documents and settings\user\Application Data\FlvTube Toolbar c:\documents and settings\user\Application Data\FlvTube Toolbar\images\divider.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\facebook.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\feeditem.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\games.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\news.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\saveyoutubevideos-on.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\saveyoutubevideos.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\shopping.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\watermark.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\weatherbug.png c:\documents and settings\user\Application Data\FlvTube Toolbar\images\YouTube.png c:\documents and settings\user\Application Data\FlvTube Toolbar\pref.xml c:\documents and settings\user\Application Data\FlvTube Toolbar\tbconfig.xml c:\documents and settings\user\Application Data\FlvTube Toolbar\weather.xml c:\program files\FlvTube Toolbar c:\program files\QueryBrowser c:\program files\QueryBrowser\querybrowser.dll c:\program files\QueryBrowser\querybrowser.exe c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_QUERYBROWSER_SERVICE -------\Service_QueryBrowser Service ((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 ))))))))))))))))))))))))))))))) . 2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI 2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009 2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs 2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer 2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies 2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer 2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead 2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll 2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox 2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema 2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll . ------- Sigcheck ------- [-] 2008-07-25 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys [-] 2008-04-14 . 2ED23E969A00E67D1C2EF2534B943BC1 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 0C17E035CD1336F46F6D7C7727EF4059 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-04 23:37 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll + 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-07-25 123904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "d:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: e:\program files\Veetle\Player\npvlc.dll FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2010-11-05 20:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2832) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\FaxTalk Communicator\FAPIEXE.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\IoctlSvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\dllhost.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\windows\system32\wscntfy.exe c:\windows\eHome\ehmsas.exe c:\windows\slrundll.exe . ************************************************************************ . Completion time: 2010-11-05 20:10:36 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-05 19:10 ComboFix2.txt 2010-11-04 23:33 Pre-Run: 30,357,901,312 bytes free Post-Run: 30,347,595,776 bytes free - - End Of File - - 64C70BE58F832FB70CEE222EB09EABC0 Dopuna: 05 Nov 2010 21:50 ComboFix 10-11-05.01 - user 11/05/2010 21:35:46.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1514 [GMT 1:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\explorer.exe c:\windows\system32\crt.dat c:\windows\system32\cryptnet32.dll c:\windows\system32\shimg.dll C:\winlogon.exe c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 ))))))))))))))))))))))))))))))) . 2010-11-05 20:31 . 2008-04-14 03:42 507904 ----a-w- c:\windows\system32\dllcache\winlogon.exe 2010-11-05 20:31 . 2008-04-14 03:42 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe 2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI 2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009 2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs 2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer 2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies 2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer 2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead 2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll 2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox 2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema 2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll . ------- Sigcheck ------- [-] 2008-07-25 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys [-] 2008-04-14 . 2ED23E969A00E67D1C2EF2534B943BC1 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 4C6174082E58BD30527318D634448BA7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [-] 2008-04-14 . 0C17E035CD1336F46F6D7C7727EF4059 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 29C3197BAEC50CAF1B7557CDFA5194B2 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-04 23:37 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll + 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-07-25 123904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "d:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: e:\program files\Veetle\Player\npvlc.dll FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2010-11-05 21:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-11-05 21:39:38 ComboFix-quarantined-files.txt 2010-11-05 20:39 ComboFix2.txt 2010-11-05 19:10 ComboFix3.txt 2010-11-04 23:33 Pre-Run: 30,367,989,760 bytes free Post-Run: 30,357,598,208 bytes free - - End Of File - - 44192EC652CB53041AB4E69811F8A7C1

Profil

dr_Bora Poslao: 05 Nov 2010 22:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet raspakuj files.zip na C: disk. Nakon toga... Preuzmi BlitzBlank sa sledeće adrese na Desktop: [Link mogu videti samo ulogovani korisnici] Pokreni BlitzBlank (dvoklikom na ikonicu); Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `MoveFile: c:\winlogon.exe c:\windows\system32\winlogon.exe c:\explorer.exe c:\windows\explorer.exe` Izvršiti komandu klikom na taster Execute Now; Na oba upita kliknuti OK. Napomena: Nakon restarta računara izveštaj će biti sačuvan pod nazivom blitzblank.log na sistemskoj particiji (tipična lokacija: C:\blitzblank.log); Sadržaj izveštaja blitzblank.log je potrebno iskopirati ovde u poruci. Nakon svega postavi svež ComboFix log.

Profil

friends555 Poslao: 06 Nov 2010 12:50 Idi na vrh
offline friends555 Građanin Pridružio: 30 Nov 2007 Poruke: 161	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sada jos vecih problema ali cini mi se da ovo nece da se popravi bez reinstalacije , kada sam pokrenuo BlitzBlank i kopirao to sto si mi rekao pojavila mi se poruka da izgasim sve ukljucene programe i da ce se nakon restarta komp. pokrenuti program ili tako nesto i samo je tako stajalo dugo vremena i onda sam ja restartovo komp. rucno (sada shvatam da je to bila greska sto sam uradio ) i posle toga nema sanse da se upali komp. , dodje do onoga kada pise windows xp i pocne ocitavat i onda pocrni ekran i restartuje se i tako stalno .

Profil

dr_Bora Poslao: 06 Nov 2010 13:12 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokušaćemo srediti... Kad upališ kompjuter, pritiskuj taster F8. Pojaviće se meni u kome treba da izabereš Microsoft Windows XP, a zatim meni u kome treba da izabereš Last known good configuration. Ako se Windows nije pokrenuo nakon ovoga gore, onda... Kad upališ kompjuter, pritiskuj taster F8. Pojaviće se meni u kome treba da izabereš Microsoft Windows Recovery Console. Započeti će startovanje Recovery Console i bićeš upitan u koju instalaciju želiš da se uloguješ. Ukucaj 1 i potvrdi sa Enter. Slično možeš biti upitan i za password - ukucaj ga ili samo pritisni Enter ako ga nemaš. Na ekranu će se pojaviti sledeće: C:\Windows>_ Ukucaj: dir explorer.exe Zapiši tekst koji bude ispisan na ekranu. Ukucaj: cd system32 Zatim: dir winlogon.exe Zapiši tekst koji bude ispisan na ekranu i postavi ga ovde.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Treba mi pomoc

Ko je trenutno na forumu

Ukupno su 1350 korisnika na forumu :: 176 registrovanih, 12 sakrivenih i 1162 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 9191vs, A.R.Chafee.Jr., Aleksandar Tomić, AleksSE, Alka, alternator, amonsrb, Andrija357, Asteker, Avalon015, babaroga, baza, Baždaranac, Betta, Bobanzd, Bobrock1, boj.an, Bojan198527, bojan313, bokixl, Borkanović, boro975, boromir, boskelazo, BOXRR, BrcakRS, Bubimir, calc, casual03, ccoogg123, Centauro, Cicumile, CikaKURE, ClioP1, Clouseau, cojapop, Colt D, damirZR, dane007, dano, dearg, deki1001, Denaya, Dexlex, Df410, dj.ape, djboj, djonsule, Djota1, Doc, doktor097, Dolinc, dragoljub11987, DragoslavS, drale12, Drugard72, dulleo, DzigiNS, Electron, FileFinder, Filip1, gajasvi, GeoM, GH69, Gibli, gobrad, Goran_, gorantrojka, GORDI, GveX, Igritelj, Iskander, ivan1973, Jager715510, jalos, jeen yuhs, Jeremija98, jmsk, jodzula, JohnDoe, Jozo74, Još malo pa deda, Kajzer Soze, kib, king111, kmnmada, koko19, Kole1975, koneks, Kordon, Koridor, kuntakinte, Kvazar, kybonacci, Mali Rambo, Manjane, markolopin, Mediator, mercedesamg, Mickey91, Miki 24pbr, mikidragi, milan47, milanpb, mile.ilic75, MILO-VAN, MiloradKomadic, Milun24, Mldo, momcilob55, monomah, Mrav Obrad, mxzzz, Natuzzi, Nemanja.M, neutrino, nikolapetkovic, Nole, novator, Orijen, Pilence, ping15, pisac12, Povratak1912, precan, predragc, Prečanin30, R_038, Ray1973, razumihin, Reddot, redstar011, repac, Resad76, Resnica, RiV, Roksi, Romibrat, Sale0501, sap, saputnik plavetnila, Sarmat, Sava89, sekretar, Sevatar, SK66, smes_no, Sonic, Srle993, StankoVrankovic, Steeeefan, stegonosa, Szigetwar, Tas011, TheDictator, tomo2, Topaz9, trutcina, tuf, VanZan, Vaske8990, vazduh, veljkovicdani, vidra boy, Vladko, vlado_pg, vlahale, voja64, VP6919, vuk77, yiyi, Zastava, zdrebac, Zukov, zziko, 800077

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by