MyCity » Ambulanta -> Arhiva Ambulante » Trebam pomoc, unapred hvala

Trebam pomoc, unapred hvala

Napisano na dan: 7.1.2009
2

Trebam pomoc, unapred hvala
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Jan 2009 00:18
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

OK. Resicemo to ovako:

Iskljuci Antivirus

Otvoriti Notepad i iskopirati sledeci tekst:

File::
D:\2fiji.com


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Poslao: 11 Jan 2009 22:20
Idi na vrh
offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Javljam se sutra.

Dopuna: 11 Jan 2009 22:20

ComboFix 09-01-07.01 - Biscom 2009-01-11 21:53:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.503.151 [GMT 1:00]
Running from: c:\documents and settings\Biscom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Biscom\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
FW: COMODO Firewall Pro *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\2fiji.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\2fiji.com

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 20:48 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-01-11 10:17 --------- d-----w c:\program files\LeaguePad
2009-01-10 23:32 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-08 13:27 --------- d-----w c:\program files\Hewlett-Packard
2009-01-07 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-07 13:22 --------- d-----w c:\documents and settings\Biscom\Application Data\SUPERAntiSpyware.com
2009-01-07 13:22 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-06 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-01-06 20:25 87,056 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-01-06 20:25 249,592 ----a-w c:\windows\system32\cssdll32.dll
2009-01-06 20:25 24,208 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-01-06 20:25 143,104 ----a-w c:\windows\system32\guard32.dll
2009-01-06 20:25 --------- d-----w c:\program files\COMODO
2009-01-06 20:25 --------- d-----w c:\documents and settings\Biscom\Application Data\Comodo
2009-01-06 18:28 --------- d-----w c:\program files\AIMP2
2009-01-05 23:18 --------- d-----w c:\program files\uTorrent
2009-01-05 23:18 --------- d-----w c:\documents and settings\Biscom\Application Data\uTorrent
2009-01-04 13:11 --------- d-----w c:\program files\GoWin Deluxe45
2009-01-03 20:01 --------- d-----w c:\program files\Soccer Stats Tracker
2008-12-29 14:33 --------- d-----w c:\program files\PC Soccer
2008-12-24 11:39 --------- d-----w c:\program files\OpenOffice.org 2.0
2008-12-24 11:33 --------- d-----w c:\documents and settings\Biscom\Application Data\OpenOffice.org2
2008-12-16 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 09:51 --------- d-----w c:\program files\Oddswiz
2008-12-11 20:26 720,896 ----a-w c:\windows\iun6002.exe
2008-12-11 19:02 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-12-11 19:02 253,952 ------w c:\windows\Setup1.exe
2008-12-11 10:28 --------- d-----w c:\program files\Mobile Master
2008-12-10 17:40 --------- d-----w c:\program files\Bet For Win
2008-12-09 11:29 --------- d-----w c:\program files\Betting Genius 3.04 Trial Version
2008-12-03 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-12-03 12:38 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-03 12:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 12:33 --------- d-----w c:\program files\Firefly Studios
2008-11-29 19:47 --------- d-----w c:\program files\GameSpy Arcade
2008-11-27 23:38 --------- d-----w c:\program files\Mv2Player
2008-11-20 10:38 --------- d-----w c:\program files\THQ
2008-11-20 10:38 --------- d-----w c:\program files\Desktop Currency Converter
2008-11-18 18:30 --------- d-----w c:\documents and settings\Biscom\Application Data\Free Download Manager
2008-11-13 14:24 --------- d-----w c:\program files\LingvoSoft
2006-07-30 22:20 959 --sha-r c:\windows\system32\autorun.bin
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 18:49:28 69,750 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-11 20:37:02 69,750 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-07 18:49:28 414,216 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-11 20:37:02 414,216 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-20 950664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-06 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-06 1655552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 01:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2009-01-06 21:24 1655552 c:\program files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"hpqwmiex"=2 (0x2)
"AdobeActiveFileMonitor6.0"=2 (0x2)
"RichVideo"=3 (0x3)
"CiSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"cmdAgent"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
"Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-06 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-06 24208]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-03-06 3026]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-20 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37:48 41456]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
S4 qxvbq;Monitor Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
qxvbq
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2009-01-11 c:\windows\Tasks\Winamp.job
- c:\progra~1\Winamp\winamp.exe [2007-12-20 16:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: content.switch.threshold - 750000
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: network.http.max-connections-per-server - 4
c:\program files\Mozilla Firefox 3 Beta 4\greprefs\all.js - pref("security.fileuri.origin_policy", 2);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-11 21:57:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxvbq]
"ServiceDll"="c:\windows\system32\nlpkuomc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-01-11 22:01:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-11 21:01:31
ComboFix2.txt 2009-01-11 20:37:53
ComboFix3.txt 2009-01-10 12:16:21
ComboFix4.txt 2009-01-08 14:03:54
ComboFix5.txt 2009-01-11 20:51:02

Pre-Run: 26,927,882,240 bytes free
Post-Run: 26,913,431,552 bytes free

231



Poslao: 11 Jan 2009 23:16
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Da li si ti dirao nesto na svoju ruku, a ja po logovima mogu reci da jesi?

Poslao: 12 Jan 2009 00:54
Idi na vrh
offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Ne znam kako ali se stanje vratilo na staro, opet sam pokupio istu stvar.Vjerovatno mi je na sticku.Onda sam ponovio proceduru.Nemoj mi reci da sam nesto zeznuo.

Poslao: 12 Jan 2009 07:12
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Ja te lepo pitam da li si nesto radio na svoju ruku i sta? Pokretao si CF 10.1.2009. Zasto???

Poslao: 12 Jan 2009 22:26
Idi na vrh
offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Pokretao sam ga da obrisem fajl D:\2fiji.com, onda je bilo sve u redu.Medjutim posle toga se virus ili sta vec vratio pa sam, opet ponaavljam, ponovio citavu proceduru.Sad nema prijasnjih simptoma niti fajla 2fiji.com.Izgleda da je sve u redu.

Poslao: 13 Jan 2009 19:01
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Priloži dobijeni izveštaj uz poruku korišćenjem opcije Prikači fajl.

Poslao: 14 Jan 2009 19:48
Idi na vrh
offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Sve sam uradio kako si rekao, ali se RootRepeal sam ugasio posle 2-3 min.
Nasao sam log u kome ovo pise:

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x0042425b
Attempt to read from address: 0x00000008

Poslao: 14 Jan 2009 20:19
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Izvini na cimanju, ali infekcija se ponovo vraca.

Postavi mi novi HJT log, ComboFix log i uradices sledece skeniranje:

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Poslao: 15 Jan 2009 01:11
Idi na vrh
offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:37 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Networking Wizard\mngui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Biscom\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4CFF1B5-A265-42F2-BDC9-3AB35230648B}: NameServer = 81.93.67.2 81.93.67.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6626 bytes

Dopuna: 15 Jan 2009 0:58

ComboFix 09-01-07.01 - Biscom 2009-01-15 0:45:02.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.503.137 [GMT 1:00]
Running from: c:\documents and settings\Biscom\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
FW: COMODO Firewall Pro *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-08 14:27 . 2009-01-08 14:27 <DIR> d-------- C:\spoolerlogs
2009-01-07 14:22 . 2009-01-11 00:32 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\Biscom\Application Data\SUPERAntiSpyware.com
2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-06 21:25 . 2009-01-06 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-01-06 21:25 . 2009-01-06 21:25 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-06 21:25 . 2009-01-06 21:25 143,104 --a------ c:\windows\system32\guard32.dll
2009-01-06 21:25 . 2009-01-06 21:25 87,056 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-01-06 21:25 . 2009-01-06 21:25 24,208 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-01-04 17:01 . 2009-01-06 00:18 <DIR> d-------- c:\program files\uTorrent
2008-12-28 17:13 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-28 17:13 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-24 12:33 . 2008-12-24 12:33 <DIR> d-------- c:\documents and settings\Biscom\Application Data\OpenOffice.org2
2008-12-24 12:32 . 2008-12-24 12:39 <DIR> d-------- c:\program files\OpenOffice.org 2.0
2008-12-24 10:46 . 2008-12-24 10:46 265,728 --a------ c:\windows\system32\MSCOMCTL.oca
2008-12-24 10:46 . 2008-12-24 10:46 64,000 --a------ c:\windows\system32\RICHTX32.oca
2008-12-24 10:46 . 2008-12-24 10:46 35,840 --a------ c:\windows\system32\comdlg32.oca
2008-12-24 10:23 . 2008-12-24 10:23 69,632 --a------ c:\windows\system32\MSDATLST.oca
2008-12-24 10:23 . 2008-12-24 10:23 65,536 --a------ c:\windows\system32\MSDATGRD.oca
2008-12-24 10:23 . 2008-12-24 10:23 44,032 --a------ c:\windows\system32\MSDATREP.oca
2008-12-24 10:23 . 2008-12-24 10:23 35,840 --a------ c:\windows\system32\MSADODC.oca

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 23:36 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-01-11 10:17 --------- d-----w c:\program files\LeaguePad
2009-01-08 13:27 --------- d-----w c:\program files\Hewlett-Packard
2009-01-07 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-06 20:25 --------- d-----w c:\program files\COMODO
2009-01-06 20:25 --------- d-----w c:\documents and settings\Biscom\Application Data\Comodo
2009-01-06 18:28 --------- d-----w c:\program files\AIMP2
2009-01-05 23:18 --------- d-----w c:\documents and settings\Biscom\Application Data\uTorrent
2009-01-04 13:11 --------- d-----w c:\program files\GoWin Deluxe45
2009-01-03 20:01 --------- d-----w c:\program files\Soccer Stats Tracker
2008-12-29 14:33 --------- d-----w c:\program files\PC Soccer
2008-12-16 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 09:51 --------- d-----w c:\program files\Oddswiz
2008-12-11 20:26 720,896 ----a-w c:\windows\iun6002.exe
2008-12-11 19:02 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-12-11 19:02 253,952 ------w c:\windows\Setup1.exe
2008-12-11 10:28 --------- d-----w c:\program files\Mobile Master
2008-12-10 17:40 --------- d-----w c:\program files\Bet For Win
2008-12-09 11:29 --------- d-----w c:\program files\Betting Genius 3.04 Trial Version
2008-12-03 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-12-03 12:38 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-03 12:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 12:33 --------- d-----w c:\program files\Firefly Studios
2008-11-29 19:47 --------- d-----w c:\program files\GameSpy Arcade
2008-11-27 23:38 --------- d-----w c:\program files\Mv2Player
2008-11-20 10:38 --------- d-----w c:\program files\THQ
2008-11-20 10:38 --------- d-----w c:\program files\Desktop Currency Converter
2008-11-18 18:30 --------- d-----w c:\documents and settings\Biscom\Application Data\Free Download Manager
2006-07-30 22:20 959 --sha-r c:\windows\system32\autorun.bin
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 18:49:28 69,750 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-13 19:04:25 69,750 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-07 18:49:28 414,216 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-13 19:04:25 414,216 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-20 950664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-06 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-06 1655552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 01:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2009-01-06 21:24 1655552 c:\program files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"hpqwmiex"=2 (0x2)
"AdobeActiveFileMonitor6.0"=2 (0x2)
"RichVideo"=3 (0x3)
"CiSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"cmdAgent"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
"Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-06 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-06 24208]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-03-06 3026]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-20 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37:48 41456]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
S4 qxvbq;Monitor Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
qxvbq
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2009-01-13 c:\windows\Tasks\Winamp.job
- c:\progra~1\Winamp\winamp.exe [2007-12-20 16:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: c:\windows\system32\imon.dll
TCP: {D4CFF1B5-A265-42F2-BDC9-3AB35230648B} = 81.93.67.2 81.93.67.6
FF - ProfilePath - c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: content.switch.threshold - 750000
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: network.http.max-connections-per-server - 4
c:\program files\Mozilla Firefox 3 Beta 4\greprefs\all.js - pref("security.fileuri.origin_policy", 2);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-15 00:47:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxvbq]
"ServiceDll"="c:\windows\system32\nlpkuomc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948-)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\imon.dll
.
Completion time: 2009-01-15 0:48:33
ComboFix-quarantined-files.txt 2009-01-14 23:48:30
ComboFix2.txt 2009-01-11 21:01:39
ComboFix3.txt 2009-01-11 20:37:53
ComboFix4.txt 2009-01-10 12:16:21
ComboFix5.txt 2009-01-14 23:44:36

Pre-Run: 26,916,245,504 bytes free
Post-Run: 26,906,857,472 bytes free

231

Dopuna: 15 Jan 2009 1:11

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

MyCity » Ambulanta -> Arhiva Ambulante » Trebam pomoc, unapred hvala

Ko je trenutno na forumu
 

Ukupno su 944 korisnika na forumu :: 77 registrovanih, 6 sakrivenih i 861 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ArchaBasha, Asteker, bankulen, Barista, bavar357, Belac91, Bob.Rock, Bobrock1, boromir, bpvl, Chainsaw, Cicumile, CrazyDiablo, djordjemiklusev, doktor1964, dolinalima, Dovla 1980, Dukelander, dunavzed, duro1990duro, geo.dule, Giskard, glisok, goran.vvv, Goran_, Hemi, ivan1973, jalos, JimmyNapoli, jmsk, Jomini, K a s p e r, kalens021, kenny74, Kobrim, komsija1, koom0001, krkalon, LUDI, lukac, Mackomen, Martin543, MB120mm, mercedesamg, mikrimaus, Milan1996, milenko crazy north, Mis uz pusku, Natuzzi, nebojsag, neutrino, nikoladim, nnovakis, obsc, OgnjenMitric, omen, orjen, ostoja, pisac12, promajauglavi, Remarqe, rodoljub, royst33, Sonic, tecataki, TripleTwo, tritonus, Tvrtko I, VladaKG1980, voja64, Vojvoda81, volimpivuvolimrakiju, vrgudinac, Woya, ziggga, zule2