MyCity » Ambulanta -> Arhiva Ambulante » virus?

virus?

Napisano na dan: 18.4.2009

Strana:
1
2

virus?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Slaven980 Poslao: 18 Apr 2009 15:59 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 18 Apr 2009 15:55 U lokalnoj mrezi svi racunari mogu da pristupe internetu osom onog koji im omogucava net Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:52:18, on 18.4.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mouse Driver\KMWDSrv.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\Program Files\Adobe\Photoshop CS\Photoshop.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\4321\1234s.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com?SearchSource=10&ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- End of file - 9642 bytes Dopuna: 18 Apr 2009 15:59 ne mogu ni da otvorim total commander, ni cmd line

Profil

dr_Bora Poslao: 18 Apr 2009 17:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Ne bih rekao da je ovo prouzrokovano malware-om (a i log je čist). Ako želiš dodatnu proveru, odradićemo. Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Slaven980 Poslao: 18 Apr 2009 17:30 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 18 Apr 2009 17:27 evo i loga ComboFix 09-04-18.07 - Vitez 18.04.2009 17:16.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.354 [GMT 2:00] Running from: E:\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\gralyao.riu . ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-17 10:09 . 2009-04-17 10:09 43 ----a-w c:\windows\hpfccopy.INI 2009-04-16 10:57 . 2009-04-16 10:57 77508 ----a-w C:\Tehnicki_uslovi_za_internet.pdf 2009-04-14 23:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-14 23:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-14 23:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-14 23:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-14 23:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-14 23:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-14 23:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-14 23:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-14 23:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-14 23:41 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-14 23:41 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-14 23:41 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-03-31 16:50 . 2009-03-31 16:50 974304 ----a-w c:\windows\The Sagara Family Uninstaller.exe 2009-03-24 11:26 . 2009-03-24 11:59 404 ----a-w c:\windows\barcode.ini 2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 15:21 . 2008-08-18 11:54 -------- d-----w c:\documents and settings\Vitez\Application Data\skypePM 2009-04-18 14:39 . 2008-08-18 11:52 -------- d-----w c:\documents and settings\Vitez\Application Data\Skype 2009-04-18 13:39 . 2008-08-22 15:51 -------- d-----w c:\documents and settings\Vitez\Application Data\uTorrent 2009-04-18 13:28 . 2008-08-18 13:01 -------- d-----w c:\program files\Mozilla Thunderbird 2009-04-11 12:50 . 2009-01-30 17:03 -------- d-----w c:\program files\Winamp 2009-03-31 16:50 . 2009-03-31 16:49 -------- d-----w c:\program files\The Sagara Family 2009-03-19 13:06 . 2008-12-02 10:56 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-19 13:05 . 2008-09-26 12:20 -------- d-----w c:\program files\Java 2009-03-06 14:22 . 2004-08-04 00:56 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-02 21:56 . 2009-03-02 21:12 -------- d-----w c:\program files\DC++ 2009-03-02 12:05 . 2008-08-11 14:00 95440 ----a-w c:\documents and settings\Vitez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-02 11:58 . 2009-03-02 11:58 220096 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-03-02 11:57 . 2009-03-02 11:57 -------- d-----w c:\program files\MSBuild 2009-03-02 11:57 . 2009-03-02 11:57 -------- d-----w c:\program files\Reference Assemblies 2009-02-20 08:10 . 2004-08-04 00:56 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 00:56 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2004-08-04 00:56 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 00:56 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-04 00:56 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 00:56 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 11:13 . 2004-08-03 23:17 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-07 17:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2004-08-04 00:56 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-03 23:20 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2001-08-23 14:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 00:56 56832 ----a-w c:\windows\system32\secur32.dll 2009-02-03 17:39 . 2009-02-03 17:39 421888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe 2009-01-30 16:23 . 2009-01-30 16:23 3532 ----a-w C:\drmHeader.bin 2009-01-21 11:44 . 2009-01-21 11:44 604 ---ha-w c:\program files\STLL Notifier 2009-01-18 17:59 . 2008-09-27 09:13 43520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-08-11 14:45 . 2008-08-11 14:45 128 ----a-w c:\documents and settings\Vitez\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-02-14 12:54 1555480 ----a-w c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-16 185896] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-02-09 65024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Vitez\Start Menu\Programs\Startup\ æTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-8-22 270128] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-10-23 25214] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-11 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-5-4 32768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Corel\\Corel Graphics 12\\Programs\\CorelDRW.exe"= "c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "g:\nexon\combatarms\Combat Arms EU\CombatArms.exe"= g:\nexon\combatarms\Combat Arms EU\CombatArms.exe:Enabled:CombatArms.exe "g:\nexon\combatarms\Combat Arms EU\Engine.exe"= g:\nexon\combatarms\Combat Arms EU\Engine.exe:Enabled:Engine.exe "g:\\Nexon\\combatarms\\Combat Arms EU\\NMService.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584] R3 cpuz129;cpuz129; [x] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Vitez\Desktop\New Folder\kerneld.wnt [2005-08-17 7168] R3 jfdcd;jfdcd; [x] R4 Wuaidatded;Wuaidatded; [x] S0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2004-07-08 44928] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800] S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200] S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\Drivers\ALIEHCI.sys [2005-02-21 83596] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896] S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\DRIVERS\AliRtHub.sys [2005-02-21 5331] S3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2009-04-18 c:\windows\Tasks\JkDefrag.job - c:\4321\defrag\JkDefrag.exe [2009-01-27 20:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: raiffeisenbank.rs\rol FF - ProfilePath - c:\documents and settings\Vitez\Application Data\Mozilla\Firefox\Profiles\npkc0gzo.default\ FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-18 17:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Vitez\Desktop\New Folder\kerneld.wnt" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(864) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Mouse Driver\KMCONFIG.exe c:\program files\Mouse Driver\KMProcess.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe c:\program files\NetLimiter 2 Pro\nlsvc.exe c:\windows\system32\wdfmgr.exe c:\program files\NetLimiter 2 Pro\NLClient.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2009-04-18 17:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-18 15:24 ComboFix2.txt 2008-09-05 10:35 Pre-Run: 3.121.942.528 bytes free Post-Run: 3.210.653.696 bytes free 202 --- E O F --- 2009-04-15 01:03 Dopuna: 18 Apr 2009 17:30 Sve radi, cak i brze nego do sad ovo pisem sa racunara koji nije mogao da pristupi netu, otvara i total com i cmd

Profil

dr_Bora Poslao: 18 Apr 2009 18:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: jfdcd Wuaidatded` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Slaven980 Poslao: 18 Apr 2009 18:39 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-18.07 - Vitez 18.04.2009 18:27.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.148 [GMT 2:00] Running from: c:\documents and settings\Vitez\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vitez\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_JFDCD -------\Service_jfdcd -------\Service_Wuaidatded ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-17 10:09 . 2009-04-17 10:09 43 ----a-w c:\windows\hpfccopy.INI 2009-04-16 10:57 . 2009-04-16 10:57 77508 ----a-w C:\Tehnicki_uslovi_za_internet.pdf 2009-04-14 23:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-14 23:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-14 23:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-14 23:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-14 23:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-14 23:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-14 23:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-14 23:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-14 23:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-14 23:41 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-14 23:41 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-14 23:41 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-03-31 16:50 . 2009-03-31 16:50 974304 ----a-w c:\windows\The Sagara Family Uninstaller.exe 2009-03-24 11:26 . 2009-03-24 11:59 404 ----a-w c:\windows\barcode.ini 2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 16:33 . 2008-08-18 11:52 -------- d-----w c:\documents and settings\Vitez\Application Data\Skype 2009-04-18 16:32 . 2008-08-22 15:51 -------- d-----w c:\documents and settings\Vitez\Application Data\uTorrent 2009-04-18 16:23 . 2008-08-18 13:01 -------- d-----w c:\program files\Mozilla Thunderbird 2009-04-18 15:21 . 2008-08-18 11:54 -------- d-----w c:\documents and settings\Vitez\Application Data\skypePM 2009-04-11 12:50 . 2009-01-30 17:03 -------- d-----w c:\program files\Winamp 2009-03-31 16:50 . 2009-03-31 16:49 -------- d-----w c:\program files\The Sagara Family 2009-03-19 13:06 . 2008-12-02 10:56 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-19 13:05 . 2008-09-26 12:20 -------- d-----w c:\program files\Java 2009-03-06 14:22 . 2004-08-04 00:56 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-02 21:56 . 2009-03-02 21:12 -------- d-----w c:\program files\DC++ 2009-03-02 12:05 . 2008-08-11 14:00 95440 ----a-w c:\documents and settings\Vitez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-02 11:58 . 2009-03-02 11:58 220096 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-03-02 11:57 . 2009-03-02 11:57 -------- d-----w c:\program files\MSBuild 2009-03-02 11:57 . 2009-03-02 11:57 -------- d-----w c:\program files\Reference Assemblies 2009-02-20 08:10 . 2004-08-04 00:56 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 00:56 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2004-08-04 00:56 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 00:56 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-04 00:56 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 00:56 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 11:13 . 2004-08-03 23:17 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-07 17:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2004-08-04 00:56 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-03 23:20 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2001-08-23 14:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 00:56 56832 ----a-w c:\windows\system32\secur32.dll 2009-02-03 17:39 . 2009-02-03 17:39 421888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe 2009-01-30 16:23 . 2009-01-30 16:23 3532 ----a-w C:\drmHeader.bin 2009-01-21 11:44 . 2009-01-21 11:44 604 ---ha-w c:\program files\STLL Notifier 2009-01-18 17:59 . 2008-09-27 09:13 43520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-08-11 14:45 . 2008-08-11 14:45 128 ----a-w c:\documents and settings\Vitez\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-18_15.21.53 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-30 10:21 . 2009-04-18 16:32 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat - 2008-10-30 10:21 . 2009-04-18 15:21 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat + 2009-04-18 16:32 . 2009-04-18 16:32 16384 c:\windows\Temp\Perflib_Perfdata_9e0.dat + 2009-04-18 16:31 . 2009-04-18 16:31 16384 c:\windows\Temp\Perflib_Perfdata_298.dat + 2009-04-18 05:59 . 2009-04-18 16:32 32768 c:\windows\Temp\History\History.IE5\MSHist012009041820090419\index.dat - 2009-04-18 05:59 . 2009-04-18 15:21 32768 c:\windows\Temp\History\History.IE5\MSHist012009041820090419\index.dat + 2008-10-30 10:21 . 2009-04-18 16:32 32768 c:\windows\Temp\History\History.IE5\index.dat - 2008-10-30 10:21 . 2009-04-18 15:21 32768 c:\windows\Temp\History\History.IE5\index.dat + 2008-10-30 10:21 . 2009-04-18 16:32 16384 c:\windows\Temp\Cookies\index.dat - 2008-10-30 10:21 . 2009-04-18 15:21 16384 c:\windows\Temp\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-02-14 12:54 1555480 ----a-w c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-16 185896] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-02-09 65024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Vitez\Start Menu\Programs\Startup\ æTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-8-22 270128] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-10-23 25214] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-11 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-5-4 32768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Corel\\Corel Graphics 12\\Programs\\CorelDRW.exe"= "c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "g:\nexon\combatarms\Combat Arms EU\CombatArms.exe"= g:\nexon\combatarms\Combat Arms EU\CombatArms.exe:Enabled:CombatArms.exe "g:\nexon\combatarms\Combat Arms EU\Engine.exe"= g:\nexon\combatarms\Combat Arms EU\Engine.exe:Enabled:Engine.exe "g:\\Nexon\\combatarms\\Combat Arms EU\\NMService.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584] R3 cpuz129;cpuz129; [x] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Vitez\Desktop\New Folder\kerneld.wnt [2005-08-17 7168] S0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2004-07-08 44928] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800] S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200] S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\Drivers\ALIEHCI.sys [2005-02-21 83596] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896] S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\DRIVERS\AliRtHub.sys [2005-02-21 5331] S3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2009-04-18 c:\windows\Tasks\JkDefrag.job - c:\4321\defrag\JkDefrag.exe [2009-01-27 20:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: raiffeisenbank.rs\rol FF - ProfilePath - c:\documents and settings\Vitez\Application Data\Mozilla\Firefox\Profiles\npkc0gzo.default\ FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-18 18:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\jfdcd] "ImagePath"="\??\c:\docume~1\Vitez\LOCALS~1\Temp\jfdcd.sys" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wuaidatded] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Vitez\Desktop\New Folder\kerneld.wnt" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(864) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Mouse Driver\KMCONFIG.exe c:\program files\Mouse Driver\KMProcess.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe c:\program files\NetLimiter 2 Pro\nlsvc.exe c:\windows\system32\wdfmgr.exe c:\program files\NetLimiter 2 Pro\NLClient.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2009-04-18 18:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-18 16:35 ComboFix2.txt 2009-04-18 15:24 ComboFix3.txt 2008-09-05 10:35 Pre-Run: 3.166.314.496 bytes free Post-Run: 3.134.595.072 bytes free 223 --- E O F --- 2009-04-15 01:03

Profil

dr_Bora Poslao: 18 Apr 2009 19:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini na Desktop i pokreni dvoklikom: http://amf.mycity.rs/programs/ShowSelectKey.bat Iskopiraj ovde tekst koji će biti prikazan u Notepad-u.

Profil

Slaven980 Poslao: 22 Apr 2009 16:02 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! izvinite sto kasnim, posao Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\Select] "Current"=dword:00000001 "Default"=dword:00000001 "Failed"=dword:00000000 "LastKnownGood"=dword:00000003 牅潲⁴敲摡湩⁧敫⹹⸮ഠ

Profil

dr_Bora Poslao: 22 Apr 2009 16:22 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obriši trenutnu verziju ComboFix-a koju imaš, skini novu sa ranije datih linkova, pokreni program i postavi svež ComboFix log.

Profil

Slaven980 Poslao: 22 Apr 2009 17:22 Idi na vrh
offline Slaven980 Novi MyCity građanin Pridružio: 04 Sep 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-22.A23 - Vitez 22.04.2009 17:15.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.703 [GMT 2:00] Running from: c:\documents and settings\Vitez\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\Settings\s_pid.dat . ((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))))) . 2009-04-17 10:09 . 2009-04-17 10:09 43 ----a-w c:\windows\hpfccopy.INI 2009-04-16 10:57 . 2009-04-16 10:57 77508 ----a-w C:\Tehnicki_uslovi_za_internet.pdf 2009-04-14 23:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-14 23:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-14 23:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-14 23:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-14 23:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-14 23:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-14 23:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-14 23:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-14 23:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-14 23:41 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-14 23:41 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-14 23:41 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-03-31 16:50 . 2009-03-31 16:50 974304 ----a-w c:\windows\The Sagara Family Uninstaller.exe 2009-03-24 11:26 . 2009-03-24 11:59 404 ----a-w c:\windows\barcode.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 15:17 . 2008-08-18 11:52 -------- d-----w c:\documents and settings\Vitez\Application Data\Skype 2009-04-22 14:08 . 2008-08-18 11:54 -------- d-----w c:\documents and settings\Vitez\Application Data\skypePM 2009-04-22 12:28 . 2008-08-18 13:01 -------- d-----w c:\program files\Mozilla Thunderbird 2009-04-22 11:33 . 2008-08-22 15:51 -------- d-----w c:\documents and settings\Vitez\Application Data\uTorrent 2009-04-11 12:50 . 2009-01-30 17:03 -------- d-----w c:\program files\Winamp 2009-03-31 16:50 . 2009-03-31 16:49 -------- d-----w c:\program files\The Sagara Family 2009-03-19 13:06 . 2008-12-02 10:56 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-19 13:05 . 2008-09-26 12:20 -------- d-----w c:\program files\Java 2009-03-06 14:22 . 2004-08-04 00:56 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-02 21:56 . 2009-03-02 21:12 -------- d-----w c:\program files\DC++ 2009-03-02 12:05 . 2008-08-11 14:00 95440 ----a-w c:\documents and settings\Vitez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-02 11:58 . 2009-03-02 11:58 220096 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-03-02 11:57 . 2009-03-02 11:57 -------- d-----w c:\program files\MSBuild 2009-03-02 11:57 . 2009-03-02 11:57 -------- d-----w c:\program files\Reference Assemblies 2009-02-20 08:10 . 2004-08-04 00:56 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 00:56 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2004-08-04 00:56 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 00:56 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-04 00:56 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 00:56 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 11:13 . 2004-08-03 23:17 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-07 17:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2004-08-04 00:56 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-03 23:20 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2001-08-23 14:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 00:56 56832 ----a-w c:\windows\system32\secur32.dll 2009-02-03 17:39 . 2009-02-03 17:39 421888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe 2009-01-30 16:23 . 2009-01-30 16:23 3532 ----a-w C:\drmHeader.bin 2009-01-21 11:44 . 2009-01-21 11:44 604 ---ha-w c:\program files\STLL Notifier 2008-08-11 14:45 . 2008-08-11 14:45 128 ----a-w c:\documents and settings\Vitez\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-18_15.21.53 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-30 10:21 . 2009-04-22 06:38 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat - 2008-10-30 10:21 . 2009-04-18 15:21 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat + 2009-04-22 06:38 . 2009-04-22 06:38 16384 c:\windows\Temp\Perflib_Perfdata_714.dat + 2008-10-30 10:21 . 2009-04-22 06:38 32768 c:\windows\Temp\History\History.IE5\index.dat - 2008-10-30 10:21 . 2009-04-18 15:21 32768 c:\windows\Temp\History\History.IE5\index.dat + 2008-10-30 10:21 . 2009-04-22 06:38 16384 c:\windows\Temp\Cookies\index.dat - 2008-10-30 10:21 . 2009-04-18 15:21 16384 c:\windows\Temp\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-02-14 12:54 1555480 ----a-w c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-16 185896] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-02-09 65024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Vitez\Start Menu\Programs\Startup\ æTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-8-22 270128] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-10-23 25214] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-11 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-5-4 32768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Corel\\Corel Graphics 12\\Programs\\CorelDRW.exe"= "c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "g:\nexon\combatarms\Combat Arms EU\CombatArms.exe"= g:\nexon\combatarms\Combat Arms EU\CombatArms.exe:Enabled:CombatArms.exe "g:\nexon\combatarms\Combat Arms EU\Engine.exe"= g:\nexon\combatarms\Combat Arms EU\Engine.exe:Enabled:Engine.exe "g:\\Nexon\\combatarms\\Combat Arms EU\\NMService.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584] R3 cpuz129;cpuz129; [x] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Vitez\Desktop\New Folder\kerneld.wnt [2005-08-17 7168] S0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2004-07-08 44928] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800] S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200] S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\Drivers\ALIEHCI.sys [2005-02-21 83596] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896] S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\DRIVERS\AliRtHub.sys [2005-02-21 5331] S3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2009-04-22 c:\windows\Tasks\JkDefrag.job - c:\4321\defrag\JkDefrag.exe [2009-01-27 20:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: raiffeisenbank.rs\rol FF - ProfilePath - c:\documents and settings\Vitez\Application Data\Mozilla\Firefox\Profiles\npkc0gzo.default\ FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-22 17:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Vitez\Desktop\New Folder\kerneld.wnt" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(860) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-22 17:19 ComboFix-quarantined-files.txt 2009-04-22 15:19 ComboFix2.txt 2009-04-18 16:35 ComboFix3.txt 2009-04-18 15:24 ComboFix4.txt 2008-09-05 10:35 Pre-Run: 4.138.725.376 bytes free Post-Run: 4.162.928.640 bytes free 195 --- E O F --- 2009-04-15 01:03

Profil

dr_Bora Poslao: 22 Apr 2009 21:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda cisto. Preostalo je samo da deinstaliras ComboFix: Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus?

Ko je trenutno na forumu

Ukupno su 829 korisnika na forumu :: 50 registrovanih, 8 sakrivenih i 771 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Andrija357, ArchaBasha, Areal84, bankulen, cenejac111, comi_pfc, dejina811, Dimitrise93, Djole, drazenm, FOX, goxin, havoc995, HrcAk47, ikan, JOntra, Karla, kolle.the.kid, Kubovac, lord sir giga, Marko Marković, Mi lao shu, mile23, milenko crazy north, Milos ZA, Milos82, oldtimer, opt1, ozzy, pacika, Pakito93, Panter, pedja.st, Ripanjac, RJ, ruma, sasa76, Shinobi, solic, Srki94, Srle993, StepskiVuk, tubular, vlad4, Zimbabwe, zziko, |_MeD_|, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by