Problem oko mrezne kartice

1

Problem oko mrezne kartice

offline
  • Pridružio: 15 Maj 2010
  • Poruke: 9

Evo ovako:
Doneo mi ortak neki racunar i kaze da mu se restartuje racunar kada pokrene neki pretrazivac za internet. Upalim ga ja, kada pokrenem pretrazivac Chrome je bio u pitanju, on krene da otvara stranicu i samo se restartuje komp, drugi put pokusam sa operom, on opet restaruje. Kada je treci put podigao sistem, dole pise ona ikonica za internet Limited Or No Connectivity bla bla bla (sada ne znam napamet sta ide dalje, ali ono standardno sto izbacuje kada nemas konekciju.

Ubacim ja kabel za internet kod mene, radi savrseno. Iskljucim ja integrisanu mreznu karticu (Realtek je u pitanju, oznaku posle vikenda, ako neko ogovori Very Happy) u biosu, ubacim neku Dlink (oznaka -Sad ) mreznu karticu, koju pre toga proverim kod mene na racunaru i ona radi, kada ubacim kod njega ono opet pokazuje Limited Or No Connectivity bla bla bla.

Pitao sam neke ljude sto se bave tim mrezama, kazu da im se to prvi put desava, nikad nisu culi. Kazu mozda je virus, ili kazu mi da ubacim novu windozu-sto mi je ipak malo mrkotrpni posao i dosadan. Ipak bi ja prvo da proverim ovako ako zna neko sta je u pitanju, ako ne onda da probam sa cistom instalacijom.

Imam SBB internet kablovski 6 mega protok, Ploca je Gigabyte Ga8I865GME-775 RM, procesot je neki celeron 1.7 cini mi se i grafika FX5200 tako nesto, Sada napajanje otiso mu ventilator pozadi, slabo nesto okrece (zameni cu ga,ali tesko da je do njega, ali postoji svakavih slucajeva), ali pustio sam neki jaci FULL HD film, od 2 sata, ma kakavi nije ni zakocio. Izbrisao sam NOD antivirus jer sam imao slucajeva da i on ponekad zablokira konekciju, i poiskljucivao one firewall i one sve opcije sto ima internet explorer, odnosno tamo podesavanja za zastitu.
Iskljucio sam i sve gluposti u system tray, ali opet nema neta.

Nigde na internetu nisam uspeo da nadjem neko koliko toliko dobro objasnjenje. Moze neka pomoc ?

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Pozdrav kristijan980


Moraces da detaljno procitas Uputstvo za otvaranje teme: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html i u skladu sa tim,da dostavis odgovarajuce logove.


NIx Car (AMF Tim)

offline
  • Pridružio: 15 Maj 2010
  • Poruke: 9

Evo kao dodatak ono sto pise da treba da se uradi, uradio sam po upustvu, ubacicu jos i skeniranje sto sam uradio ESET Nod antivirus da proverim da slucajno neki virus nije napao.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by Djordjevic Milos at 18:39:39 on 2012-04-11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.178 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Djordjevic Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Djordjevic Milos\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Total Commander XP\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
BHO: {00000ef1-0786-4633-87c6-1aa7a44296da} - F1 Organizer Class
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\djordjevic milos\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [FacebookUpadate] c:\windows\facebookupadate\server.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "c:\documents and settings\djordjevic milos\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe" /md I
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [FacebookUpadate] c:\windows\facebookupadate\server.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uExplorerRun: [Policies] c:\windows\facebookupadate\server.exe
mExplorerRun: [Policies] c:\windows\facebookupadate\server.exe
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {727EY06L-GY5N-2JO8-NS7H-O1MNBNWXPR7U} - c:\windows\facebookupadate\server.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\djordjevic milos\application data\mozilla\firefox\profiles\n8phf8yf.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr
FF - component: c:\documents and settings\djordjevic milos\application data\mozilla\firefox\profiles\n8phf8yf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\djordjevic milos\application data\mozilla\firefox\profiles\n8phf8yf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\djordjevic milos\application data\mozilla\firefox\profiles\n8phf8yf.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\djordjevic milos\desktop\picasa3\npPicasa3.dll
FF - plugin: c:\documents and settings\djordjevic milos\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\djordjevic milos\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-7-30 33952]
.
=============== Created Last 30 ================
.
2012-04-11 14:46:32 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-04 16:59:13 -------- d-----w- c:\program files\D-Link
2012-04-04 16:55:47 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2012-04-04 16:55:47 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2012-03-28 16:56:39 -------- d-----w- c:\program files\The KMPlayer
2012-03-28 16:56:21 79360 ----a-w- c:\windows\system32\ff_vfw.dll
.
==================== Find3M ====================
.
2012-02-16 18:28:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 18:28:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM3802110A rev.3.AAK -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x825CE550]<<
_asm { MOV EAX, 0x825ce470; XCHG [ESP], EAX; PUSH EAX; PUSH 0x825d1eb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x8258CAB8]
\Driver\Disk[0x82584A08] -> IRP_MJ_CREATE -> 0x825CE550
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x825ce550
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 18:40:20.85 ===============





mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

E to bi bilo to, nadam se da je sad sve ok, i da mozete barem priblizno bilo sta da kazete Very Happy
U protivnom moracu formar C:\ Very Happy
Hvala !!!

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe

Pokreni MyCity.exe i klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

Ukoliko program bude zatražio restart sistema dozvoli mu to.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)



---------------------------------------


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 15 Maj 2010
  • Poruke: 9

Napisano: 18 Apr 2012 15:01

Evo i ova dva loga sto ste rekli u predhodnoj poruci dostavljam


mycity.rs/must-login.png

mycity.rs/must-login.png



ComboFix 12-04-17.01 - Djordjevic Milos 04/18/2012 14:27:31.1.1 - x86
Running from: c:\documents and settings\Djordjevic Milos\Desktop\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Djordjevic Milos\Application Data\Djordjevic Milos3SQLite3.dll
c:\documents and settings\Djordjevic Milos\Application Data\Djordjevic Miloslog.dat
c:\documents and settings\Djordjevic Milos\Application Data\facemoods.com
c:\documents and settings\Djordjevic Milos\Application Data\Local
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_NEW.divx.ddr
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(10).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(11).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(12).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(13).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(14).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(15).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(16).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(9).ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Djordjevic Milos\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_NEW.divx
c:\documents and settings\Djordjevic Milos\Recent\Thumbs.db
c:\documents and settings\Djordjevic Milos\WINDOWS
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\uninstall.exe
c:\windows\FacebookUpadate
c:\windows\FacebookUpadate\server.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Drivers\oreans32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_oreans32
-------\Service_oreans32
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-04 16:59 . 2012-04-04 16:59 -------- d-----w- c:\program files\D-Link
2012-04-04 16:55 . 2001-08-17 10:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2012-04-04 16:55 . 2001-08-17 10:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2012-03-28 16:56 . 2012-03-28 16:57 -------- d-----w- c:\program files\The KMPlayer
2012-03-28 16:56 . 2011-12-20 16:50 79360 ----a-w- c:\windows\system32\ff_vfw.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 18:28 . 2012-02-16 18:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 18:28 . 2011-03-11 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-01-27 137536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-23 5537792]
"nwiz"="nwiz.exe" [2005-02-23 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-23 86016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 5:11 PM 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/28/2006 5:39 PM 664064]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003Core.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-27 18:50]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003UA.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-27 18:50]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003Core.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 07:26]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003UA.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 07:26]
.
2011-03-01 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-FacebookUpadate - c:\windows\FacebookUpadate\server.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
HKLM-Run-FacebookUpadate - c:\windows\FacebookUpadate\server.exe
MSConfigStartUp-zzGBK - D:\Setup.exe
AddRemove-Axuus - c:\program files\Axuus\Uninstall.exe
AddRemove-Big Money Deluxe 1.22 - c:\program files\PopCap Games\Big Money Deluxe\PopUninstall.exe
AddRemove-Dart 'm Up - c:\progra~1\DART'M~1\UNINSTALL\UNINSTALL.EXE
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\uninstall.exe
AddRemove-Penguinball1.0 - c:\windows\iun6002.exe
AddRemove-Rule the Rail! - c:\program files\BrainBombers\Rule the Rail!\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-04-18 14:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1326574676-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-18 14:53:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 12:53
.
Pre-Run: 7,403,855,872 bytes free
Post-Run: 11,124,776,960 bytes free
.
- - End Of File - - 4AE4F311A14175B9EFA924E5946D3120




mycity.rs/must-login.png

Dopuna: 18 Apr 2012 15:02

Medjutim kada je combofix trazio da se instalira neka konzola, nije instalirao posto trazi internet konekciju. A kod mene je problem kao i sto sam objasnio do mrezne, tako da nemam insternet Sad

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi MBRCheck sa sledece adrese na Desktop:

MBRCheck Download Link
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:

Deaktiviraj zastitni softver (uputstvo)
Pokreni program dvoklikom
Ukoliko program detektuje neke nepravilnosti u MBR-u: Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit;u tom slucaju pritisni N pa Enter(dva puta)
Ukoliko nista nije nadjeno (Done!Press ENTER to exit...) pritisni Enter (jednom)

Na Desktop-u bi nakon ovog postupka trebalo da se pojavi txt fajl pod nazivom MBRCheck_mm.dd.yy_hh.mm.ss
(mm.dd.yy.hh.mm.ss < -- oznacavaju datum i vreme pokretanja programa)

Sadrzaj ovog txt fajla iskopirati u sledecoj poruci
Dvoklikom otvoriti MBRCheck_mm.dd.yy_hh.mm.ss.txtklikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

offline
  • Pridružio: 15 Maj 2010
  • Poruke: 9

Evo saljem i ovaj MBRChek


mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

DDS::
uStart Page = hxxp://start.facemoods.com/?a=ddr

Firefox::
FF - ProfilePath - c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

RegNull::
[HKEY_USERS\S-1-5-21-776561741-1326574676-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Maj 2010
  • Poruke: 9

Evo

mycity.rs/must-login.png


ComboFix 12-04-17.01 - Djordjevic Milos 04/19/2012 12:45:53.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.276 [GMT 2:00]
Running from: c:\documents and settings\Djordjevic Milos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Djordjevic Milos\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But2.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fbhome.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fbmsgs.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fbphotos.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fbprofile.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fbsettings.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fbshare.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\fbuploads.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\ibario_ball.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\JSonButtons.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\Loader.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\PPCB.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\prefman.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\utils.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\install.rdf
c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\extensions\ffxtlbr@Facemoods.com\vssver.scc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-04 16:59 . 2012-04-04 16:59 -------- d-----w- c:\program files\D-Link
2012-04-04 16:55 . 2001-08-17 10:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2012-04-04 16:55 . 2001-08-17 10:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2012-03-28 16:56 . 2012-03-28 16:57 -------- d-----w- c:\program files\The KMPlayer
2012-03-28 16:56 . 2011-12-20 16:50 79360 ----a-w- c:\windows\system32\ff_vfw.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 18:28 . 2012-02-16 18:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 18:28 . 2011-03-11 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-18_12.47.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-19 10:40 . 2012-04-19 10:40 16384 c:\windows\Temp\Perflib_Perfdata_58c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-01-27 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-23 5537792]
"nwiz"="nwiz.exe" [2005-02-23 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-23 86016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 5:11 PM 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/28/2006 5:39 PM 664064]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003Core.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-27 18:50]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003UA.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-27 18:50]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003Core.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 07:26]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1326574676-725345543-1003UA.job
- c:\documents and settings\Djordjevic Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 07:26]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Djordjevic Milos\Application Data\Mozilla\Firefox\Profiles\n8phf8yf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-04-19 12:59
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1326574676-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-04-19 13:03:54
ComboFix-quarantined-files.txt 2012-04-19 11:03
ComboFix2.txt 2012-04-18 12:53
.
Pre-Run: 11,129,446,400 bytes free
Post-Run: 11,116,359,680 bytes free
.
- - End Of File - - 2DD2657ABD805F32BEEA322511489FBA

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kakvo je stanje sada?

Opisi mi.

Ko je trenutno na forumu
 

Ukupno su 578 korisnika na forumu :: 8 registrovanih, 1 sakriven i 569 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ageofloneliness, AMCXXL, Japidson, Koridor, M1los, mrav pesadinac, Ognjen D., zlaya011