MyCity » Ambulanta -> Arhiva Ambulante » Salje se link ka virusu preko msn-a

Salje se link ka virusu preko msn-a

Napisano na dan: 24.7.2009

Strana:
1
2
3

Salje se link ka virusu preko msn-a

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Srki94 Poslao: 24 Jul 2009 23:41 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: HijackThis Log (Nije menjan naziv programa) https://www.mycity.rs/must-login.png I evo ga promenio sam ime hijackthis-u da se ne biste mucili da mi kazete za svaki slucaj da ima: https://www.mycity.rs/must-login.png Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:16 PM, on 7/24/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\WINDOWS\system32\svchost.exe D:\PROGRA~1\AVG\AVG8\avgemc.exe D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\Program Files\AVG\AVG8\avgcsrvx.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\RTHDCPL.EXE D:\PROGRA~1\AVG\AVG8\avgtray.exe D:\WINDOWS\PLFSetI.exe D:\WINDOWS\PLFSetL.exe D:\PROGRA~1\LAUNCH~1\LManager.exe D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\Program Files\Orbitdownloader\orbitdm.exe D:\Program Files\Orbitdownloader\orbitnet.exe D:\DOCUME~1\Srki94\LOCALS~1\Temp\RtkBtMnt.exe D:\Program Files\Windows Live\Contacts\wlcomm.exe D:\WINDOWS\system32\wuauclt.exe D:\PROGRA~1\AVG\AVG8\avgnsx.exe d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\AIMP2\AIMP2.exe D:\WINDOWS\system32\mdm.exe D:\Documents and Settings\Srki94\Desktop\srki.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkID=93227 R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [PLFSetI] D:\WINDOWS\PLFSetI.exe O4 - HKLM\..\Run: [PLFSetL] D:\WINDOWS\PLFSetL.exe O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - D:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1ca09bb174fde48-) (gupdate1ca09bb174fde48-) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 8165 bytes Imam bezicni 256Kb Mislim da treba da se promeni naziv(mislim da je taj program) . Ukoliko gresim izvinite hteo sam da pomognem. Znaci drugu stigne link od mene da skine neki Facebookspy, a ja naravno ne vidim to. I mislim da je virus.

Profil

dr_Bora Poslao: 25 Jul 2009 00:13 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Kako se to događa? Za vreme dok si ti ulogovan i chat-uješ sa njim ili dok si ti offline?

Profil

Srki94 Poslao: 25 Jul 2009 00:43 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa drugu je malo pre stigao jedan dok sam ulogovan. Mada ne sumnjam da se ne desava ni kad sam izlogovan. Pozdrav

Profil

dr_Bora Poslao: 25 Jul 2009 01:05 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Priloži taj izveštaj uz poruku korišćenjem opcije Prikači fajl. Skini program RSIT na Desktop: http://images.malwareremoval.com/random/RSIT.exe Pokreni ga dvoklikom a zatim klikni Continue. Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba). Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

Profil

Srki94 Poslao: 25 Jul 2009 01:36 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 25 Jul 2009 1:24 Evo radim sve sto si rekao. Ali umedjuvremenu se desilo sledece Otvorio mi se automatski link u FF, i avg odjednom izleteo sa izvestajem Trojanaca. Uzas. Evo slike. Uskoro i ovo sto si rekao da odradim. Dopuna: 25 Jul 2009 1:35 Evo ga prvi program report : https://www.mycity.rs/must-login.png Drugi report sam morao ka prikacim jer je preveliki da bi stao ovde. https://www.mycity.rs/must-login.png Dopuna: 25 Jul 2009 1:36 Evo i slike od pocetka posta. Ne znam zasto je nije uploadovao.

Profil

dr_Bora Poslao: 25 Jul 2009 10:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Srki94 Poslao: 25 Jul 2009 11:17 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-24.01 - Srki94 07/25/2009 10:56.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3067.2451 [GMT 2:00] Running from: d:\documents and settings\Srki94\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\pkxctdke.exe d:\documents and settings\Srki94\Application Data\bcrypt.html d:\recycler\S-1-5-21-5671311740-8453287066-442322941-7541 d:\recycler\S-1-5-21-5671311740-8453287066-442322941-7541\Desktop.ini d:\recycler\S-1-5-21-5671311740-8453287066-442322941-7541\nissan.exe d:\windows\system32\_000127_.tmp.dll d:\windows\system32\mdm.exe . ((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 ))))))))))))))))))))))))))))))) . 2009-07-25 06:12 . 2009-07-21 08:02 2052376 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-07-25 06:11 . 2009-07-21 08:02 2301208 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll 2009-07-25 06:11 . 2009-07-21 08:02 493336 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgtbapi.dll 2009-07-25 06:11 . 2009-07-21 08:02 3402008 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-07-25 06:11 . 2009-07-21 08:02 1204504 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll 2009-07-25 06:11 . 2009-07-21 08:02 3298072 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-07-25 06:11 . 2009-07-21 08:02 1107224 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll 2009-07-25 06:11 . 2009-07-21 08:02 337176 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll 2009-07-25 06:11 . 2009-07-21 08:02 829208 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-07-25 06:11 . 2009-07-21 08:02 906520 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe 2009-07-25 06:11 . 2009-07-21 08:02 353048 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll 2009-07-25 06:11 . 2009-07-21 08:02 2167576 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll 2009-07-25 01:15 . 2009-07-25 01:16 -------- d-----w- d:\program files\3D World Studio 2009-07-25 01:12 . 2009-07-25 01:12 -------- d-----w- d:\program files\IncaPro 2009-07-24 23:33 . 2009-07-24 23:34 -------- d-----w- d:\program files\trend micro 2009-07-24 23:33 . 2009-07-24 23:34 -------- d-----w- D:\rsit 2009-07-24 21:52 . 2009-07-24 21:52 -------- d-----w- D:\Temp 2009-07-24 21:49 . 2009-07-25 01:12 -------- d-----w- d:\program files\The Game Creators 2009-07-24 21:42 . 2009-07-24 23:14 -------- d-----w- d:\program files\EA GAMES 2009-07-24 21:42 . 2004-08-18 03:14 442368 ----a-r- d:\windows\system32\vp6vfw.dll 2009-07-23 21:37 . 2009-07-23 21:37 -------- d-----w- d:\program files\Rockstar Games 2009-07-23 20:46 . 2005-02-02 04:51 545 ----a-w- d:\windows\UC.PIF 2009-07-23 20:46 . 2005-02-02 04:51 545 ----a-w- d:\windows\RAR.PIF 2009-07-23 20:46 . 2005-02-02 04:51 545 ----a-w- d:\windows\PKZIP.PIF 2009-07-23 20:46 . 2005-02-02 04:51 545 ----a-w- d:\windows\PKUNZIP.PIF 2009-07-23 20:46 . 2005-02-02 04:51 545 ----a-w- d:\windows\NOCLOSE.PIF 2009-07-23 20:46 . 2005-02-02 04:51 545 ----a-w- d:\windows\LHA.PIF 2009-07-23 20:46 . 2005-02-02 04:51 545 ----a-w- d:\windows\ARJ.PIF 2009-07-23 18:17 . 2006-10-26 17:56 32592 ----a-w- d:\windows\system32\msonpmon.dll 2009-07-23 18:14 . 2009-07-23 18:14 -------- d-----w- d:\program files\Microsoft Works 2009-07-23 18:11 . 2009-07-23 18:11 -------- d-----w- d:\program files\Microsoft Visual Studio 8 2009-07-23 18:10 . 2009-07-23 18:14 -------- d-----w- d:\windows\SHELLNEW 2009-07-23 16:32 . 2009-06-14 14:07 1004800 ----a-w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-07-23 16:29 . 2009-07-23 16:29 500032 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll 2009-07-23 16:26 . 2009-07-23 16:26 -------- d-----w- d:\program files\Microsoft Web Designer Tools 2009-07-23 16:25 . 2009-07-23 16:25 -------- d--h--r- D:\MSOCache 2009-07-23 16:23 . 2009-07-23 16:23 112640 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll 2009-07-23 16:21 . 2009-07-23 16:21 -------- d-----w- d:\program files\Common Files\Merge Modules 2009-07-23 15:39 . 2008-07-10 15:28 50200 ----a-w- d:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2009-07-23 15:38 . 2008-07-10 15:28 79896 ----a-w- d:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2009-07-23 15:38 . 2009-07-23 15:38 -------- d-----w- d:\windows\system32\RsFx 2009-07-23 15:36 . 2009-07-23 15:36 -------- d-----w- d:\program files\MSXML 6.0 2009-07-23 15:33 . 2009-07-23 15:33 193824 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll 2009-07-23 15:02 . 2009-07-23 15:38 -------- d-----w- d:\program files\Microsoft SQL Server 2009-07-23 15:02 . 2009-07-23 15:02 -------- d-----w- d:\program files\Microsoft Silverlight 2009-07-23 15:02 . 2009-07-23 15:02 -------- d-----w- d:\program files\Microsoft Synchronization Services 2009-07-23 15:02 . 2009-07-23 15:02 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition 2009-07-23 15:01 . 2009-07-23 15:01 187328 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll 2009-07-23 15:01 . 2009-07-23 16:28 416 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2009-07-23 15:00 . 2009-07-23 15:00 -------- d-----w- d:\documents and settings\Srki94\Local Settings\Application Data\Microsoft Help 2009-07-23 14:59 . 2009-07-23 16:28 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0 2009-07-23 14:59 . 2009-07-23 15:36 -------- d-----w- d:\program files\Microsoft.NET 2009-07-23 14:59 . 2009-07-24 08:05 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-23 14:58 . 2009-07-23 14:58 -------- d-----w- d:\program files\Microsoft SDKs 2009-07-23 14:55 . 2009-07-24 07:56 -------- d-----w- d:\windows\LastGood 2009-07-23 14:55 . 2009-07-23 14:56 -------- d-----w- D:\183a55e098ecf8c0f3 2009-07-22 22:52 . 2009-07-22 22:52 -------- d-----w- d:\program files\Web Publish 2009-07-22 22:01 . 2009-07-22 22:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Adobe Systems 2009-07-22 22:01 . 2009-07-22 22:01 -------- d-----w- d:\program files\Common Files\Adobe Systems Shared 2009-07-22 08:24 . 2009-07-22 08:28 -------- d-----w- d:\documents and settings\Srki94\Local Settings\Application Data\BearShare 2009-07-22 08:23 . 2009-07-22 08:25 -------- d-----w- d:\program files\BearShare Applications 2009-07-22 08:02 . 2009-07-25 07:01 -------- d--h--w- D:\$AVG8.VAULT$ 2009-07-22 07:45 . 2009-07-22 07:45 -------- d-----w- d:\program files\(zabranjeno) 2009-07-22 07:30 . 2009-07-22 07:30 -------- d-----w- d:\documents and settings\Srki94\Application Data\Artisteer 2009-07-22 07:24 . 2009-07-22 07:32 -------- d-----w- d:\program files\Artisteer 2 2009-07-22 06:59 . 2009-07-22 06:59 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS 2009-07-22 06:59 . 2009-07-22 06:59 -------- d-----w- d:\program files\NOS 2009-07-22 04:48 . 2009-07-22 04:48 -------- d-----w- d:\documents and settings\Srki94\Application Data\RapidSMTP 2009-07-22 04:22 . 2009-07-22 04:35 -------- d-----w- d:\documents and settings\Srki94\Application Data\SendEmails.com 2009-07-22 03:56 . 2009-07-22 04:21 -------- d-----w- d:\program files\SendEmails.com 2009-07-22 02:49 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll 2009-07-22 02:49 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll 2009-07-22 02:49 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll 2009-07-22 02:49 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll 2009-07-22 02:49 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll 2009-07-22 02:35 . 2007-03-22 10:46 126976 ----a-w- d:\documents and settings\Srki94\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-07-22 02:27 . 2009-07-22 02:27 -------- d-----w- d:\program files\Windows Live Safety Center 2009-07-22 01:13 . 2009-07-24 02:56 -------- d-----w- d:\documents and settings\Srki94\Application Data\hm8platform 2009-07-22 01:10 . 2009-07-24 02:56 -------- d-----w- d:\program files\vahelp 2009-07-22 01:07 . 2009-07-22 01:07 -------- d-----w- D:\dx mart 2009-07-21 23:31 . 2009-07-24 23:47 -------- d-----w- d:\documents and settings\Srki94\Local Settings\Application Data\Adobe 2009-07-21 22:17 . 2009-07-21 22:17 -------- d-----w- d:\program files\Common Files\Adobe AIR 2009-07-21 22:16 . 2009-07-24 11:47 -------- d-----w- d:\program files\Common Files\Adobe 2009-07-21 19:31 . 2009-07-23 18:14 -------- d-----w- d:\program files\MSBuild 2009-07-21 19:31 . 2009-07-23 14:57 65800 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-21 19:28 . 2009-07-23 14:56 -------- d-----w- d:\windows\system32\XPSViewer 2009-07-21 19:28 . 2009-07-21 19:28 -------- d-----w- d:\program files\Reference Assemblies 2009-07-21 19:27 . 2006-06-29 11:07 14048 ------w- d:\windows\system32\spmsg2.dll 2009-07-21 19:14 . 2009-07-21 19:14 -------- d-----w- d:\program files\G4box 2009-07-21 17:52 . 2009-07-22 03:20 -------- d-----w- d:\documents and settings\Srki94\Application Data\temp 2009-07-21 17:50 . 2008-07-12 06:18 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll 2009-07-21 17:50 . 2009-07-21 17:50 -------- d-----w- d:\windows\Logs 2009-07-21 16:20 . 2009-07-21 16:29 -------- d-----w- d:\documents and settings\Srki94\Application Data\ImgBurn 2009-07-21 16:19 . 2009-07-21 16:19 -------- d-----w- d:\program files\ImgBurn 2009-07-21 16:06 . 2009-07-21 16:09 -------- d-----w- d:\documents and settings\Srki94\Local Settings\Application Data\Ahead 2009-07-21 16:03 . 2009-07-21 16:03 -------- d-----w- d:\documents and settings\Srki94\Application Data\Ahead 2009-07-21 16:02 . 2009-07-21 16:03 -------- d-----w- d:\program files\Common Files\Ahead 2009-07-21 16:02 . 2009-07-21 16:02 -------- d-----w- d:\program files\Nero 2009-07-21 15:32 . 2009-07-21 15:32 -------- d-----w- d:\program files\AIMP2 2009-07-21 14:36 . 2004-08-03 21:08 26496 -c--a-w- d:\windows\system32\dllcache\usbstor.sys 2009-07-21 13:53 . 2009-07-21 13:53 -------- d-----w- d:\documents and settings\Srki94\Application Data\Media Player Classic 2009-07-21 13:05 . 2009-07-22 22:32 -------- d-----w- d:\program files\COMODO 2009-07-21 09:39 . 2009-07-21 09:50 -------- d-----w- d:\documents and settings\Srki94\Local Settings\Application Data\Temp 2009-07-21 09:34 . 2009-07-21 09:34 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-07-21 08:02 . 2009-07-21 08:02 327688 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-07-21 08:02 . 2009-07-21 00:00 76040 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys 2009-07-21 08:02 . 2009-07-21 00:00 10520 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll 2009-07-21 08:02 . 2009-07-21 00:00 26824 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys 2009-07-21 08:02 . 2009-07-21 00:00 287000 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-07-21 08:02 . 2009-07-23 16:32 -------- d-----w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-07-21 08:02 . 2009-07-21 08:02 -------- d-----w- d:\documents and settings\LocalService\Application Data\AVGTOOLBAR 2009-07-21 07:28 . 2009-07-21 07:28 1454360 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-07-21 07:28 . 2009-07-21 07:28 1085208 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-07-21 07:28 . 2009-07-21 00:00 583960 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-07-21 07:28 . 2009-07-21 00:00 443672 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe 2009-07-21 04:24 . 2009-07-21 04:24 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-07-21 04:23 . 2009-07-21 15:29 -------- d-----w- d:\documents and settings\Srki94\Local Settings\Application Data\Google 2009-07-21 04:20 . 2009-07-21 04:20 -------- d-----w- d:\documents and settings\Srki94\Application Data\GrabPro 2009-07-21 03:32 . 2009-07-22 07:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater 2009-07-21 03:32 . 2009-07-21 05:20 -------- d-----w- d:\program files\Google 2009-07-21 02:33 . 2009-07-21 02:33 -------- d-s---w- d:\documents and settings\Srki94\UserData 2009-07-21 02:31 . 2009-07-21 02:31 -------- d-----w- d:\program files\LITEON 2009-07-21 02:30 . 2009-07-22 04:10 -------- d-----w- d:\windows\Downloaded Installations 2009-07-21 02:29 . 2008-02-22 09:49 110592 ----a-w- d:\windows\system32\SynTPCo4.dll 2009-07-21 02:29 . 2008-02-22 09:11 147456 ----a-w- d:\windows\system32\SynTPAPI.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-25 01:12 . 2009-07-20 23:12 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-07-24 08:04 . 2009-07-24 07:57 -------- d-----w- d:\program files\Microsoft DirectX SDK (August 2007) 2009-07-24 04:39 . 2009-07-20 22:55 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-07-24 01:33 . 2009-07-20 23:21 68848 ----a-w- d:\documents and settings\Srki94\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-22 22:24 . 2009-07-22 22:24 2678 ----a-w- d:\windows\java\Packages\Data\BZPVPF9J.DAT 2009-07-22 22:24 . 2009-07-22 22:24 2678 ----a-w- d:\windows\java\Packages\Data\9Z13T79V.DAT 2009-07-22 22:24 . 2009-07-22 22:24 2678 ----a-w- d:\windows\java\Packages\Data\2JPN7FZ9.DAT 2009-07-22 22:24 . 2009-07-22 22:24 2678 ----a-w- d:\windows\java\Packages\Data\75VJ35Z5.DAT 2009-07-21 19:33 . 2004-08-04 01:07 218624 ----a-w- d:\windows\system32\uxtheme.dll 2009-07-21 13:52 . 2009-07-21 13:52 -------- d-----w- d:\program files\K-Lite Codec Pack 2009-07-21 02:29 . 2009-07-20 23:12 -------- d-----w- d:\program files\Common Files\InstallShield 2009-07-21 02:25 . 2009-07-21 02:25 -------- d-----w- d:\program files\Common Files\snp2uvc 2009-07-20 23:43 . 2009-07-20 23:43 -------- d-----w- d:\program files\Common Files\Windows Live 2009-07-20 23:30 . 2009-07-20 23:30 -------- d-----w- d:\program files\WIDCOMM 2009-07-20 23:29 . 2009-07-20 23:29 -------- d-----w- d:\program files\Marvell 2009-07-20 23:12 . 2009-07-20 23:12 -------- d-----w- d:\program files\Realtek 2009-07-20 23:12 . 2009-07-20 23:12 315392 ----a-w- d:\windows\HideWin.exe 2009-07-20 23:09 . 2009-07-20 23:08 -------- d-----w- d:\program files\AGEIA Technologies 2009-07-20 23:06 . 2009-07-20 23:06 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard 2009-07-20 22:57 . 2009-07-20 22:57 -------- d-----w- d:\documents and settings\Srki94\Application Data\AVG8 2009-07-20 22:56 . 2009-07-20 22:56 -------- d-----w- d:\program files\microsoft frontpage 2009-07-20 22:52 . 2009-07-20 22:52 21640 ----a-w- d:\windows\system32\emptyregdb.dat 2009-06-02 16:11 . 2009-07-21 13:52 85504 ----a-w- d:\windows\system32\ff_vfw.dll 2009-05-29 21:37 . 2009-07-21 13:52 205824 ----a-w- d:\windows\system32\xvidvfw.dll 2009-05-29 21:31 . 2009-07-21 13:52 881664 ----a-w- d:\windows\system32\xvidcore.dll 2009-05-01 21:02 . 2009-07-21 13:52 90112 ----a-w- d:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-07-21 13:52 685056 ----a-w- d:\windows\system32\divx.dll 2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- d:\windows\system32\nvcplui.exe 2009-04-30 20:02 . 2009-07-20 23:04 457248 ----a-w- d:\windows\system32\nvudisp.exe 2009-04-30 20:02 . 2009-04-30 20:02 9994240 ----a-w- d:\windows\system32\nvoglnt.dll 2009-04-30 20:02 . 2009-04-30 20:02 806912 ----a-w- d:\windows\system32\nvapi.dll 2009-04-30 20:02 . 2009-04-30 20:02 8055584 ----a-w- d:\windows\system32\drivers\nv4_mini.sys 2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- d:\windows\system32\nvcuvid.dll 2009-04-30 20:02 . 2009-04-30 20:02 5896320 ----a-w- d:\windows\system32\nv4_disp.dll 2009-04-30 20:02 . 2009-04-30 20:02 1720320 ----a-w- d:\windows\system32\nvcuda.dll 2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- d:\windows\system32\nvdata.bin 2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcodins.dll 2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcod.dll 2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- d:\windows\system32\nvcuvenc.dll 2009-06-24 13:26 . 2009-07-20 23:25 137208 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 14:07 1004800 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-21 39408] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "AzMixerSel"="d:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-21 1948440] "PLFSetI"="d:\windows\PLFSetI.exe" [2007-10-23 200704] "PLFSetL"="d:\windows\PLFSetL.exe" [2007-07-05 94208] "LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2008-03-31 793096] "SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192] "NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-04-30 1657376] "RTHDCPL"="RTHDCPL.EXE" - d:\windows\Rthdcpl.exe [2008-04-18 16861696] d:\documents and settings\Srki94\Start Menu\Programs\Startup\ Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] d:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176] Orbit.lnk - d:\program files\Orbitdownloader\orbitdm.exe [2009-7-21 1719496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-21 08:02 11952 ----a-w- d:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "d:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "d:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "d:\\Program Files\\Valve\\hl.exe"= "d:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "d:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\Mozilla Firefox\\firefox.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [7/21/2009 2:00 AM 335752] R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [7/21/2009 2:00 AM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [7/21/2009 10:02 AM 907032] R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [7/21/2009 10:02 AM 298776] S2 gupdate1ca09bb174fde48;Google Update Service (gupdate1ca09bb174fde48-);d:\program files\Google\Update\GoogleUpdate.exe [7/21/2009 6:24 AM 133104] S2 spupdsvc;Windows Service Pack Installer update service;d:\windows\system32\spupdsvc.exe [7/21/2009 1:12 AM 26488] S3 axvdkbus;axvdkbus;d:\windows\system32\drivers\axvdkbus.sys [2/25/2003 8:43 PM 8672] S3 axvodka;axvodka;d:\windows\system32\drivers\axvodka.sys [2/27/2003 6:50 PM 102272] S3 getPlus(R) Helper;getPlus(R) Helper;d:\program files\NOS\bin\getPlus_HelperSvc.exe [7/22/2009 8:59 AM 66056] S3 JMCR;JMCR;d:\windows\system32\drivers\jmcr.sys [6/21/2009 1:10 PM 81296] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;d:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128] S4 RsFx0102;RsFx0102 Driver;d:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);d:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688] --- Other Services/Drivers In Memory --- NewlyCreated - FONTCACHE3.0.0.0 NewlyCreated - MSSQL$SQLEXPRESS NewlyCreated - OSE NewlyCreated - SQLWRITER . Contents of the 'Scheduled Tasks' folder 2009-07-25 d:\windows\Tasks\Google Software Updater.job - d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 03:32] 2009-07-24 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:23] 2009-07-25 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:23] . - - - - ORPHANS REMOVED - - - - Notify-AWinNotifyVitaKey MC3000 - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://search.orbitdownloader.com IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - d:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FF - ProfilePath - d:\documents and settings\Srki94\Application Data\Mozilla\Firefox\Profiles\0xq4cnka.srki94\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.srki94.webs.com/ FF - plugin: d:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: d:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-25 10:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-07-25 11:00 ComboFix-quarantined-files.txt 2009-07-25 09:00 Pre-Run: 133,723,541,504 bytes free Post-Run: 134,625,812,480 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 361 Ceo izvestaj. Samo zove se Log a ne Combo Fix.

Profil

dr_Bora Poslao: 25 Jul 2009 11:26 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:Samo zove se Log a ne Combo Fix. Siguran u to? Upload-uj file: D:\Qoobox\Quarantine\D\WINDOWS\system32\mdm.exe.vir preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

Srki94 Poslao: 25 Jul 2009 11:39 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! dr_Bora ::Citat:Samo zove se Log a ne Combo Fix. Siguran u to? Upload-uj file: D:\Qoobox\Quarantine\D\WINDOWS\system32\mdm.exe.vir preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Sto se tice uploada : Vas fajl je uspesno uploadovan. Molimo Vas da u temi u kojoj je od Vas zahtevano da uploadujete fajl, obavestite lice koje Vam pomaze da ste to uspesno uradili. Hvala Vam. Sto se tice da se zove log, i mene zbunjuje. Kada je zavrsio scan izasao je log u txt koji sam iskopirao. I ako smem da pitam sta je to qoobox?

Profil

dr_Bora Poslao: 25 Jul 2009 11:55 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: qoobox je folder kreiran tokom prethodnog postupka (i biće obrisan kada završimo). Raspakuj https://www.mycity.rs/must-login.png u folder d:\windows\system32 . Imaš neki flash drive? Ako da, onda uradi sledeće... Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Salje se link ka virusu preko msn-a

Ko je trenutno na forumu

Ukupno su 798 korisnika na forumu :: 35 registrovanih, 7 sakrivenih i 756 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., bankulen, Bobrock1, Boris BM, Brana01, darkangel, Dimitrise93, Djokislav, dushan, galerija, Georgius, Karla, ksyyaj, laurusri, Leonov, Marko Marković, mercedesamg, Mlav, nebojsag, Oscar, pein, rodoljub, ruger357, sasa87, Shinobi, Sirius, Srle993, stalja, stegonosa, Tvrtko I, uruk, vathra, vladaa012, zlaya011, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by