Možda tražite i:
Facebook virus
Facebook virus?
Imam problem... virus na facebook-u !!! Help

MyCity » Ambulanta -> Arhiva Ambulante » Virus na facebook-u

Virus na facebook-u

Napisano na dan: 24.2.2012

Virus na facebook-u

Sledeća strana

Pagination

Odgovori

SLOBODANiSANjA MIHAJLOV Poslao: 24 Feb 2012 19:45 Idi na vrh
offline SLOBODANiSANjA MIHAJLOV Novi MyCity građanin Pridružio: 24 Feb 2012 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: - Stalno mi se pojavljuje na profilu virus, u vidu posta, koji sam taguje ljude. - Taj problem se pojavio juče. - Antivirus uopšte nije reagovao na taj virus. - Pokušao sam da pronađem taj virus preko antivirusa, i obrisao sam mail preko kojeg mi je stigao virus. - Imam kablovski internet, brzina je 100 Mbps [Link mogu videti samo ulogovani korisnici] . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30 Run by Administrator at 18:25:13 on 2012-02-24 Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.959.322 [GMT 1:00] . AV: AntiVir Desktop Disabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ask.com\Updater\Updater.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\ExpressFiles\ExpressFiles.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uWindow Title = IE uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [GEST] m‘\|Ìû mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [<NO NAME>] mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMMyPictures = 1 (0x1) uPolicies-explorer: NoSMHelp = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0) mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0) dPolicies-explorer: NoSMMyPictures = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: &Search - [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - [Link mogu videti samo ulogovani korisnici] DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [Link mogu videti samo ulogovani korisnici] DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] TCP: DhcpNameServer = 87.250.33.21 87.250.33.22 TCP: Interfaces\{0467B775-5550-4A5D-8DE2-7852A46264DC} : DhcpNameServer = 87.250.33.21 87.250.33.22 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll AppInit_DLLs: SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {34A19196-274E-4D75-9D30-D7A45A0A4178} - "c:\program files\windows sidebar\.\regsvr32.exe" /s wlsrvc.dll mASetup: {6B9228DA-9C15-419e-856C-19E768A13BDC} - "c:\program files\windows sidebar\.\regsvr32.exe" /s sbdrop.dll mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - c:\windows\system32\hidec /w "c:\program files\vaioxp\tools\regtlib.exe" "c:\program files\windows sidebar\sidebar.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\administrator\application data\mozilla\firefox\profiles\s5swqfcn.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-10-14 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-14 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-14 269480] R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-2-6 748440] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-14 66616] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-2-19 54760] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-16 136176] S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2011-12-1 34320] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-16 136176] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688] . =============== File Associations =============== . inffile=c:\windows\system32\NOTEPAD2.EXE %1 inifile=c:\windows\system32\NOTEPAD2.EXE %1 txtfile=c:\windows\system32\NOTEPAD2.EXE %1 . =============== Created Last 30 ================ . 2012-02-19 15:53:28 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2012-02-19 15:33:58 74520 ----a-w- c:\program files\common files\windows live\.cache\e57ea4c81ccef1b\DSETUP.dll 2012-02-19 15:33:58 484632 ----a-w- c:\program files\common files\windows live\.cache\e57ea4c81ccef1b\DXSETUP.exe 2012-02-19 15:33:58 1670936 ----a-w- c:\program files\common files\windows live\.cache\e57ea4c81ccef1b\dsetup32.dll 2012-02-19 15:33:39 1013800 ----a-w- c:\program files\common files\windows live\.cache\da9dea281ccef1b\WindowsXP-KB954708-x86-ENU.exe 2012-02-19 00:46:48 -------- d-----w- c:\users\administrator\application data\Search Settings 2012-02-19 00:46:43 -------- d-----w- c:\program files\Application Updater 2012-02-19 00:46:42 -------- d-----w- c:\program files\YouTube Downloader Toolbar 2012-02-19 00:46:42 -------- d-----w- c:\program files\common files\Spigot 2012-02-03 22:49:00 -------- d-----w- c:\users\all users\application data\KONAMI . ==================== Find3M ==================== . 2012-02-17 11:14:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-22 12:39:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-22 12:39:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-01 10:14:09 38320 ----a-w- c:\windows\system32\f3PSSavr.scr . ============= FINISH: 18:25:22.96 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

1l padr1n0 Poslao: 24 Feb 2012 22:12 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: mcrule Registruj se da bi pohvalio/la poruku! Pozdrav SLOBODANiSANjA MIHAJLOV! Korak 1 Start -> Control Panel -> Add or Remove programs -> deinstaliraj sledece: Adobe Flash Player 9 ActiveX (imas noviju verziju), Ask Toolbar, Ask Toolbar Updater, Google Toolbar for Internet Explorer, My Web Search (MyWebFace), Windows iLivid Toolbar, Windows Live Toolbar, YouTube Downloader Toolbar v5.0 U pitanju su toolbar-ovi koje verovatno ne koristis a drasticno usporavaju pretrazivac i internet. Kada ovo zavrsis onda ... Korak 2 Preuzmite program OTL sa donjeg linka na Desktop: OTL download Kliknite dati link - u prozoru koji se otvori, kliknite Save; kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save. Dvoklikom pokrenite OTL; kliknite Run Scan; po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u. Priložite izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl. goran9888 (AMF Tim)

Profil

SLOBODANiSANjA MIHAJLOV Poslao: 25 Feb 2012 01:04 Idi na vrh
offline SLOBODANiSANjA MIHAJLOV Novi MyCity građanin Pridružio: 24 Feb 2012 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: OTL logfile created on: 25/02/2012 12:56:43 AM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Administrator\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000C09 \| Country: Australia \| Language: ENA \| Date Format: d/MM/yyyy 959.48 Mb Total Physical Memory \| 371.43 Mb Available Physical Memory \| 38.71% Memory free 2.26 Gb Paging File \| 1.69 Gb Available in Paging File \| 74.58% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 29.29 Gb Total Space \| 12.54 Gb Free Space \| 42.82% Space Free \| Partition Type: NTFS Drive D: \| 119.75 Gb Total Space \| 23.90 Gb Free Space \| 19.96% Space Free \| Partition Type: NTFS Computer Name: LASTXP \| User Name: Administrator \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/25 00:56:33 \| 000,583,680 \| ---- \| M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2011/12/28 23:02:03 \| 000,326,776 \| ---- \| M] (http://www.express-files.com/) -- C:\Program Files\ExpressFiles\ExpressFiles.exe PRC - [2011/12/21 08:24:51 \| 000,924,632 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/12/01 11:14:09 \| 000,038,408 \| ---- \| M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE PRC - [2011/07/21 02:12:16 \| 000,269,480 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/20 21:54:05 \| 000,076,968 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/04/20 21:53:48 \| 000,136,360 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/20 21:53:33 \| 000,281,768 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/11/13 09:33:54 \| 000,097,128 \| ---- \| M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe PRC - [2007/03/14 05:33:11 \| 001,656,832 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/04/27 04:59:24 \| 000,241,725 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe ========== Modules (No Company Name) ========== MOD - [2012/02/17 12:14:30 \| 008,527,008 \| ---- \| M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011/12/21 08:24:51 \| 002,124,760 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/07/21 05:12:31 \| 000,355,688 \| ---- \| M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2007/03/11 05:18:49 \| 002,655,744 \| ---- \| M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2006/10/31 07:35:00 \| 000,466,944 \| ---- \| M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006/10/31 07:35:00 \| 000,196,608 \| ---- \| M] () -- C:\WINDOWS\system32\nvapi.dll MOD - [2006/10/26 03:56:46 \| 000,757,008 \| ---- \| M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2006/04/12 04:42:34 \| 000,114,688 \| ---- \| M] () -- C:\WINDOWS\system32\ShellExt\BrowserBack.dll MOD - [2006/04/12 04:42:18 \| 000,114,688 \| ---- \| M] () -- C:\WINDOWS\system32\ShellExt\SelectAll.dll MOD - [2006/04/12 04:40:44 \| 000,114,688 \| ---- \| M] () -- C:\WINDOWS\system32\ShellExt\HiddenFilesToggle.dll MOD - [2006/04/12 04:40:08 \| 000,114,688 \| ---- \| M] () -- C:\WINDOWS\system32\ShellExt\FileExtToggle.dll MOD - [2004/08/04 02:07:00 \| 000,059,904 \| ---- \| M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2004/08/04 02:07:00 \| 000,014,336 \| ---- \| M] () -- C:\WINDOWS\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled \| Stopped] -- -- (HidServ) SRV - [2011/07/21 02:12:16 \| 000,269,480 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/20 21:53:48 \| 000,136,360 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2005/04/27 04:59:24 \| 000,241,725 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) ========== Driver Services (SafeList) ========== DRV - [2011/10/16 00:05:00 \| 000,015,600 \| ---- \| M] (Windows (R) 2000 DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2011/10/13 11:11:11 \| 000,010,368 \| ---- \| M] (Padus, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2011/10/13 11:02:58 \| 000,648,952 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011/07/21 02:15:21 \| 000,138,192 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/21 02:15:19 \| 000,066,616 \| ---- \| M] (Avira GmbH) [File_System \| Auto \| Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/17 05:27:22 \| 000,028,520 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/17 05:27:12 \| 000,011,608 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010/04/28 07:44:02 \| 000,054,760 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/12/11 10:24:20 \| 004,959,232 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/07/10 02:49:14 \| 000,242,712 \| ---- \| M] (Microsoft Corporation) [File_System \| Disabled \| Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2007/04/16 06:46:34 \| 000,033,792 \| ---- \| M] (Advanced Micro Devices) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/03/11 05:40:49 \| 000,100,736 \| ---- \| M] (NVIDIA Corporation) [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus) DRV - [2006/11/27 06:33:54 \| 000,019,968 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/11/27 06:33:50 \| 000,058,368 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/10/18 06:31:38 \| 000,105,472 \| ---- \| M] (NVIDIA Corporation) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006/02/25 06:13:06 \| 000,016,877 \| ---- \| M] (Adaptec) [Kernel \| System \| Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) DRV - [2001/08/17 03:51:32 \| 000,018,688 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "iLivid Web Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=GRxdm035YYRS&ptb=YhPH0CRJm5M68kaSVlJcjQ&n=77ed0492" FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.ftp: "201.30.179.132" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "201.30.179.132" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "201.30.179.132" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "201.30.179.132" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "201.30.179.132" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "iLivid Web Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "iLivid Web Search" FF - prefs.js..browser.startup.homepage: "http://b92.net/sport" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/05 01:53:08 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/22 13:39:12 \| 000,000,000 \| ---D \| M] [2011/10/22 22:53:23 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Extensions [2012/02/25 00:53:48 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions [2011/10/13 11:12:20 \| 000,000,000 \| ---D \| M] ("CuteMenus - Crystal SVG") -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2011/10/13 11:12:20 \| 000,000,000 \| ---D \| M] (IE Tab) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011/10/13 11:12:20 \| 000,000,000 \| ---D \| M] ("MR Tech Local Install") -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} [2011/10/13 11:12:20 \| 000,000,000 \| ---D \| M] ("Print Preview") -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{a1f99b9c-30d3-4848-a646-afd282011a72} [2011/10/13 11:12:20 \| 000,000,000 \| ---D \| M] (Blue Ice) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2011/12/01 01:35:56 \| 000,000,000 \| ---D \| M] (SweetIM Toolbar for Firefox) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011/10/14 14:29:10 \| 000,000,000 \| ---D \| M] (United States English Spellchecker) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\en-US@dictionaries.addons.mozilla.org [2011/10/13 11:12:20 \| 000,000,000 \| ---D \| M] ("Adblock Filterset.G Updater") -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\filtersetg@updater [2011/10/13 11:12:20 \| 000,000,000 \| ---D \| M] ("VideoDownloader") -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\videodowloader@videodownloader.net [2011/10/21 14:10:39 \| 000,002,520 \| ---- \| M] () -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\searchplugins\SearchResults.xml [2011/12/01 01:35:50 \| 000,003,915 \| ---- \| M] () -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\searchplugins\sweetim.xml [2012/01/22 13:39:13 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/07 16:53:57 \| 000,000,000 \| ---D \| M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/01/22 13:39:13 \| 000,000,000 \| ---D \| M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012/01/22 13:39:04 \| 000,000,000 \| ---D \| M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF () (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5SWQFCN.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI () (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5SWQFCN.DEFAULT\EXTENSIONS\{3E9BB2A7-62CA-4EFA-A4E6-F6F6168A652D}.XPI () (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5SWQFCN.DEFAULT\EXTENSIONS\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}.XPI () (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5SWQFCN.DEFAULT\EXTENSIONS\{AF79F858-4B25-4CA4-822B-B5DB1BE628FC}.XPI () (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5SWQFCN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5SWQFCN.DEFAULT\EXTENSIONS\YOUTUBE@2YOUTUBE.COM.XPI [2011/12/21 08:24:52 \| 000,121,816 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/01/22 13:39:04 \| 000,476,904 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/07/11 22:48:12 \| 000,012,800 \| ---- \| M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011/12/21 05:30:41 \| 000,002,252 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/21 14:10:39 \| 000,002,520 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2011/12/21 05:30:41 \| 000,002,040 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2004/08/04 02:07:00 \| 000,000,734 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/) O4 - HKLM..\Run: [GEST] m‘\|Ìû File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\RunOnce: [MyWebSearch bar Uninstall] C:\Program Files\Uninstall Fun Web Products.dll (MyWebSearch.com) O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} [Link mogu videti samo ulogovani korisnici] (Dldrv2 Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [Link mogu videti samo ulogovani korisnici] (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.250.33.21 87.250.33.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0467B775-5550-4A5D-8DE2-7852A46264DC}: DhcpNameServer = 87.250.33.21 87.250.33.22 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/10/13 11:02:56 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/25 00:56:35 \| 000,583,680 \| ---- \| C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012/02/25 00:52:17 \| 000,824,840 \| ---- \| C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll [2012/02/24 18:16:24 \| 000,000,000 \| R--D \| C] -- C:\Users\Administrator\Start Menu\Programs\Administrative Tools [2012/02/24 18:15:59 \| 000,607,260 \| R--- \| C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr [2012/02/23 12:28:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Administrator\Desktop\anja [2012/02/19 16:53:36 \| 000,000,000 \| ---D \| C] -- C:\Users\All Users\Start Menu\Programs\Microsoft Office Live Add-in [2012/02/19 16:53:28 \| 000,054,760 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys [2012/02/19 16:53:00 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Sync Framework [2012/02/19 01:46:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Spigot [2012/02/08 23:21:21 \| 000,000,000 \| ---D \| C] -- C:\Users\All Users\Start Menu\Programs\Google Earth [2012/02/03 23:59:33 \| 000,000,000 \| ---D \| C] -- C:\Users\All Users\Start Menu\Programs\KONAMI [2012/02/03 23:49:00 \| 000,000,000 \| ---D \| C] -- C:\Users\All Users\Application Data\KONAMI [2012/02/01 15:35:20 \| 000,000,000 \| ---D \| C] -- C:\Users\Administrator\Desktop\mp3 [3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/25 00:56:33 \| 000,583,680 \| ---- \| M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012/02/25 00:40:51 \| 000,000,896 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/02/25 00:40:46 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2012/02/24 19:20:39 \| 000,000,900 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/02/24 18:39:38 \| 000,302,592 \| ---- \| M] () -- C:\Users\Administrator\Desktop\mnzvqdj0.exe [2012/02/24 18:19:57 \| 000,015,872 \| ---- \| M] () -- C:\Users\Administrator\Desktop\pr6432.exe [2012/02/24 18:15:59 \| 000,607,260 \| R--- \| M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr [2012/02/24 12:43:13 \| 225,502,843 \| ---- \| M] () -- C:\Users\Administrator\Desktop\Camera album.zip [2012/02/24 12:41:40 \| 014,333,981 \| ---- \| M] () -- C:\Users\Administrator\Desktop\slike.zip [2012/02/24 02:08:44 \| 000,872,738 \| ---- \| M] () -- C:\Users\Administrator\Desktop\Lecenje-vodom-Malahov.pdf [2012/02/19 23:30:09 \| 000,507,856 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2012/02/19 23:30:09 \| 000,096,580 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2012/02/19 16:27:21 \| 000,002,265 \| ---- \| M] () -- C:\Users\All Users\Desktop\Skype.lnk [2012/02/19 13:16:24 \| 000,008,704 \| ---- \| M] () -- C:\Users\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/17 12:14:30 \| 000,414,368 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/02/03 23:05:12 \| 000,001,762 \| ---- \| M] () -- C:\Users\Administrator\Desktop\Settings.lnk [2012/02/03 23:05:07 \| 000,001,757 \| ---- \| M] () -- C:\Users\Administrator\Desktop\Pro Evolution Soccer 2012.lnk [2012/01/29 15:07:00 \| 000,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2012/01/29 01:32:30 \| 000,001,104 \| ---- \| M] () -- C:\WINDOWS\wincmd.ini [3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/24 18:39:40 \| 000,302,592 \| ---- \| C] () -- C:\Users\Administrator\Desktop\mnzvqdj0.exe [2012/02/24 18:20:01 \| 000,015,872 \| ---- \| C] () -- C:\Users\Administrator\Desktop\pr6432.exe [2012/02/24 12:42:43 \| 225,502,843 \| ---- \| C] () -- C:\Users\Administrator\Desktop\Camera album.zip [2012/02/24 12:41:35 \| 014,333,981 \| ---- \| C] () -- C:\Users\Administrator\Desktop\slike.zip [2012/02/24 02:08:38 \| 000,872,738 \| ---- \| C] () -- C:\Users\Administrator\Desktop\Lecenje-vodom-Malahov.pdf [2012/02/03 23:05:12 \| 000,001,762 \| ---- \| C] () -- C:\Users\Administrator\Desktop\Settings.lnk [2012/02/03 23:05:07 \| 000,001,757 \| ---- \| C] () -- C:\Users\Administrator\Desktop\Pro Evolution Soccer 2012.lnk [2011/12/28 13:47:29 \| 000,161,416 \| ---- \| C] () -- C:\Users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/12/11 15:30:24 \| 000,008,704 \| ---- \| C] () -- C:\Users\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/23 12:32:22 \| 000,262,144 \| ---- \| C] () -- C:\WINDOWS\System32\default_user_class.dat [2011/11/07 00:01:45 \| 000,000,119 \| ---- \| C] () -- C:\Users\Administrator\Local Settings\Application Data\fusioncache.dat [2011/10/15 23:45:29 \| 000,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2011/10/13 21:59:27 \| 001,662,976 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2011/10/13 21:59:27 \| 001,622,016 \| ---- \| C] () -- C:\WINDOWS\System32\nwiz.exe [2011/10/13 21:59:27 \| 001,470,464 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2011/10/13 21:59:27 \| 001,339,392 \| ---- \| C] () -- C:\WINDOWS\System32\nvdspsch.exe [2011/10/13 21:59:27 \| 001,019,904 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2011/10/13 21:59:27 \| 000,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2011/10/13 21:59:27 \| 000,442,368 \| ---- \| C] () -- C:\WINDOWS\System32\nvappbar.exe [2011/10/13 21:59:27 \| 000,425,984 \| ---- \| C] () -- C:\WINDOWS\System32\keystone.exe [2011/10/13 21:58:24 \| 000,004,161 \| ---- \| C] () -- C:\WINDOWS\ODBCINST.INI [2011/10/13 21:57:00 \| 000,216,576 \| ---- \| C] () -- C:\WINDOWS\System32\powercalc.exe [2011/10/13 21:56:59 \| 000,185,516 \| ---- \| C] () -- C:\WINDOWS\System32\cmdhide.exe [2011/10/13 21:56:59 \| 000,031,232 \| ---- \| C] () -- C:\WINDOWS\System32\cmdow.exe [2011/10/13 21:56:59 \| 000,000,121 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2011/10/13 21:56:58 \| 000,019,083 \| ---- \| C] () -- C:\WINDOWS\System32\DELTREE.EXE [2011/10/13 21:56:58 \| 000,013,339 \| ---- \| C] () -- C:\WINDOWS\System32\WAIT.EXE [2011/10/13 21:56:56 \| 000,000,794 \| ---- \| C] () -- C:\WINDOWS\Removes.ini [2011/10/13 21:54:22 \| 000,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2011/10/13 21:54:21 \| 000,581,632 \| ---- \| C] () -- C:\WINDOWS\System32\nvhwvid.dll [2011/10/13 21:54:15 \| 000,196,608 \| ---- \| C] () -- C:\WINDOWS\System32\nvapi.dll [2011/10/13 21:53:31 \| 000,271,784 \| ---- \| C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/10/13 11:33:21 \| 000,001,732 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2011/10/13 11:29:13 \| 000,204,800 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2011/10/13 11:29:13 \| 000,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2011/10/13 11:29:13 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2011/10/13 11:29:13 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2011/10/13 11:29:13 \| 000,188,416 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2011/10/13 11:29:13 \| 000,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresize.dll [2011/10/13 11:29:05 \| 000,831,600 \| ---- \| C] () -- C:\WINDOWS\System32\Ctaa1.dat [2011/10/13 11:29:05 \| 000,122,880 \| ---- \| C] () -- C:\WINDOWS\System32\cddvdint.dll [2011/10/13 11:27:54 \| 000,001,104 \| ---- \| C] () -- C:\WINDOWS\wincmd.ini [2011/10/13 11:12:56 \| 000,765,952 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/10/13 11:12:56 \| 000,180,224 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/10/13 11:12:55 \| 003,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2011/10/13 11:12:55 \| 000,010,752 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/10/13 11:04:56 \| 000,002,048 \| --S- \| C] () -- C:\WINDOWS\bootstat.dat [2011/10/13 11:03:55 \| 000,001,536 \| ---- \| C] () -- C:\WINDOWS\System32\hidec.exe [2011/10/13 11:03:44 \| 000,828,416 \| ---- \| C] () -- C:\WINDOWS\System32\mmm.exe [2011/10/13 11:03:44 \| 000,417,792 \| ---- \| C] () -- C:\WINDOWS\System32\Notepad2.EXE [2011/10/13 11:03:44 \| 000,394,240 \| ---- \| C] () -- C:\WINDOWS\System32\Hmtcd.dll [2011/10/13 11:03:44 \| 000,216,576 \| ---- \| C] () -- C:\WINDOWS\System32\PCalc.exe [2011/10/13 11:03:44 \| 000,175,616 \| ---- \| C] () -- C:\WINDOWS\System32\mmm.dll [2011/10/13 11:03:44 \| 000,167,936 \| ---- \| C] () -- C:\WINDOWS\System32\metapath.exe [2011/10/13 11:03:44 \| 000,114,688 \| ---- \| C] () -- C:\WINDOWS\System32\Cabarc.exe [2011/10/13 11:03:44 \| 000,110,085 \| ---- \| C] () -- C:\WINDOWS\System32\cdimage.exe [2011/10/13 11:03:44 \| 000,060,190 \| ---- \| C] ( ) -- C:\WINDOWS\System32\modifype.com [2011/10/13 11:03:44 \| 000,020,992 \| ---- \| C] () -- C:\WINDOWS\System32\Cabtool.exe [2011/10/13 11:03:44 \| 000,001,128 \| ---- \| C] () -- C:\WINDOWS\System32\WC.com [2011/10/13 11:03:40 \| 000,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\latency.exe [2011/10/13 11:03:40 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\MemTest.exe [2011/10/13 11:03:40 \| 000,023,552 \| ---- \| C] () -- C:\WINDOWS\System32\vcdrom.exe [2011/10/13 11:03:40 \| 000,000,156 \| ---- \| C] () -- C:\WINDOWS\System32\cpuz.ini [2011/10/13 11:03:00 \| 000,000,029 \| ---- \| C] () -- C:\WINDOWS\SetupSMenu.ini [2011/10/13 11:01:04 \| 000,021,640 \| ---- \| C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/10/13 11:00:56 \| 000,708,272 \| ---- \| C] () -- C:\WINDOWS\System32\Universal Silent Switch Finder.exe [2011/10/13 11:00:56 \| 000,271,264 \| ---- \| C] () -- C:\WINDOWS\System32\vbrun100.dll < End of report > [Link mogu videti samo ulogovani korisnici] Evo OTL.txt. Hvala vam na brzom odgovoru i instrukcijama :-)

Profil

1l padr1n0 Poslao: 25 Feb 2012 01:31 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: mcrule Registruj se da bi pohvalio/la poruku! Ako jos uvek nisi, restartuj sistem i tek onda odradi ove korake ... Korak 1 Ponovo pokreni program OTL dvoklikom na ikonicu; U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst: :OTL PRC - [2011/12/01 11:14:09 \| 000,038,408 \| ---- \| M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com FF - prefs.js..browser.search.order.1: "iLivid Web Search" FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=GRxdm035YYRS&ptb=YhPH0CRJm5M68kaSVlJcjQ&n=77ed0492" FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "iLivid Web Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "iLivid Web Search" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=" [2011/12/01 01:35:56 \| 000,000,000 \| ---D \| M] (SweetIM Toolbar for Firefox) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011/12/01 01:35:50 \| 000,003,915 \| ---- \| M] () -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\searchplugins\sweetim.xml () (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5SWQFCN.DEFAULT\EXTENSIONS\YOUTUBE@2YOUTUBE.COM.XPI O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found O4 - HKLM..\Run: [GEST] m‘\|Ìû File not found O4 - HKLM..\RunOnce: [MyWebSearch bar Uninstall] C:\Program Files\Uninstall Fun Web Products.dll (MyWebSearch.com) O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O33 - MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\Shell\AutoRun\command - "" = E:\Run.exe [2012/02/25 00:52:17 \| 000,824,840 \| ---- \| C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll [2012/02/19 01:46:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Spigot :Files C:\Program Files\MyWebSearch C:\Program Files\SweetIM :Commands [PURITY] [EMPTYTEMP] [EMPTYJAVA] [EMPTYFLASH] [REBOOT] Klikni taster Run Fix; Log koji dobiješ iskopiraj ovde u poruci. Korak 2 Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: [Link mogu videti samo ulogovani korisnici] Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). goran9888 (AMF Tim)

Profil

SLOBODANiSANjA MIHAJLOV Poslao: 26 Feb 2012 01:30 Idi na vrh
offline SLOBODANiSANjA MIHAJLOV Novi MyCity građanin Pridružio: 24 Feb 2012 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 26 Feb 2012 1:17 All processes killed ========== OTL ========== No active process named MWSOEMON.EXE was found! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page\| /E : value set successfully! Prefs.js: "iLivid Web Search" removed from browser.search.order.1 Prefs.js: "http://home.mywebsearch.com/index.jhtml?ptnrS=GRxdm035YYRS&ptb=YhPH0CRJm5M68kaSVlJcjQ&n=77ed0492" removed from browser.startup.homepage Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL Prefs.js: "iLivid Web Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl Prefs.js: "iLivid Web Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine Prefs.js: "http://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=" removed from sweetim.toolbar.previous.keyword.URL C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully. C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\searchplugins\sweetim.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\MyWebSearch bar Uninstall not found. File C:\Program Files\Uninstall Fun Web Products.dll not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead6f728-f582-11e0-a808-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead6f728-f582-11e0-a808-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ead6f728-f582-11e0-a808-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead6f728-f582-11e0-a808-806d6172696f}\ not found. File E:\Run.exe not found. File C:\Program Files\Uninstall Fun Web Products.dll not found. C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully. C:\Program Files\Common Files\Spigot folder moved successfully. ========== FILES ========== C:\Program Files\MyWebSearch\bar\Settings folder moved successfully. C:\Program Files\MyWebSearch\bar\History folder moved successfully. C:\Program Files\MyWebSearch\bar folder moved successfully. C:\Program Files\MyWebSearch folder moved successfully. File\Folder C:\Program Files\SweetIM not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 653817 bytes ->Temporary Internet Files folder emptied: 250562076 bytes ->Java cache emptied: 73508136 bytes ->FireFox cache emptied: 725708559 bytes ->Flash cache emptied: 76473 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LastXPIcons User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3896453 bytes ->Flash cache emptied: 348 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33183 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2142714 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 268391928 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51793218 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,313.00 mb [EMPTYJAVA] User: Administrator ->Java cache emptied: 0 bytes User: All Users User: Default User User: LastXPIcons User: LocalService User: NetworkService Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User User: LastXPIcons User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02262012_011433 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Dopuna: 26 Feb 2012 1:27 Malwarebytes Anti-Malware 1.60.1.1000 [Link mogu videti samo ulogovani korisnici] Database version: v2012.02.25.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 7.0.5730.11 Administrator :: LASTXP [administrator] 26/02/2012 1:21:42 AM mbam-log-2012-02-26 (01-21-42).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 172940 Time elapsed: 3 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 17 HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center\|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center\|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 7 C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 0 (No malicious items detected) (end) Dopuna: 26 Feb 2012 1:30 Hvala Vam puno. Da li bi trebao još nešto da uradim?

Profil

1l padr1n0 Poslao: 26 Feb 2012 02:54 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel problem resen? Ukoliko je resen, potrebno je odraditi jos par koraka - napisacu ih u sledecoj poruci. goran9888 (AMF Tim)

Profil

SLOBODANiSANjA MIHAJLOV Poslao: 26 Feb 2012 12:36 Idi na vrh
offline SLOBODANiSANjA MIHAJLOV Novi MyCity građanin Pridružio: 24 Feb 2012 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa od sinoć do sad mi se nije pojavio opet taj virus, nadam se da je problem rešen...

Profil

1l padr1n0 Poslao: 26 Feb 2012 14:45 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Jeste, malware je uklonjen sa sistema. Pokreni alat OTL i izaberi opciju CleanUp. Bice uklonjen alat i sve sto je tokom rada kreirao. ----------------------------------------- - Preporucujem ti da instaliras Service Pack 3 za Windows XP tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na MS-ovom sajtu. Uglavnom, MS je 13.jula 2010 prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru. Sta to znaci? Pogledaj link: [Link mogu videti samo ulogovani korisnici]; ** Ukoliko se odlucis na ovaj korak (instaliranje SP3), preporucujem ti da prethodno uradis backup svih bitnih podataka. - Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan. Home Page MCShield-a ::Anti-Malware Tool:: v2: [Link mogu videti samo ulogovani korisnici] Vise o MCShield-u mozes saznati u ovim temama: v1: [Link mogu videti samo ulogovani korisnici] v2: [Link mogu videti samo ulogovani korisnici] - Poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Link do teme je: [Link mogu videti samo ulogovani korisnici]** - Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.

Profil

SLOBODANiSANjA MIHAJLOV Poslao: 26 Feb 2012 15:44 Idi na vrh
offline SLOBODANiSANjA MIHAJLOV Novi MyCity građanin Pridružio: 24 Feb 2012 Poruke: 5	2Ovo se svidja korisnicima: goran9888, ThePhilosopher Registruj se da bi pohvalio/la poruku! Gorane, hvala puno, mnogo si mi pomogao. Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus na facebook-u

Ko je trenutno na forumu

Ukupno su 1250 korisnika na forumu :: 123 registrovanih, 11 sakrivenih i 1116 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, _stipa_, advokat84, AleksandarV, Alen-Delon-u-boji, Alojzije, Ares12356, ArmFPGA, Automaticar, Ba4e, BasCelik, Bbbggg1979, Betty25, black venom, Bo96, Bodin86, Bojan198527, bojan313, bojank, Bojcca, bojcistv, Boris90, borya90, Botovac, bpop, Bubimir, bunker, BZ, cakija, CHARLIE JA., cifra, Darko Jovanovic, Darth Malak, debeli, dekan.m, Deki Duga Devetka, djordjemiklusev, dragoljub11987, Electron, flash12, Fliper, Gaga_89, Gagi193, Giskard, gobrad, GrammaticalAnalysis, Great White, Ikica977, Jager715510, jalos, Jan, JOntra, Jovan.D, Kajzer_Soze, kasikaz, KimiMR, kolle.the.kid, Kototamopeva, kunktator, Le Banner, Lucky 6, Marko Marković, markolopin, matrix_1, Michellefromrezistance, Mig 29, mileJNA, milenko crazy north, milos.cbr, Milos1987, Milovan Dinic, milutin134, Mis uz pusku, mishkooo, Misirac, moldway, mrm, Nemanja94, Nomica, ObicanUser, OrestSand, Papadubi, Pikac-47, pisac12, prikolica, Qvazimodo, raso76, redstar72, repac, Roksi, royst33, samp1389, saputnik plavetnila, Sase, Sawages, Semberija, shadower78, skylab1111, sluga, Sr.Stat., stefanmpurtic, Stoorb, superwhy, Tihi86, tomo2, TRAVUNIJA, tritonus, troki1971, tuf, Tumansky, user26, Vanderx, Vlada1389, vlado_pg, Vlajman1957, volimpivuvolimrakiju, Zanzibar, ZetaMan, Zjmc, ZlatniRez, zlizo, Zmaj Tolak, 787

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by