MyCity » Ambulanta -> Arhiva Ambulante » problem oko interneta

problem oko interneta

Napisano na dan: 14.4.2008

problem oko interneta

Sledeća strana

Pagination

Odgovori

flashboy_didi Poslao: 14 Apr 2008 10:39 Idi na vrh
offline flashboy_didi Građanin Pridružio: 24 Apr 2007 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nedavno sam imao problema sa nekim virusom i mislio sam da sam ga uklonio, ali izgleda da je nesto ostalo od njega na PC-u, a takodje me izbacuje sa nekih stranica (jednostavno nece da ih ucita, pa onda oce ... koji mu je ....), nadam se da mu ima pomoci bez c:\format C: Hvala Logfile of HijackThis v1.99.1 Scan saved at 10:30:41, on 14.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\fireserv\Apache\bin\Apache.exe c:\fireserv\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\fireserv\Apache\bin\Apache.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Aleksandar\Desktop\HijackThis\Sta 'vo Ne Radi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042908 serial=... lang=EN O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [USDownloader] "D:\download\PROGRAMI\internet\USDownloader\USDownloader.exe" O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: Pravoslavac 2008.lnk = C:\Program Files\Pravoslavac\Pravoslavac 2008.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - [Link mogu videti samo ulogovani korisnici]\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Fireserv - Unknown owner - C:\fireserv\Apache\bin\Apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MySql - Unknown owner - c:\fireserv\mysql\bin\mysqld-nt.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PMounter - Unknown owner - C:\WINDOWS\system32\PMounter.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Profil

dr_Bora Poslao: 14 Apr 2008 17:03 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Postavljeni log je čist. Hajde još nešto da proverimo... Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

flashboy_didi Poslao: 15 Apr 2008 04:30 Idi na vrh
offline flashboy_didi Građanin Pridružio: 24 Apr 2007 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-13.3 - Aleksandar 2008-04-15 4:25:31.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1571 [GMT 2:00] Running from: C:\Documents and Settings\Aleksandar\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Aleksandar\Application Data\inst.exe C:\kmd.exe C:\WINDOWS\recover.reg C:\WINDOWS\system32\hg05006.dll C:\WINDOWS\system32\xbox.dll . ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))) . 2008-04-13 18:16 . 2008-04-13 18:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-13 18:16 . 2008-04-13 18:16 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-10 21:23 . 2008-04-10 21:23 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\SpeedSim 2008-04-10 20:02 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-04-10 20:02 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-04-10 17:02 . 2008-04-10 17:02 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\SpeedSim 2008-04-07 09:23 . 2008-04-11 14:53 36 --a------ C:\WINDOWS\mafosav.INI 2008-04-06 21:33 . 2008-04-06 21:33 124 --a------ C:\WINDOWS\wininit.ini 2008-04-06 21:32 . 2008-04-06 21:32 <DIR> d-------- C:\Program Files\Mario Forever 2008-04-04 12:41 . 2008-04-04 12:41 <DIR> d-------- C:\Program Files\Sybase 2008-04-04 12:16 . 2008-04-04 12:16 288 --a------ C:\WINDOWS\ODBC.INI 2008-04-04 12:16 . 2008-04-05 15:11 185 --a------ C:\WINDOWS\mdm.ini 2008-04-04 12:13 . 2008-04-04 12:13 <DIR> d-------- C:\Program Files\Web Publish 2008-04-04 11:55 . 1998-12-06 16:52 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2008-04-04 11:55 . 1998-12-07 06:45 170,256 --a------ C:\WINDOWS\system32\jit.dll 2008-04-04 11:55 . 1998-12-06 17:35 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-04-04 11:55 . 1998-12-06 17:37 46,352 --a------ C:\WINDOWS\setdebug.exe 2008-04-04 11:55 . 1998-12-06 17:18 7,311 --a------ C:\WINDOWS\system32\javasup.vxd 2008-04-04 11:55 . 1998-12-06 16:53 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-04-03 15:05 . 2008-04-07 19:22 194 --a------ C:\WINDOWS\wcx_ftp.ini 2008-04-01 20:40 . 2008-04-01 20:40 <DIR> d-------- C:\Program Files\Microsoft 2008-03-29 19:21 . 2008-03-29 19:21 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-29 08:02 . 2008-03-29 07:46 17,249 --a------ C:\WINDOWS\system32\mconfg.dll 2008-03-29 08:02 . 2008-03-16 07:41 16,992 --a------ C:\WINDOWS\system32\mcmd.dll 2008-03-29 08:02 . 2008-03-29 09:34 12,427 --a------ C:\WINDOWS\system32\mcrss.dll 2008-03-29 08:02 . 2008-03-16 08:17 2,625 --a------ C:\WINDOWS\system32\ms32.sys 2008-03-29 08:02 . 2008-02-09 14:51 191 --a------ C:\WINDOWS\system32\poiyu 2008-03-28 17:13 . 2008-03-28 17:13 <DIR> d-------- C:\WINDOWS\system32\dk 2008-03-28 15:17 . 2008-03-28 15:17 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\uTorrent 2008-03-25 00:58 . 2008-03-25 00:58 <DIR> d-------- C:\Program Files\ESET 2008-03-18 19:46 . 2008-03-18 19:46 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Vso 2008-03-18 19:46 . 2008-03-18 19:46 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-18 19:46 . 2008-03-18 23:03 47,360 --a------ C:\Documents and Settings\Aleksandar\Application Data\pcouffin.sys 2008-03-17 12:16 . 2008-03-17 12:16 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-03-17 12:11 . 2008-03-17 12:11 <DIR> d-------- C:\Program Files\Macromedia 2008-03-17 12:11 . 2008-03-17 12:11 <DIR> d-------- C:\Program Files\Common Files\Macromedia 2008-03-17 12:09 . 2002-06-12 16:36 24,553 --a------ C:\WINDOWS\php.ini 2008-03-17 12:09 . 2002-06-17 01:26 1,142 --a------ C:\my.cnf 2008-03-17 12:07 . 2008-03-17 12:07 <DIR> d-------- C:\Fireserv 2008-03-16 09:48 . 2008-03-16 12:40 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI 2008-03-15 10:55 . 2008-03-15 10:56 <DIR> d-------- C:\Program Files\Winamp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-21 07:45 98,304 ----a-w C:\WINDOWS\DUMP66e7.tmp 2008-03-14 16:24 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-14 14:28 --------- d-----w C:\Program Files\totalcmd 2008-03-11 20:34 --------- d-----w C:\Program Files\Atomic Alarm Clock 2008-03-11 20:11 --------- d-----w C:\Program Files\Atomic Clock Sync 2008-03-09 18:44 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\Media Player Classic 2008-03-07 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-03-07 06:58 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Ubisoft 2008-03-07 06:45 --------- d-----w C:\Program Files\Ubisoft 2008-03-07 06:45 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\InstallShield 2008-03-06 13:51 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-03-06 13:51 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\SystemRequirementsLab 2008-03-05 10:24 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\LimeWire 2008-03-05 08:48 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\BSplayer PRO 2008-03-04 19:55 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Media Player Classic 2008-03-03 06:56 --------- d-----w C:\Program Files\Full Tilt Poker 2008-03-02 07:49 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\Screenshot Sender 2008-02-29 09:40 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-29 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-27 05:42 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Screenshot Sender 2008-02-25 14:11 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-25 14:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-25 10:16 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\ESET 2008-02-23 21:48 --------- d-----w C:\Program Files\The KMPlayer 2008-02-23 18:39 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\ESET 2008-02-19 22:29 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\TeamViewer 2008-02-19 22:28 --------- d-----w C:\Program Files\TeamViewer3 2008-02-19 10:07 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\Babylon 2008-02-18 17:59 --------- d-----w C:\Program Files\Pravoslavac 2008-02-18 16:59 --------- d-----w C:\Program Files\Babylon 2008-02-18 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-02-18 16:58 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Babylon 2008-01-27 08:32 532,480 ----a-w C:\WINDOWS\system32\Assassins Creed Diaporama.scr 2008-01-12 16:41 22,328 ----a-w C:\Documents and Settings\Aleksandar\Application Data\PnkBstrK.sys 2008-01-11 18:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-01-11 18:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008011120080112\index.dat 2008-01-11 18:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2008-01-11 18:18 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2007-12-18 14:42 267488] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-12-18 14:42 267488] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856] "USDownloader"="D:\download\PROGRAMI\internet\USDownloader\USDownloader.exe" [2008-01-14 19:46 528384] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2006-09-17 09:38 549376] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-22 21:47 219952] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 22:49 3116768] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\Aleksandar\Start Menu\Programs\Startup\ Pravoslavac 2008.lnk - C:\Program Files\Pravoslavac\Pravoslavac 2008.exe [2008-02-18 19:59:41 1054254] C:\Documents and Settings\bubuleja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 22:08:21 147456] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] --a------ 2007-06-28 15:19 880080 C:\Program Files\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-11 21:17 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 08:26] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 04:36] R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 08:26] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] R2 Fireserv;Fireserv;"C:\fireserv\Apache\bin\Apache.exe" -k runservice [] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 12:26] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5705ba-ca63-11dc-8e76-0019664e5da7}] \Shell\AutoOpen\command - L:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5705bb-ca63-11dc-8e76-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e8ff91c-d322-11dc-8e85-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206cfb75-e21a-11dc-8e94-0019664e5da7}] \Shell\auto\command - L:\Knight.exe open \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open \Shell\explore\command - L:\Knight.exe open \Shell\find\command - L:\Knight.exe open \Shell\install\command - L:\Knight.exe open \Shell\open\command - L:\Knight.exe open [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21820aca-dfc1-11dc-8e93-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22800348-d19e-11dc-8e82-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1cf4da-de48-11dc-8e90-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1e4a8-ce77-11dc-8e7d-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1e4ac-ce77-11dc-8e7d-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{788d3416-c741-11dc-8e71-c301b4cf956f}] \Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29b-d49d-11dc-8e8a-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29c-d49d-11dc-8e8a-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29d-d49d-11dc-8e8a-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f97e4a-f75b-11dc-8ead-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95df982e-f2bf-11dc-8ea6-0019664e5da7}] \Shell\AutoOpen\command - L:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3bd83ec-d1c9-11dc-8e83-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-04-15 04:26:58 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-15 4:27:14 ComboFix-quarantined-files.txt 2008-04-15 02:27:14 ComboFix3.txt 2008-02-18 16:13:06 ComboFix2.txt 2008-02-23 14:50:10 Pre-Run: 4,155,916,288 bytes free Post-Run: 4,141,432,832 bytes free

Profil

dr_Bora Poslao: 15 Apr 2008 17:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upakuj sledeće file-ove u jedan zip/rar: C:\WINDOWS\system32\mconfg.dll C:\WINDOWS\system32\mcmd.dll C:\WINDOWS\system32\mcrss.dll C:\WINDOWS\system32\ms32.sys C:\WINDOWS\system32\poiyu i uploaduj tu arhivu korišćenjem sledeće forme: [Link mogu videti samo ulogovani korisnici] .

Profil

flashboy_didi Poslao: 15 Apr 2008 23:40 Idi na vrh
offline flashboy_didi Građanin Pridružio: 24 Apr 2007 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nadam se da je to prvo trebalo kopirati negdje pa onda ubaciti u zip/rar, kao sto sam i uradio ... poslato je

Profil

dr_Bora Poslao: 16 Apr 2008 17:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\mconfg.dll C:\WINDOWS\system32\mcmd.dll C:\WINDOWS\system32\mcrss.dll C:\WINDOWS\system32\ms32.sys C:\WINDOWS\system32\poiyu C:\WINDOWS\DUMP66e7.tmp Folder:: C:\Program Files\AdVantage Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5705ba-ca63-11dc-8e76-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5705bb-ca63-11dc-8e76-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e8ff91c-d322-11dc-8e85-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206cfb75-e21a-11dc-8e94-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21820aca-dfc1-11dc-8e93-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22800348-d19e-11dc-8e82-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1cf4da-de48-11dc-8e90-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1e4a8-ce77-11dc-8e7d-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1e4ac-ce77-11dc-8e7d-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{788d3416-c741-11dc-8e71-c301b4cf956f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29b-d49d-11dc-8e8a-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29c-d49d-11dc-8e8a-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29d-d49d-11dc-8e8a-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f97e4a-f75b-11dc-8ead-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95df982e-f2bf-11dc-8ea6-0019664e5da7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3bd83ec-d1c9-11dc-8e83-0019664e5da7}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

flashboy_didi Poslao: 16 Apr 2008 19:29 Idi na vrh
offline flashboy_didi Građanin Pridružio: 24 Apr 2007 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-13.3 - Aleksandar 2008-04-16 19:22:18.4 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1442 [GMT 2:00] Running from: C:\Documents and Settings\Aleksandar\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Aleksandar\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\DUMP66e7.tmp C:\WINDOWS\system32\mcmd.dll C:\WINDOWS\system32\mconfg.dll C:\WINDOWS\system32\mcrss.dll C:\WINDOWS\system32\ms32.sys C:\WINDOWS\system32\poiyu . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AdVantage C:\Program Files\AdVantage\AdVantage.db C:\Program Files\AdVantage\AdVantage.exe C:\Program Files\AdVantage\AdVantage.htm C:\Program Files\AdVantage\AdVUninst.exe C:\Program Files\AdVantage\TR.dll C:\Program Files\AdVantage\user.db C:\WINDOWS\DUMP66e7.tmp C:\WINDOWS\system32\mcmd.dll C:\WINDOWS\system32\mconfg.dll C:\WINDOWS\system32\mcrss.dll C:\WINDOWS\system32\ms32.sys C:\WINDOWS\system32\poiyu . ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))) . 2008-04-15 16:49 . 2008-04-15 16:49 <DIR> d-------- C:\Program Files\SmartDraw 2007 2008-04-15 15:54 . 2008-04-15 15:54 <DIR> d-------- C:\Documents and Settings\Aleksandar\System 2008-04-15 15:54 . 2008-04-15 15:54 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\SmartDraw 2008-04-15 15:38 . 2008-04-15 15:38 <DIR> d-------- C:\Program Files\SmartDraw 2008 2008-04-15 15:28 . 2008-04-15 15:28 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Thinstall 2008-04-13 18:16 . 2008-04-13 18:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-13 18:16 . 2008-04-13 18:16 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-10 21:23 . 2008-04-10 21:23 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\SpeedSim 2008-04-10 20:02 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-04-10 20:02 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-04-10 17:02 . 2008-04-10 17:02 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\SpeedSim 2008-04-07 09:23 . 2008-04-11 14:53 36 --a------ C:\WINDOWS\mafosav.INI 2008-04-06 21:33 . 2008-04-06 21:33 124 --a------ C:\WINDOWS\wininit.ini 2008-04-06 21:32 . 2008-04-06 21:32 <DIR> d-------- C:\Program Files\Mario Forever 2008-04-04 12:41 . 2008-04-04 12:41 <DIR> d-------- C:\Program Files\Sybase 2008-04-04 12:16 . 2008-04-04 12:16 288 --a------ C:\WINDOWS\ODBC.INI 2008-04-04 12:16 . 2008-04-05 15:11 185 --a------ C:\WINDOWS\mdm.ini 2008-04-04 12:13 . 2008-04-04 12:13 <DIR> d-------- C:\Program Files\Web Publish 2008-04-04 11:55 . 1998-12-06 16:52 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2008-04-04 11:55 . 1998-12-07 06:45 170,256 --a------ C:\WINDOWS\system32\jit.dll 2008-04-04 11:55 . 1998-12-06 17:35 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-04-04 11:55 . 1998-12-06 17:37 46,352 --a------ C:\WINDOWS\setdebug.exe 2008-04-04 11:55 . 1998-12-06 17:18 7,311 --a------ C:\WINDOWS\system32\javasup.vxd 2008-04-04 11:55 . 1998-12-06 16:53 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-04-03 15:05 . 2008-04-07 19:22 194 --a------ C:\WINDOWS\wcx_ftp.ini 2008-04-01 20:40 . 2008-04-01 20:40 <DIR> d-------- C:\Program Files\Microsoft 2008-03-29 19:21 . 2008-03-29 19:21 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-28 17:13 . 2008-03-28 17:13 <DIR> d-------- C:\WINDOWS\system32\dk 2008-03-28 15:17 . 2008-03-28 15:17 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\uTorrent 2008-03-25 00:58 . 2008-03-25 00:58 <DIR> d-------- C:\Program Files\ESET 2008-03-18 19:46 . 2008-03-18 19:46 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Vso 2008-03-18 19:46 . 2008-03-18 19:46 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-18 19:46 . 2008-03-18 23:03 47,360 --a------ C:\Documents and Settings\Aleksandar\Application Data\pcouffin.sys 2008-03-17 12:16 . 2008-03-17 12:16 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-03-17 12:11 . 2008-03-17 12:11 <DIR> d-------- C:\Program Files\Macromedia 2008-03-17 12:11 . 2008-03-17 12:11 <DIR> d-------- C:\Program Files\Common Files\Macromedia 2008-03-17 12:09 . 2002-06-12 16:36 24,553 --a------ C:\WINDOWS\php.ini 2008-03-17 12:09 . 2002-06-17 01:26 1,142 --a------ C:\my.cnf 2008-03-17 12:07 . 2008-03-17 12:07 <DIR> d-------- C:\Fireserv 2008-03-16 09:48 . 2008-03-16 12:40 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-15 08:56 --------- d-----w C:\Program Files\Winamp 2008-03-14 16:24 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-14 14:28 --------- d-----w C:\Program Files\totalcmd 2008-03-11 20:34 --------- d-----w C:\Program Files\Atomic Alarm Clock 2008-03-11 20:11 --------- d-----w C:\Program Files\Atomic Clock Sync 2008-03-09 18:44 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\Media Player Classic 2008-03-07 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-03-07 06:58 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Ubisoft 2008-03-07 06:45 --------- d-----w C:\Program Files\Ubisoft 2008-03-07 06:45 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\InstallShield 2008-03-06 13:51 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-03-06 13:51 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\SystemRequirementsLab 2008-03-05 10:24 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\LimeWire 2008-03-05 08:48 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\BSplayer PRO 2008-03-04 19:55 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Media Player Classic 2008-03-03 06:56 --------- d-----w C:\Program Files\Full Tilt Poker 2008-03-02 07:49 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\Screenshot Sender 2008-02-29 09:40 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-29 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-27 05:42 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Screenshot Sender 2008-02-25 14:11 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-25 14:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-25 10:16 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\ESET 2008-02-23 21:48 --------- d-----w C:\Program Files\The KMPlayer 2008-02-23 18:39 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\ESET 2008-02-19 22:29 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\TeamViewer 2008-02-19 22:28 --------- d-----w C:\Program Files\TeamViewer3 2008-02-19 10:07 --------- d-----w C:\Documents and Settings\bubuleja\Application Data\Babylon 2008-02-18 17:59 --------- d-----w C:\Program Files\Pravoslavac 2008-02-18 16:59 --------- d-----w C:\Program Files\Babylon 2008-02-18 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-02-18 16:58 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Babylon 2008-01-27 08:32 532,480 ----a-w C:\WINDOWS\system32\Assassins Creed Diaporama.scr 2008-01-12 16:41 22,328 ----a-w C:\Documents and Settings\Aleksandar\Application Data\PnkBstrK.sys 2008-01-11 18:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-01-11 18:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008011120080112\index.dat 2008-01-11 18:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2008-01-11 18:18 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2007-12-18 14:42 267488] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-12-18 14:42 267488] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856] "USDownloader"="D:\download\PROGRAMI\internet\USDownloader\USDownloader.exe" [2008-01-14 19:46 528384] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2006-09-17 09:38 549376] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-22 21:47 219952] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 22:49 3116768] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\Aleksandar\Start Menu\Programs\Startup\ Pravoslavac 2008.lnk - C:\Program Files\Pravoslavac\Pravoslavac 2008.exe [2008-02-18 19:59:41 1054254] C:\Documents and Settings\bubuleja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 22:08:21 147456] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-11 21:17 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 08:26] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 04:36] R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 08:26] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] R2 Fireserv;Fireserv;"C:\fireserv\Apache\bin\Apache.exe" -k runservice [] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 12:26] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-04-16 19:24:12 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-16 19:24:28 ComboFix-quarantined-files.txt 2008-04-16 17:24:28 ComboFix4.txt 2008-02-18 16:13:06 ComboFix3.txt 2008-02-23 14:50:10 ComboFix2.txt 2008-04-15 02:27:16 Pre-Run: 2,339,667,968 bytes free Post-Run: 2,324,021,248 bytes free

Profil

dr_Bora Poslao: 16 Apr 2008 19:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Neki konkretni problemi?

Profil

flashboy_didi Poslao: 16 Apr 2008 19:56 Idi na vrh
offline flashboy_didi Građanin Pridružio: 24 Apr 2007 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada je ok , nadam se da nece vise biti problema ... Hvala ti puno, imas pivu!

Profil

dr_Bora Poslao: 16 Apr 2008 20:40 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem oko interneta

Ko je trenutno na forumu

Ukupno su 1298 korisnika na forumu :: 74 registrovanih, 6 sakrivenih i 1218 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Ahilius, Apis Dr, Arhiv, Asteker, Bo96, Bobrock1, bojanstros9, bokisha253, Car89, Cicumile, crazydkure, Darko Jovanovic, Dolinc, DonRumataEstorski, dragoljub11987, eulereix, GveX, halkin gol, Hans Gajger, Ir, jaeger, Jakonjveliki, Jan, Jeremiah, Jovan1983, Kamov, Kobrim, Kruger, kulus, Lieutenant, ljuba, M74AB3, mercedesamg, Mexaleroo, milanpb, Miler88, milutin134, mir, mkukoleca, Moldovan, moldway, Morava71, nisamBot, nuke92, opt1, Orc, Oscar, Paklenica, PMsnow, proka89, royst33, S94, Savkec, Sevatar, Shajlok, shone34, Sone1983, Stevan Visoki, SympathyForTheDevil, Tadeusz, trinitrotoluen, tritonus, umaric7, Uros Cuore Sportivo, user26, USSVoyager, vlad4, Vojkan Petrovic, zile.obr, zmajbre, Zorge, 79693, 800077

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by