MyCity » Ambulanta -> Arhiva Ambulante » zarazen komp

zarazen komp

Napisano na dan: 20.5.2009

zarazen komp

Sledeća strana

Pagination

Odgovori

milenka Poslao: 20 Maj 2009 11:35 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:13, on 20.5.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\Atheros\ACU.exe E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe E:\Program Files\Wireless Console 2\wcourier.exe E:\Program Files\Winamp\winampa.exe E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe E:\Program Files\DAEMON Tools\daemon.exe E:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\WordWeb\wweb32.exe E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\WINDOWS\system32\acs.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\WINDOWS\system32\nvsvc32.exe E:\Program Files\CyberLink\Shared Files\RichVideo.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\PC Connectivity Solution\ServiceLayer.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\WINDOWS\system32\wuauclt.exe E:\Documents and Settings\Milenka\Desktop\fe5.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ACU] "E:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [SMSERIAL] E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" O4 - HKLM\..\Run: [Wireless Console 2] "E:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 E:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar] rundll32 E:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Power2GoExpress] "E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = E:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1F06F9-D363-464A-9545-C66672BC9612}: NameServer = 81.93.85.152 81.93.85.132 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Atheros Configuration Service (ACS) - Atheros - E:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Kwinzy Service - Unknown owner - E:\Documents and Settings\All Users\Application Data\Kwinzy\kwinzy117.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - E:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 9047 bytes

Profil

diarno Poslao: 20 Maj 2009 12:06 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

milenka Poslao: 20 Maj 2009 12:46 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-19.08 - Milenka 20.05.2009 12:36.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1919.1445 [GMT 2:00] Running from: e:\documents and settings\Milenka\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090519-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\program files\FunWebProducts e:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html e:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html e:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html e:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html e:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html e:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html e:\program files\Internet Explorer\msimg32.dll e:\program files\MyWebSearch e:\program files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL e:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL e:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL e:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE e:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL e:\program files\MyWebSearch\bar\4.bin\F3BKGERR.JPG e:\program files\MyWebSearch\bar\4.bin\F3CJPEG.DLL e:\program files\MyWebSearch\bar\4.bin\F3DTACTL.DLL e:\program files\MyWebSearch\bar\4.bin\F3HISTSW.DLL e:\program files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL e:\program files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL e:\program files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL e:\program files\MyWebSearch\bar\4.bin\F3POPSWT.DLL e:\program files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR e:\program files\MyWebSearch\bar\4.bin\F3REPROX.DLL e:\program files\MyWebSearch\bar\4.bin\F3RESTUB.DLL e:\program files\MyWebSearch\bar\4.bin\F3SCHMON.EXE e:\program files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL e:\program files\MyWebSearch\bar\4.bin\F3SPACER.WMV e:\program files\MyWebSearch\bar\4.bin\F3WALLPP.DAT e:\program files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL e:\program files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG e:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR e:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST e:\program files\MyWebSearch\bar\4.bin\M3HIGHIN.EXE e:\program files\MyWebSearch\bar\4.bin\M3HTML.DLL e:\program files\MyWebSearch\bar\4.bin\M3IDLE.DLL e:\program files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE e:\program files\MyWebSearch\bar\4.bin\M3MEDINT.EXE e:\program files\MyWebSearch\bar\4.bin\M3MSG.DLL e:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR e:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST e:\program files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL e:\program files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL e:\program files\MyWebSearch\bar\4.bin\M3SKIN.DLL e:\program files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE e:\program files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE e:\program files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE e:\program files\MyWebSearch\bar\4.bin\MWSBAR.DLL e:\program files\MyWebSearch\bar\4.bin\MWSOEMON.EXE e:\program files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL e:\program files\MyWebSearch\bar\4.bin\MWSOESTB.DLL e:\program files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL e:\program files\MyWebSearch\bar\4.bin\MWSSVC.EXE e:\program files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL e:\program files\MyWebSearch\bar\Avatar\COMMON.F3S e:\program files\MyWebSearch\bar\Cache\000169F0 e:\program files\MyWebSearch\bar\Cache\00F6108D e:\program files\MyWebSearch\bar\Cache\019F76D3.bin e:\program files\MyWebSearch\bar\Cache\019F79E0.bin e:\program files\MyWebSearch\bar\Cache\019F7C9F.bin e:\program files\MyWebSearch\bar\Cache\019F7FBC.bin e:\program files\MyWebSearch\bar\Cache\01FC1B80.bin e:\program files\MyWebSearch\bar\Cache\01FC1E4E.bin e:\program files\MyWebSearch\bar\Cache\01FC20CF.bin e:\program files\MyWebSearch\bar\Cache\01FC2294.bin e:\program files\MyWebSearch\bar\Cache\0371FEC5 e:\program files\MyWebSearch\bar\Cache\files.ini e:\program files\MyWebSearch\bar\Game\CHECKERS.F3S e:\program files\MyWebSearch\bar\Game\CHESS.F3S e:\program files\MyWebSearch\bar\Game\REVERSI.F3S e:\program files\MyWebSearch\bar\History\search3 e:\program files\MyWebSearch\bar\icons\CM.ICO e:\program files\MyWebSearch\bar\icons\MFC.ICO e:\program files\MyWebSearch\bar\icons\PSS.ICO e:\program files\MyWebSearch\bar\icons\SMILEY.ICO e:\program files\MyWebSearch\bar\icons\WB.ICO e:\program files\MyWebSearch\bar\icons\ZWINKY.ICO e:\program files\MyWebSearch\bar\Message\COMMON.F3S e:\program files\MyWebSearch\bar\Notifier\COMMON.F3S e:\program files\MyWebSearch\bar\Notifier\DOG.F3S e:\program files\MyWebSearch\bar\Notifier\FISH.F3S e:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S e:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S e:\program files\MyWebSearch\bar\Notifier\MAID.F3S e:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S e:\program files\MyWebSearch\bar\Notifier\OPERA.F3S e:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S e:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S e:\program files\MyWebSearch\bar\Notifier\SURFER.F3S e:\program files\MyWebSearch\bar\Settings\prevcfg2.htm e:\program files\MyWebSearch\bar\Settings\s_pid.dat e:\windows\system32\f3PSSavr.scr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 ))))))))))))))))))))))))))))))) . 2009-05-08 22:08 . 2009-05-08 22:08 -------- d-----w e:\program files\MSXML 4.0 2009-05-07 15:25 . 2009-05-07 20:22 -------- d-----w e:\windows\system32\CatRoot_bak 2009-05-07 15:18 . 2009-02-06 10:29 2142720 -c----w e:\windows\system32\dllcache\ntkrnlmp.exe 2009-05-07 15:18 . 2009-02-06 10:32 2186112 -c----w e:\windows\system32\dllcache\ntoskrnl.exe 2009-05-07 15:18 . 2009-02-06 09:49 2020864 -c----w e:\windows\system32\dllcache\ntkrpamp.exe 2009-05-07 15:18 . 2009-02-06 09:49 2062976 -c----w e:\windows\system32\dllcache\ntkrnlpa.exe 2009-05-07 15:16 . 2008-06-13 13:10 272128 -c----w e:\windows\system32\dllcache\bthport.sys 2009-05-07 15:16 . 2008-06-13 13:10 272128 ------w e:\windows\system32\drivers\bthport.sys 2009-05-07 07:15 . 2008-10-24 11:10 453632 -c----w e:\windows\system32\dllcache\mrxsmb.sys 2009-05-06 22:40 . 2009-05-08 22:11 -------- d--h--w e:\windows\$hf_mig$ 2009-05-06 17:18 . 2008-10-16 12:06 208744 ----a-w e:\windows\system32\muweb.dll 2009-05-06 17:18 . 2008-10-16 12:06 268648 ----a-w e:\windows\system32\mucltui.dll 2009-05-06 17:18 . 2009-05-06 17:18 -------- d-----w e:\program files\Real 2009-05-06 17:18 . 2009-05-06 17:18 -------- d-----w e:\documents and settings\All Users\Application Data\Windows Live Toolbar 2009-05-06 17:17 . 2008-10-16 12:09 43544 ----a-w e:\windows\system32\wups2.dll 2009-05-06 17:12 . 2009-05-12 09:18 -------- d-----w e:\documents and settings\Milenka\Contacts 2009-05-06 17:10 . 2009-05-06 17:10 -------- d-----w e:\program files\Windows Live Toolbar 2009-05-06 17:08 . 2009-05-06 17:13 -------- d-----w e:\program files\MSN Messenger 2009-05-06 16:53 . 2009-05-06 16:53 -------- d-----w e:\documents and settings\All Users\Application Data\Winferno 2009-05-06 16:48 . 2006-10-09 11:06 495616 ----a-w e:\windows\system32\WINUTIL5.DLL 2009-05-06 16:48 . 2006-05-17 06:40 393216 ----a-w e:\windows\system32\WINLCTL5.DLL 2009-05-06 16:47 . 2009-05-06 16:47 -------- d-----w e:\program files\Winferno 2009-05-06 16:43 . 2009-05-15 07:20 -------- d-----w e:\program files\Kwinzy 2009-05-06 16:43 . 2009-05-06 16:46 -------- d-----w e:\documents and settings\All Users\Application Data\Kwinzy 2009-04-25 12:15 . 2009-04-25 12:15 -------- d-----w e:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 22:10 . 2009-05-08 22:10 -------- d-----w e:\program files\Microsoft CAPICOM 2.1.0.2 2009-04-25 12:26 . 2008-12-17 09:10 -------- d-----w e:\program files\DAEMON Tools 2009-04-20 13:16 . 2009-01-12 19:11 14 ----a-w e:\windows\popcinfo.dat 2009-04-20 07:27 . 2009-03-16 13:01 -------- d-----w e:\program files\DU Meter 2009-04-06 18:07 . 2008-12-12 20:01 -------- d-----w e:\program files\TheSage 2009-03-06 14:00 . 2004-08-03 23:56 284160 ----a-w e:\windows\system32\pdh.dll 2009-02-20 08:30 . 2004-08-03 23:56 659456 ----a-w e:\windows\system32\wininet.dll 2009-02-20 08:30 . 2004-08-03 23:56 81920 ----a-w e:\windows\system32\ieencode.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="e:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072] "LightScribe Control Panel"="e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ACU"="e:\program files\Atheros\ACU.exe" [2007-10-23 376921] "SMSERIAL"="e:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336] "LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760] "UpdatePPShortCut"="e:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "Wireless Console 2"="e:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-04-01 36352] "NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "PCSuiteTrayApplication"="e:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "DAEMON Tools"="e:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2007-08-16 1626112] "RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.exe [2007-12-12 16859136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Nokia.PCSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] e:\documents and settings\Milenka\Start Menu\Programs\Startup\ WordWeb.lnk - e:\program files\WordWeb\wweb32.exe [2008-12-12 42168] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"= "e:\\Program Files\\Messenger\\msmsgs.exe"= "e:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "e:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [25.4.2009 14:15 114768] R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [25.4.2009 14:15 20560] R3 WSIMD;wsimd Service;e:\windows\system32\drivers\wsimd.sys [29.10.2008 18:24 57344] S2 Kwinzy Service;Kwinzy Service;e:\documents and settings\All Users\Application Data\Kwinzy\kwinzy117.exe [6.5.2009 18:46 54760] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;e:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "e:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-05-20 e:\windows\Tasks\Check Updates for Windows Live Toolbar.job - e:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39] 2009-05-20 e:\windows\Tasks\RegPowerClean.job - e:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-05-06 12:48] 2009-05-20 e:\windows\Tasks\RPCReminder.job - e:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-05-06 12:34] 2009-05-20 e:\windows\Tasks\WGASetup.job - e:\windows\system32\KB905474\wgasetup.exe [2009-05-08 20:18] . - - - - ORPHANS REMOVED - - - - HKCU-Run-DU Meter - e:\program files\DU Meter\DUMeter.exe HKLM-Run-MyWebSearch Plugin - e:\progra~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL . ------- Supplementary Scan ------- . IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 IE: &Windows Live Search - e:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EE1F06F9-D363-464A-9545-C66672BC9612} = 81.93.85.152 81.93.85.132 FF - ProfilePath - e:\documents and settings\Milenka\Application Data\Mozilla\Firefox\Profiles\34vtlumg.default\ FF - prefs.js: browser.search.selectedEngine - YouTube Video Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=0vvW6_5Dus2fbl.SLysfPw&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor= FF - prefs.js: network.proxy.type - 4 FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-20 12:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . e:\program files\Alwil Software\Avast4\aswUpdSv.exe e:\program files\Alwil Software\Avast4\ashServ.exe e:\windows\system32\acs.exe e:\program files\Common Files\LightScribe\LSSrvc.exe e:\windows\system32\rundll32.exe e:\windows\system32\nvsvc32.exe e:\program files\CyberLink\Shared Files\RichVideo.exe e:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe e:\program files\Alwil Software\Avast4\ashMaiSv.exe e:\program files\Alwil Software\Avast4\ashWebSv.exe e:\program files\PC Connectivity Solution\ServiceLayer.exe . ************************************************************************ . Completion time: 2009-05-20 12:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-20 10:41 ComboFix2.txt 2009-03-13 17:15 Pre-Run: 16.191.315.968 bytes free Post-Run: 16.262.139.904 bytes free 262 --- E O F --- 2009-05-13 17:49

Profil

diarno Poslao: 20 Maj 2009 23:50 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi sledeci fajl : e:\documents and settings\All Users\Application Data\Kwinzy\kwinzy117.exe Preko sledece forme : http://www.mycity.rs/ambulanta-upload.php

Profil

milenka Poslao: 21 Maj 2009 11:42 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uploadovala sam ovo sto je gore trazeno

Profil

diarno Poslao: 21 Maj 2009 12:44 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: e:\windows\Tasks\RPCReminder.job e:\windows\Tasks\RegPowerClean.job e:\program files\Mozilla Firefox\plugins\NPMyWebS.dll e:\windows\system32\WINUTIL5.DLL e:\windows\system32\WINLCTL5.DLL Folder:: e:\program files\Winferno e:\documents and settings\All Users\Application Data\Winferno Firefox:: FF - ProfilePath - e:\documents and settings\Milenka\Application Data\Mozilla\Firefox\Profiles\34vtlumg.default\ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=0vvW6_5Dus2fbl.SLysfPw&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor= FF - plugin: e:\program files\Mozilla Firefox\plugins\NPMyWebS.dll DDS:: IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

milenka Poslao: 21 Maj 2009 13:39 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-20.A0 - Milenka 21.05.2009 13:31.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1919.1464 [GMT 2:00] Running from: e:\documents and settings\Milenka\Desktop\ComboFix.exe Command switches used :: e:\documents and settings\Milenka\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090520-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: e:\program files\Mozilla Firefox\plugins\NPMyWebS.dll e:\windows\system32\WINLCTL5.DLL e:\windows\system32\WINUTIL5.DLL e:\windows\Tasks\RegPowerClean.job e:\windows\Tasks\RPCReminder.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\documents and settings\All Users\Application Data\Winferno e:\documents and settings\All Users\Application Data\Winferno\RegPowerClean\results.rcs e:\program files\Mozilla Firefox\plugins\NPMyWebS.dll e:\program files\Winferno e:\program files\Winferno\RegistryPowerCleaner\CHives.dll e:\program files\Winferno\RegistryPowerCleaner\regpowerclean.chm e:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe e:\program files\Winferno\RegistryPowerCleaner\RPCL.DLL e:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe e:\program files\Winferno\RegistryPowerCleaner\SysRst.exe e:\program files\Winferno\RegistryPowerCleaner\unins000.dat e:\program files\Winferno\RegistryPowerCleaner\unins000.exe e:\program files\Winferno\RegistryPowerCleaner\WinCMR.dll e:\windows\system32\WINLCTL5.DLL e:\windows\system32\WINUTIL5.DLL e:\windows\Tasks\RegPowerClean.job e:\windows\Tasks\RPCReminder.job . ((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 ))))))))))))))))))))))))))))))) . 2009-05-08 22:08 . 2009-05-08 22:08 -------- d-----w e:\program files\MSXML 4.0 2009-05-07 15:25 . 2009-05-07 20:22 -------- d-----w e:\windows\system32\CatRoot_bak 2009-05-07 15:18 . 2009-02-06 10:29 2142720 -c----w e:\windows\system32\dllcache\ntkrnlmp.exe 2009-05-07 15:18 . 2009-02-06 10:32 2186112 -c----w e:\windows\system32\dllcache\ntoskrnl.exe 2009-05-07 15:18 . 2009-02-06 09:49 2020864 -c----w e:\windows\system32\dllcache\ntkrpamp.exe 2009-05-07 15:18 . 2009-02-06 09:49 2062976 -c----w e:\windows\system32\dllcache\ntkrnlpa.exe 2009-05-07 15:16 . 2008-06-13 13:10 272128 -c----w e:\windows\system32\dllcache\bthport.sys 2009-05-07 15:16 . 2008-06-13 13:10 272128 ------w e:\windows\system32\drivers\bthport.sys 2009-05-07 07:15 . 2008-10-24 11:10 453632 -c----w e:\windows\system32\dllcache\mrxsmb.sys 2009-05-06 22:40 . 2009-05-08 22:11 -------- d--h--w e:\windows\$hf_mig$ 2009-05-06 17:18 . 2008-10-16 12:06 208744 ----a-w e:\windows\system32\muweb.dll 2009-05-06 17:18 . 2008-10-16 12:06 268648 ----a-w e:\windows\system32\mucltui.dll 2009-05-06 17:18 . 2009-05-06 17:18 -------- d-----w e:\program files\Real 2009-05-06 17:18 . 2009-05-06 17:18 -------- d-----w e:\documents and settings\All Users\Application Data\Windows Live Toolbar 2009-05-06 17:17 . 2008-10-16 12:09 43544 ----a-w e:\windows\system32\wups2.dll 2009-05-06 17:12 . 2009-05-12 09:18 -------- d-----w e:\documents and settings\Milenka\Contacts 2009-05-06 17:10 . 2009-05-06 17:10 -------- d-----w e:\program files\Windows Live Toolbar 2009-05-06 17:08 . 2009-05-06 17:13 -------- d-----w e:\program files\MSN Messenger 2009-05-06 16:43 . 2009-05-21 07:50 -------- d-----w e:\documents and settings\All Users\Application Data\Kwinzy 2009-05-06 16:43 . 2009-05-15 07:20 -------- d-----w e:\program files\Kwinzy 2009-04-25 12:15 . 2009-04-25 12:15 -------- d-----w e:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 22:10 . 2009-05-08 22:10 -------- d-----w e:\program files\Microsoft CAPICOM 2.1.0.2 2009-04-25 12:26 . 2008-12-17 09:10 -------- d-----w e:\program files\DAEMON Tools 2009-04-20 13:16 . 2009-01-12 19:11 14 ----a-w e:\windows\popcinfo.dat 2009-04-20 07:27 . 2009-03-16 13:01 -------- d-----w e:\program files\DU Meter 2009-04-06 18:07 . 2008-12-12 20:01 -------- d-----w e:\program files\TheSage 2009-03-06 14:00 . 2004-08-03 23:56 284160 ----a-w e:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-20_10.39.51 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-21 06:46 . 2009-05-21 06:46 16384 e:\windows\temp\Perflib_Perfdata_6e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="e:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072] "LightScribe Control Panel"="e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ACU"="e:\program files\Atheros\ACU.exe" [2007-10-23 376921] "SMSERIAL"="e:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336] "LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760] "UpdatePPShortCut"="e:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "Wireless Console 2"="e:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-04-01 36352] "NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "PCSuiteTrayApplication"="e:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "DAEMON Tools"="e:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2007-08-16 1626112] "RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.exe [2007-12-12 16859136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Nokia.PCSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] e:\documents and settings\Milenka\Start Menu\Programs\Startup\ WordWeb.lnk - e:\program files\WordWeb\wweb32.exe [2008-12-12 42168] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"= "e:\\Program Files\\Messenger\\msmsgs.exe"= "e:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "e:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [25.4.2009 14:15 114768] R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [25.4.2009 14:15 20560] R3 WSIMD;wsimd Service;e:\windows\system32\drivers\wsimd.sys [29.10.2008 18:24 57344] S2 Kwinzy Service;Kwinzy Service;e:\documents and settings\All Users\Application Data\Kwinzy\kwinzy117.exe [6.5.2009 18:46 54760] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;e:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "e:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-05-21 e:\windows\Tasks\Check Updates for Windows Live Toolbar.job - e:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39] 2009-05-21 e:\windows\Tasks\WGASetup.job - e:\windows\system32\KB905474\wgasetup.exe [2009-05-08 20:18] . . ------- Supplementary Scan ------- . IE: &Windows Live Search - e:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EE1F06F9-D363-464A-9545-C66672BC9612} = 81.93.85.152 81.93.85.132 FF - ProfilePath - e:\documents and settings\Milenka\Application Data\Mozilla\Firefox\Profiles\34vtlumg.default\ FF - prefs.js: browser.search.selectedEngine - YouTube Video Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/ FF - prefs.js: network.proxy.type - 4 FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-21 13:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-05-21 13:33 ComboFix-quarantined-files.txt 2009-05-21 11:33 ComboFix2.txt 2009-05-20 10:41 ComboFix3.txt 2009-03-13 17:15 Pre-Run: 16.195.698.688 bytes free Post-Run: 16.204.730.368 bytes free 162 --- E O F --- 2009-05-13 17:49

Profil

diarno Poslao: 21 Maj 2009 18:17 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I.. kakvo je sad stanje ?

Profil

milenka Poslao: 21 Maj 2009 19:39 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izgleda da je sve OK. Hvala ti

Profil

diarno Poslao: 23 Maj 2009 15:57 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » zarazen komp

Ko je trenutno na forumu

Ukupno su 901 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 856 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, Andrija357, Apok, babaroga, BlekMen, bojanM84, bojcistv, Bubimir, ccoogg123, cinoeye, dankisha, darios, Denaya, DragoslavS, Frunze, Georgius, Goran 0000, ILGromovnik, Još malo pa deda, kunktator, Lubica, MiG-29M2, mikrimaus, milenko crazy north, MilosKop, Mixelotti, nemkea71, NoOneEver Dreams, Pakito93, pein, RJ, Rogan33, royst33, sokars, Steeeefan, suton, t84dar, yrraf, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by