MyCity » Ambulanta -> Arhiva Ambulante » IE i tabovi, opet

IE i tabovi, opet

Napisano na dan: 1.12.2008

IE i tabovi, opet

Sledeća strana

Pagination

Odgovori

Delete Poslao: 01 Dec 2008 11:06 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet isti problem sa IE-om, kao i na ovoj temi http://www.mycity.rs/Arhiva-Ambulante/IE-otvara-no.....tml#839126 Nisam bila 10-ak dana kod kuce i ne znam da li je brat isao na neke sajtove pa "pokupio" nesto dok me nije bilo, ali ovo me je bas izbacilo iz takta. Evo log, pa da vidimo da li smo prevideli nesto prosli put ili ima neko cudo koje se vraca. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:56 AM, on 12/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\MP4 Player\mp4Player.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Documents and Settings\zerocool\Desktop\ambulantni folder\hiki1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw O4 - Startup: Nikon Monitor.lnk = ? O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6413 bytes

Profil

helen1 Poslao: 01 Dec 2008 12:13 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i mene opet: * Klikni desnim tasterom na Norton Antivirus ikonicu () u donjem, desnom uglu ekrana i izaberi Disable Auto Protect. * Zatim izaberi željeno trajanje (npr. 5 sati) i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------ Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Delete Poslao: 03 Dec 2008 20:19 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-30.01 - zerocool 2008-12-01 13:34:25.13 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254 [GMT 1:00] Running from: c:\documents and settings\zerocool\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Ati2evxx.dll . ((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 ))))))))))))))))))))))))))))))) . 2008-11-24 20:42 . 2008-11-24 20:42 <DIR> d-------- c:\program files\Combined Community Codec Pack 2008-11-24 20:01 . 2008-11-24 20:01 <DIR> d-------- c:\program files\MP4 Player 2008-11-24 20:01 . 2008-11-24 20:01 36 ---h----- c:\windows\system32\swk.ini 2008-11-18 01:05 . 2008-11-18 01:05 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-15 00:41 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys 2008-11-15 00:41 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys 2008-11-15 00:41 . 2008-11-15 00:41 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-15 00:41 . 2008-11-15 00:41 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-11-15 00:29 . 2008-11-15 00:53 <DIR> d-------- c:\documents and settings\zerocool\Application Data\PC Suite 2008-11-15 00:29 . 2008-11-15 00:52 <DIR> d-------- c:\documents and settings\zerocool\Application Data\Nokia 2008-11-15 00:29 . 2008-11-15 00:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite 2008-11-15 00:27 . 2008-11-15 00:27 <DIR> d-------- c:\program files\Common Files\PCSuite 2008-11-15 00:26 . 2008-11-15 00:26 <DIR> d-------- c:\program files\PC Connectivity Solution 2008-11-15 00:26 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-11-15 00:25 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll 2008-11-15 00:25 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2008-11-15 00:25 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-11-15 00:25 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2008-11-15 00:25 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys 2008-11-15 00:25 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2008-11-15 00:25 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2008-11-15 00:23 . 2008-11-15 00:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations 2008-11-06 19:15 . 2008-11-06 19:15 <DIR> d-------- C:\PSFONTS 2008-11-06 19:15 . 2008-11-06 19:15 <DIR> d-------- c:\program files\Adobe Type Manager 2008-11-06 19:15 . 1997-06-17 04:00 212,352 --a------ c:\windows\system32\ATMDRVR.DLL 2008-11-06 19:15 . 1997-06-17 04:00 4,064 --a------ c:\windows\system32\drivers\ATMHELPR.SYS 2008-11-06 19:14 . 2008-11-06 19:14 <DIR> d-------- C:\Acrobat3 2008-11-06 19:14 . 2008-11-15 22:52 2,616 --a------ c:\windows\ACROREAD.INI 2008-11-06 19:11 . 2008-11-06 19:13 <DIR> d-------- c:\program files\PhotoDeluxe HE 3.1 2008-11-06 19:11 . 2008-11-06 19:11 <DIR> d-------- c:\program files\ImageServer 2008-11-06 19:11 . 2008-11-06 19:11 <DIR> d-------- c:\program files\Common Files\Kodak 2008-11-06 18:54 . 1999-04-28 01:01 659,456 --a------ c:\windows\system32\ipeistor12.dll 2008-11-06 18:53 . 2008-11-06 18:53 <DIR> d-------- c:\program files\Hewlett-Packard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-01 12:32 --------- d-----w c:\documents and settings\zerocool\Application Data\uTorrent 2008-11-30 23:04 --------- d-----w c:\documents and settings\zerocool\Application Data\skypePM 2008-11-30 23:04 --------- d-----w c:\documents and settings\zerocool\Application Data\Skype 2008-11-30 19:45 --------- d-----w c:\documents and settings\zerocool\Application Data\mIRC 2008-11-30 19:17 --------- d-----w c:\program files\mIRC 2008-11-30 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\X3mE Yamb 2008-11-18 00:05 --------- d-----w c:\program files\Java 2008-11-14 23:27 --------- d-----w c:\program files\Nokia 2008-11-14 23:27 --------- d-----w c:\program files\Common Files\Nokia 2008-11-10 19:17 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 19:17 --------- d-----w c:\documents and settings\zerocool\Application Data\Samsung 2008-10-23 14:11 --------- d-----w c:\program files\YouTube Downloader 2008-10-23 13:48 --------- d-----w c:\documents and settings\zerocool\Application Data\LimeWire 2008-10-07 18:48 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-10-07 16:28 --------- d-----w c:\program files\Samsung 2008-10-06 09:49 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2008-10-04 13:04 --------- d-----w c:\program files\Skype 2008-10-04 13:04 --------- d-----w c:\program files\Common Files\Skype 2008-10-04 13:04 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-10-02 19:52 --------- d-----w c:\documents and settings\zerocool\Application Data\X3mE Yamb 2008-10-02 13:50 --------- d-----w c:\program files\Allok MP3 to AMR Converter 2008-10-02 13:48 2,368 ----a-w c:\windows\system32\SVKP.sys 2008-01-24 10:12 374 ----a-w c:\documents and settings\zerocool\Application Data\internaldb6334.dat 2008-01-24 10:11 555 ----a-w c:\documents and settings\zerocool\Application Data\internaldb8467.dat 2008-01-24 10:11 18,432 ----a-w c:\documents and settings\zerocool\Application Data\internaldb41.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NAV Agent"="c:\progra~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 50256] "WFXSwtch"="c:\progra~1\NORTON~1\WinFax\WFXSWTCH.exe" [2001-07-19 26624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 185896] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 136600] "WinFaxAppPortStarter"="wfxsnt40.exe" [2001-07-19 c:\windows\system32\WFXSNT40.EXE] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIVF"= DivX412.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm "VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [2008-11-06 4064] R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-10-02 2368] R3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\DRIVERS\KCIrNet.sys [2007-11-15 11856] R3 QDFSDRV;QDFSDRV;\??\c:\windows\system32\drivers\qdfsdrv.sys [2007-11-01 13792] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2007-10-15 61312] . Contents of the 'Scheduled Tasks' folder 2008-11-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 09:14] 2008-11-21 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files\Common Files\Symantec Shared\NMAIN.EXE [2001-07-24 16:35] 2008-12-01 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\zerocool\Application Data\Mozilla\Firefox\Profiles\gx5wm0rj.default\ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-01 13:38:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe c:\windows\system32\ntvdm.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************ . Completion time: 2008-12-01 13:48:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-01 12:48:46 ComboFix2.txt 2008-11-17 11:37:25 Pre-Run: 9,224,474,624 bytes free Post-Run: 9,182,302,208 bytes free 170 Dopuna: 03 Dec 2008 20:19 Veceras je poceo da otvara i nove prozore osim novih tabova.

Profil

helen1 Poslao: 04 Dec 2008 07:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A, da promenis browser? Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili

Profil

Delete Poslao: 04 Dec 2008 10:20 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U dva navrata mi je izbacilo ovo i u tom trenutku gmer prestane sa skeniranjem:

Profil

helen1 Poslao: 04 Dec 2008 16:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Dr.Web CureIt (~12 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

Profil

Delete Poslao: 04 Dec 2008 21:21 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\zerocool\Desktop\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\zerocool\Desktop;Archive contains infected objects;Moved.; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\zerocool\Desktop\asko\Nokia\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\zerocool\Desktop\asko\Nokia;Archive contains infected objects;Moved.; Professional_Script_v3_Light_Blue.exe\data151;C:\Documents and Settings\zerocool\Desktop\Svastara\skripte za mirc\ok\Professional_Script_v3_Light_Blue.exe;IRC.Generic.13;; Professional_Script_v3_Light_Blue.exe;C:\Documents and Settings\zerocool\Desktop\Svastara\skripte za mirc\ok;Archive contains infected objects;Moved.; mirc.exe;C:\Documents and Settings\zerocool\Desktop\Svastara\skripte za mirc\ok\[!] MaRiHuAnA [!];Program.mIRC.616;Incurable.Moved.; tmp170.tmp;C:\Documents and Settings\zerocool\Local Settings\temp;BackDoor.Tdss.30;Cured.; mirc.exe;C:\Documents and Settings\zerocool\My Documents\mirc;Program.mIRC.616;Incurable.Moved.; Uninstall.exe;C:\Program Files\Circle Developement;Trojan.Swizzor.based;Deleted.; minime.exe;C:\Program Files\DivoCodec;Trojan.Packed.149;Incurable.Moved.; AdmDll.dll;C:\Program Files\Radmin;Program.RemoteAdmin.21;Incurable.Moved.; raddrv.dll;C:\Program Files\Radmin;Program.RemoteAdmin;Incurable.Moved.; radmin.exe;C:\Program Files\Radmin;Program.RemoteAdmin;Incurable.Moved.; r_server.exe;C:\Program Files\Radmin;Program.RemoteAdmin;Incurable.Moved.; A0030669.exe\data010;C:\System Volume Information\_restore{6BC040C8-D0C5-4407-9FA5-9B0111624658}\RP42\A0030669.exe;Trojan.Swizzor;; A0030669.exe;C:\System Volume Information\_restore{6BC040C8-D0C5-4407-9FA5-9B0111624658}\RP42;Archive contains infected objects;Moved.; A0030670.exe\data012;C:\System Volume Information\_restore{6BC040C8-D0C5-4407-9FA5-9B0111624658}\RP42\A0030670.exe;Trojan.Packed.149;; A0030670.exe;C:\System Volume Information\_restore{6BC040C8-D0C5-4407-9FA5-9B0111624658}\RP42;Archive contains infected objects;Moved.; A0115385.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP388\A0115385.exe;Program.PsExec.171;; A0115385.exe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP388;Archive contains infected objects;Moved.; A0116704.EXE;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP401;Program.PsExec.170;Incurable.Moved.; A0116757.EXE;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP401;Program.PsExec.170;Incurable.Moved.; A0118051.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403\A0118051.exe;Program.PsExec.171;; A0118051.exe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403;Archive contains infected objects;Moved.; A0118052.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403\A0118052.exe;Program.PsExec.171;; A0118052.exe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403;Archive contains infected objects;Moved.; A0118053.exe\data151;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403\A0118053.exe;IRC.Generic.13;; A0118053.exe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403;Archive contains infected objects;Moved.; A0118054.exe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403;Trojan.Swizzor.based;Deleted.; A0118055.exe;C:\System Volume Information\_restore{C1FCD2FE-0B5C-4185-8FB6-396B35ACA697}\RP403;Trojan.Packed.149;Incurable.Moved.; admdll.dll;C:\WINDOWS\system32;Program.RemoteAdmin.21;Incurable.Moved.; raddrv.dll;C:\WINDOWS\system32;Program.RemoteAdmin;Incurable.Moved.; r_server.exe;C:\WINDOWS\system32;Program.RemoteAdmin;Incurable.Moved.; WWE_Script.exe\data008;D:\majmun\svastarija-stara\WWE_Script.exe;Program.mIRC.616;; WWE_Script.exe;D:\majmun\svastarija-stara;Archive contains infected objects;Moved.; Professional_Script_v3_Light_Blue.exe\data151;D:\majmun\desktop\desktop2007\muzika i torrenti\Professional_Script_v3_Light_Blue.exe;IRC.Generic.13;; Professional_Script_v3_Light_Blue.exe;D:\majmun\desktop\desktop2007\muzika i torrenti;Archive contains infected objects;Moved.; setupneoaudio.exe\data031;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Adware.nCase;; data032\data002;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe\data032;Adware.BargainBuddy;; data032\data003;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe\data032;Adware.BargainBuddy;; data032;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Archive contains infected objects;; data033\data134;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe\data033;Adware.TopMoxie;; data033\data136;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe\data033;Trojan.MoemoneyAd;; data033;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Archive contains infected objects;; data035\data013;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe\data035;Adware.Exact;; data035;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Archive contains infected objects;; setupneoaudio.exe\data036;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Adware.NewDotNet;; setupneoaudio.exe\data037;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Adware.NewDotNet;; setupneoaudio.exe\data039;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Adware.NewDotNet;; data040\data002;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe\data040;Adware.SideFind;; data040;D:\majmun\desktop\desktop2007\Programi\setupneoaudio.exe;Archive contains infected objects;; setupneoaudio.exe;D:\majmun\desktop\desktop2007\Programi;Archive contains infected objects;Moved.; SDFix.exe\SDFix\apps\Process.exe;D:\majmun\desktop\desktop2007\Programi\SDFix.exe;Tool.Prockill;; SDFix.exe;D:\majmun\desktop\desktop2007\Programi;Archive contains infected objects;Moved.;

Profil

helen1 Poslao: 06 Dec 2008 10:36 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovi problemi sa IE-om nemaju veze sa malwerom. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Sta dalje da radis sa IE-om ne znam da ti kazem.

Profil

Delete Poslao: 08 Dec 2008 10:38 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo novi log: ComboFix 08-12-06.06 - zerocool 2008-12-08 10:26:13.14 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.237 [GMT 1:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\iamfamous.dll c:\windows\system32\kdfgk.exe . ((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 ))))))))))))))))))))))))))))))) . 2008-12-04 16:54 . 2008-12-04 16:54 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb 2008-12-03 06:33 . 2008-12-03 06:33 <DIR> d-------- c:\program files\homeview 2008-12-03 06:32 . 2008-12-03 06:32 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys 2008-12-01 21:25 . 2004-08-03 23:10 38,016 --a------ c:\windows\system32\drivers\bthmodem.sys 2008-12-01 21:25 . 2004-08-03 23:10 38,016 --a--c--- c:\windows\system32\dllcache\bthmodem.sys 2008-12-01 21:23 . 2004-08-03 23:10 274,304 --a------ c:\windows\system32\drivers\bthport.sys 2008-12-01 21:23 . 2004-08-03 23:10 274,304 --a--c--- c:\windows\system32\dllcache\bthport.sys 2008-12-01 21:23 . 2004-08-03 22:58 100,992 --a------ c:\windows\system32\drivers\bthpan.sys 2008-12-01 21:23 . 2004-08-03 22:58 100,992 --a--c--- c:\windows\system32\dllcache\bthpan.sys 2008-12-01 21:23 . 2004-08-03 23:10 59,648 --a------ c:\windows\system32\drivers\rfcomm.sys 2008-12-01 21:23 . 2004-08-03 23:10 59,648 --a--c--- c:\windows\system32\dllcache\rfcomm.sys 2008-12-01 21:23 . 2004-08-03 23:10 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS 2008-12-01 21:23 . 2004-08-03 23:10 18,944 --a--c--- c:\windows\system32\dllcache\bthusb.sys 2008-12-01 21:23 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys 2008-12-01 21:23 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\bthenum.sys 2008-11-24 20:42 . 2008-11-24 20:42 <DIR> d-------- c:\program files\Combined Community Codec Pack 2008-11-24 20:01 . 2008-11-24 20:01 <DIR> d-------- c:\program files\MP4 Player 2008-11-24 20:01 . 2008-11-24 20:01 36 ---h----- c:\windows\system32\swk.ini 2008-11-18 01:05 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll 2008-11-15 00:41 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys 2008-11-15 00:41 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys 2008-11-15 00:41 . 2008-11-15 00:41 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-15 00:41 . 2008-11-15 00:41 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-11-15 00:29 . 2008-11-15 00:53 <DIR> d-------- c:\documents and settings\zerocool\Application Data\PC Suite 2008-11-15 00:29 . 2008-11-15 00:52 <DIR> d-------- c:\documents and settings\zerocool\Application Data\Nokia 2008-11-15 00:29 . 2008-11-15 00:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite 2008-11-15 00:27 . 2008-11-15 00:27 <DIR> d-------- c:\program files\Common Files\PCSuite 2008-11-15 00:26 . 2008-11-15 00:26 <DIR> d-------- c:\program files\PC Connectivity Solution 2008-11-15 00:26 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-11-15 00:25 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll 2008-11-15 00:25 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2008-11-15 00:25 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-11-15 00:25 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2008-11-15 00:25 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys 2008-11-15 00:25 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2008-11-15 00:25 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2008-11-15 00:23 . 2008-11-15 00:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-08 01:03 --------- d-----w c:\documents and settings\zerocool\Application Data\uTorrent 2008-12-07 21:59 --------- d-----w c:\documents and settings\zerocool\Application Data\mIRC 2008-12-07 19:49 --------- d-----w c:\program files\mIRC 2008-12-07 16:46 --------- d-----w c:\documents and settings\zerocool\Application Data\PlayFirst 2008-12-05 22:01 --------- d-----w c:\documents and settings\zerocool\Application Data\Skype 2008-12-05 20:55 --------- d-----w c:\documents and settings\zerocool\Application Data\skypePM 2008-12-04 20:11 --------- d-----w c:\program files\Radmin 2008-12-04 16:54 --------- d-----w c:\program files\DivoCodec 2008-12-04 16:43 --------- d-----w c:\program files\Circle Developement 2008-12-03 14:16 --------- d-----w c:\program files\Java 2008-12-02 11:00 --------- d-----w c:\program files\BFG 2008-11-30 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\X3mE Yamb 2008-11-14 23:27 --------- d-----w c:\program files\Nokia 2008-11-14 23:27 --------- d-----w c:\program files\Common Files\Nokia 2008-11-10 19:17 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 19:17 --------- d-----w c:\documents and settings\zerocool\Application Data\Samsung 2008-11-06 18:15 --------- d-----w c:\program files\Adobe Type Manager 2008-11-06 18:13 --------- d-----w c:\program files\PhotoDeluxe HE 3.1 2008-11-06 18:11 --------- d-----w c:\program files\ImageServer 2008-11-06 18:11 --------- d-----w c:\program files\Common Files\Kodak 2008-11-06 17:53 --------- d-----w c:\program files\Hewlett-Packard 2008-10-23 14:11 --------- d-----w c:\program files\YouTube Downloader 2008-10-23 13:48 --------- d-----w c:\documents and settings\zerocool\Application Data\LimeWire 2008-10-06 09:49 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2008-10-02 13:48 2,368 ----a-w c:\windows\system32\SVKP.sys 2008-01-24 10:12 374 ----a-w c:\documents and settings\zerocool\Application Data\internaldb6334.dat 2008-01-24 10:11 555 ----a-w c:\documents and settings\zerocool\Application Data\internaldb8467.dat 2008-01-24 10:11 18,432 ----a-w c:\documents and settings\zerocool\Application Data\internaldb41.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-01_13.40.19.80 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-30 22:01:43 819,200 ----a-w c:\windows\gmer.dll + 2008-12-04 08:52:12 884,736 ----a-w c:\windows\gmer.dll - 2008-01-18 19:31:10 757,760 ----a-w c:\windows\gmer.exe + 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe - 2008-01-30 22:01:43 85,713 ----a-w c:\windows\system32\drivers\gmer.sys + 2008-12-04 08:52:12 85,969 ----a-w c:\windows\system32\drivers\gmer.sys - 2008-11-18 00:05:31 144,792 ----a-w c:\windows\system32\java.exe + 2008-11-10 04:43:37 144,792 ----a-w c:\windows\system32\java.exe - 2008-11-18 00:05:31 144,792 ----a-w c:\windows\system32\javaw.exe + 2008-11-10 04:43:38 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-11-18 00:05:31 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-11-10 04:43:39 148,888 ----a-w c:\windows\system32\javaws.exe - 2008-11-29 20:10:44 68,404 ----a-w c:\windows\system32\perfc009.dat + 2008-12-03 19:47:50 68,404 ----a-w c:\windows\system32\perfc009.dat - 2008-11-29 20:10:44 435,760 ----a-w c:\windows\system32\perfh009.dat + 2008-12-03 19:47:50 435,760 ----a-w c:\windows\system32\perfh009.dat + 2008-12-08 09:30:34 16,384 ----atw c:\windows\temp\Perflib_Perfdata_784.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NAV Agent"="c:\progra~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 50256] "WFXSwtch"="c:\progra~1\NORTON~1\WinFax\WFXSWTCH.exe" [2001-07-19 26624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 185896] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "WinFaxAppPortStarter"="wfxsnt40.exe" [2001-07-19 c:\windows\system32\WFXSNT40.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl] c:\documents and settings\zerocool\Start Menu\Programs\Startup\ Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIVF"= DivX412.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm "VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"= R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [2008-11-06 4064] R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2007-11-01 135168] R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-10-02 2368] R3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\DRIVERS\KCIrNet.sys [2007-11-15 11856] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2007-10-15 61312] S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-03 27904] S3 QDFSDRV;QDFSDRV;\??\c:\windows\system32\drivers\qdfsdrv.sys [2007-11-01 13792] . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 09:14] 2008-12-05 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files\Common Files\Symantec Shared\NMAIN.EXE [2001-07-24 16:35] 2008-12-08 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23] . - - - - ORPHANS REMOVED - - - - HKLM-Run-c:\windows\system32\kdfgk.exe - c:\windows\system32\kdfgk.exe . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt c:\windows\Downloaded Program Files\IR159.txt c:\windows\Downloaded Program Files\IR149.txt c:\windows\Downloaded Program Files\IR148.txt c:\windows\Downloaded Program Files\IR144.txt c:\windows\Downloaded Program Files\IR14.txt c:\windows\Downloaded Program Files\IR138.txt c:\windows\Downloaded Program Files\IR13.txt c:\windows\Downloaded Program Files\IR127.txt c:\windows\Downloaded Program Files\IR126.txt c:\windows\Downloaded Program Files\IR110.txt c:\windows\Downloaded Program Files\IR109.txt c:\windows\Downloaded Program Files\IR101.txt c:\windows\Downloaded Program Files\IR100.txt c:\windows\Downloaded Program Files\dict.dat c:\windows\Downloaded Program Files\unicows.dll c:\windows\Downloaded Program Files\iiscomplib2.dll c:\windows\Downloaded Program Files\picn6320.dll c:\windows\Downloaded Program Files\picn9120.dll c:\windows\Downloaded Program Files\picn9020.dll c:\windows\Downloaded Program Files\picn20.dll c:\windows\Downloaded Program Files\AmiDicomDirTreeView21.ocx c:\windows\Downloaded Program Files\AmiViewerLite21.ocx O16 -: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab c:\windows\Downloaded Program Files\cdviewer.inf FireFox -: Profile - c:\documents and settings\zerocool\Application Data\Mozilla\Firefox\Profiles\gx5wm0rj.default\ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-08 10:30:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\ntvdm.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************ . Completion time: 2008-12-08 10:33:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-08 09:33:27 ComboFix2.txt 2008-12-01 12:48:54 ComboFix3.txt 2008-11-17 11:37:25 Pre-Run: 7,117,176,832 bytes free Post-Run: 7,080,861,696 bytes free 235

Profil

helen1 Poslao: 08 Dec 2008 14:06 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je cist. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Pozzz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » IE i tabovi, opet

Ko je trenutno na forumu

Ukupno su 1177 korisnika na forumu :: 38 registrovanih, 7 sakrivenih i 1132 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bojcistv, Boris BM, botta, CikaKURE, comi_pfc, d bos, doktor1964, doom83, Dvojac005, galerija, HrcAk47, krkalon, Kubovac, kybonacci, Leonov, Luka Blažević, MB120mm, Mi lao shu, mik7, Mikulino, Milos82, milutin134, Mlav, mocnijogurt, mrav pesadinac, nemkea71, nikoladim, opt1, Parker, procesor, RJ, shone34, stegonosa, tomigun, Trpe Grozni, vlajkox, žeks62, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by