MyCity » Ambulanta -> Arhiva Ambulante » Molim za pomoc

Molim za pomoc

Napisano na dan: 27.3.2010

Strana:
1
2

Molim za pomoc

Sledeća strana

Pagination

Odgovori

Strana:
1
2

blacksilhouette Poslao: 27 Mar 2010 18:40 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav ljudi, imam 2 problema sa racunarom 1 problem je: Pre nekolikoi dana dok sam bila na facebook pojavio se mi se iz cista mira XP Security centar kao Antivirus i nesto poceo da skenira pronasao je kao nekih 28 virusa ili sta vec Od andivirusa sam u tom periodu imala Avast profesional koji prilikom skeniranja nista nije pokazao. A onda sam restartovala komp i pojavio mi se plavi ekran gde je pisalo da mora da se nesto disabluje iz biosa, ali kako se ja u to ne razumem odmah sam odnela komp kod coveka koji mi je i postavio sistem, ali pre nego sto sam ga odnela ponovo sam ga restartovala cisto da vidim hoce li se isto desiti, medjutim sistem se podigao najnormalnije , taj problem se pojavio i kod coveka koji mi vrsio instalaciju sistema... jedino sto znam kako on rece bio je neki trojanac i ubacio mi je Malwarebytes' Anti-Malware, od tada kad ga ukljucim da skenira uvek nesto pronadje a izmedju ostalog i taj Security centar i kada posaljem u karantin onda mi iskace ona ikonica od Security centra sto me jako nervira , kad udjem u Security centar firewall je ON , Automatic update je OFF, a Virus protection je ON. I kada udjem u Change the way Security centar alerts me tamo je cekiran Firewall, ostalo je decekirano . Medjuti Avast je prestao da se sam radi update, pa sam ga nakon nekoliko dana deinstalirala i instalirala Aviru koja je nasla oko 38 virusa ( uradila sam print screen, pa ako treba i to vam mogu okaciti ) medjutim i pre Avire i posle komp mi radi radi bez problema ne koci, nista cudno se ne desava. 2 Problem Imam Total Commander, i preko njega koristim FTP pristup, jer se amaterski bavim izradom web sajtova za prijatelje, i prekjuce mi je prijateljica kojoj sam radila web prezentaciju javila da na njenom webu ima virusa kaze Nod je detektovao. kao browsver koristim mozzilu firefox koja mi nista nije prikazivala ali Google Chrom mi izbacuje neki pop up prozor sa nekim reklamama travian... a zatim mi se pojavi obavestenje da na tom sajtu ima neki maleware . Kada sam otvorila view page source pokazao mi je u dnu stranice neku skriptu sto znaci da je neko hakovao. Ja sam preko ftp obrisala index i home i postavila ponovo te stranice , kada sam iz browsvera ponovo pogledala web nije vise bilo te skripte ali i dalje otvara pop-up prozor i vezuje ga za travian, a onda je covek kod koga kupujem hosting promenio pasword i on postavio ponovo index i home stranicu i opet ista stvar .... Ovaj problem mi se pojavljuje kod cak 4 web sajta koji se nalaze kod razlicitih provajdera, neki u Ceskoj neki u Srbiji , medjutim cudno mi je i to sto imam jos sajtova koje odrzavam i tamo nije bilo te skripte, pa vise neznam gde je problem i sta da radim kada u mom racunaru je sa html kodom sve uredu a kada posaljem na server prijavi da ima malevare koji nikako nemogu da vidim a koji se vezuje sa tih nekoliko sajtova. I jos jedan podatak jedan sajt sam azurirala pre 2 meseca i on je zarazen, a 3 sam azurirala istog dana od koja su 2 zarazena a jedan nije. Molim za pomoc jer zaista vise neznam gde je problem i sta se desava , ali jedino sto mi pada na pamet da mi je neko hakovao total commander. Izvinite za tekst sto je predugacak ali mi se ucinilo da je sve jako vazno PS: pokusala sam Gmer i jako mi je dugo skenirao ali kada hocu da snimim onda se racunar blokira i nece da ga snimi DDS (Ver_10-03-17.01) - NTFSx86 Run by Goran at 23:07:20.42 on Fri 03/26/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1209 [GMT 1:00] AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe C:\Documents and Settings\Goran\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Google Update] "c:\documents and settings\goran\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\goran\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\goran\applic~1\mozilla\firefox\profiles\vqm6ocem.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=RfwXD0hH0_yfVz.W9XH1uw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\goran\application data\mozilla\firefox\profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll FF - plugin: c:\documents and settings\goran\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-26 11608] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-26 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-26 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 55656] R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176] RUnknown SASENUM;SASENUM; [x] RUnknown SASKUTIL;SASKUTIL; [x] S0 vvhslws;vvhslws; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-15 1684736] UnknownUnknown SASDIFSV;SASDIFSV; [x] =============== Created Last 30 ================ 2010-03-26 19:57:47 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-03-26 19:57:42 0 d-----w- c:\program files\SUPERAntiSpyware 2010-03-26 19:57:42 0 d-----w- c:\docume~1\goran\applic~1\SUPERAntiSpyware.com 2010-03-26 00:42:50 0 d-----w- c:\program files\Avira 2010-03-26 00:42:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-03-19 20:28:59 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2010-03-17 17:23:39 0 d-----w- c:\docume~1\goran\applic~1\Malwarebytes 2010-03-17 17:23:36 38224 begin_of_the_skype_highlighting 36 38224 end_of_the_skype_highlighting begin_of_the_skype_highlighting 36 38224 end_of_the_skype_highlighting ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-17 17:23:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-17 17:23:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-17 17:23:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-17 16:45:33 77312 ----a-w- c:\windows\MBR.exe 2010-03-17 16:45:32 98816 ----a-w- c:\windows\sed.exe 2010-03-17 16:45:32 261632 ----a-w- c:\windows\PEV.exe 2010-03-17 16:45:32 161792 ----a-w- c:\windows\SWREG.exe 2010-03-16 14:29:59 65296 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-16 14:26:43 0 d-----w- c:\program files\Bonjour 2010-03-11 14:07:20 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2010-03-11 14:07:18 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2010-03-11 14:07:12 0 d-----w- c:\windows\Logs 2010-03-11 14:06:52 0 d-----w- c:\program files\Winamp Detect 2010-03-02 16:23:58 0 d-----w- c:\docume~1\goran\applic~1\FVZilla 2010-03-02 16:23:52 0 d-----w- c:\program files\Free Video Zilla ==================== Find3M ==================== 2010-02-12 12:58:48 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe ============= FINISH: 23:07:42.37 =============== mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 27 Mar 2010 19:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

blacksilhouette Poslao: 27 Mar 2010 20:00 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! da li sada da zatvorim notpade i da li da restartujem PC ? ComboFix 10-03-26.02 - Goran 03/27/2010 19:52:48.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1627 [GMT 1:00] Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\fjhdyfhsn.bat . ((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 ))))))))))))))))))))))))))))))) . 2010-03-27 00:49 . 2009-07-21 13:40 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2010-03-27 00:49 . 2009-06-03 15:26 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2010-03-27 00:49 . 2009-04-09 09:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2010-03-27 00:49 . 2009-02-13 15:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2010-03-27 00:49 . 2008-12-05 10:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll 2010-03-27 00:48 . 2010-03-27 00:48 -------- d-----w- c:\program files\Common Files\Skype 2010-03-27 00:45 . 2010-03-27 00:45 1481488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-03-26 19:57 . 2010-03-26 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-26 19:57 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\Goran\Application Data\SUPERAntiSpyware.com 2010-03-26 19:57 . 2010-03-26 21:17 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-26 00:42 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-03-26 00:42 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-03-26 00:42 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\program files\Avira 2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\Goran\Application Data\Malwarebytes 2010-03-17 17:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-17 17:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-17 16:14 . 2010-03-23 08:59 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\avG 2010-03-16 14:29 . 2010-03-16 14:29 65296 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-16 14:26 . 2010-03-16 14:26 -------- d-----w- c:\program files\Bonjour 2010-03-14 14:10 . 2010-03-24 21:20 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\Temp 2010-03-11 14:07 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2010-03-11 14:07 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2010-03-11 14:07 . 2010-03-11 14:07 -------- d-----w- c:\windows\Logs 2010-03-11 14:06 . 2010-03-11 14:06 -------- d-----w- c:\program files\Winamp Detect 2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\documents and settings\Goran\Application Data\FVZilla 2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\program files\Free Video Zilla . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-27 18:47 . 2009-08-16 10:41 -------- d-----w- c:\documents and settings\Goran\Application Data\Skype 2010-03-27 15:01 . 2009-08-16 10:43 -------- d-----w- c:\documents and settings\Goran\Application Data\skypePM 2010-03-27 09:21 . 2009-10-14 13:03 -------- d-----w- c:\program files\BitComet 2010-03-27 02:31 . 2009-10-14 13:17 -------- d-----w- c:\program files\CometBird 2010-03-27 00:50 . 2009-08-16 20:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-21 14:54 . 2009-09-15 09:21 45 ----a-w- c:\windows\popcinfo.dat 2010-03-19 20:28 . 2010-03-19 20:28 8 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat 2010-03-17 14:28 . 2009-10-19 23:25 -------- d-----w- c:\documents and settings\Goran\Application Data\Incredible Ink 2010-03-17 14:09 . 2010-03-17 14:09 12 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcdyt.dat 2010-03-16 14:29 . 2010-02-12 07:43 -------- d-----w- c:\documents and settings\Goran\Application Data\Apple Computer 2010-03-16 14:15 . 2010-02-23 16:28 -------- d-----w- c:\program files\Opera 2010-03-11 14:07 . 2009-08-15 10:16 -------- d-----w- c:\program files\Winamp 2010-02-25 09:54 . 2010-02-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-02-24 19:47 . 2010-02-24 19:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-02-24 18:29 . 2010-02-24 18:29 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-02-24 18:27 . 2010-02-24 16:10 1923880 ----a-w- c:\documents and settings\Goran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-02-24 13:32 . 2009-09-23 00:11 -------- d-----w- c:\program files\RealArcade 2010-02-24 13:20 . 2009-08-16 19:03 -------- d-----w- c:\program files\Macromedia 2010-02-24 13:20 . 2009-08-15 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-18 22:50 . 2010-02-18 22:50 -------- d-----w- c:\program files\Engleski 2010-02-14 22:34 . 2010-02-14 22:34 1437696 ----a-w- c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll 2010-02-14 22:34 . 2010-02-14 22:34 -------- d-----w- c:\program files\CometMarks 2010-02-12 12:58 . 2010-02-12 12:58 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 07:35 . 2009-10-18 12:20 -------- d-----w- c:\documents and settings\Goran\Application Data\PC Suite 2010-02-09 19:50 . 2009-08-15 09:49 88512 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-04 17:46 . 2010-02-09 14:12 52224 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll 2010-02-04 17:46 . 2010-02-09 14:12 101376 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll 2010-01-29 11:23 . 2010-01-29 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-01-21 17:01 . 2010-01-21 17:01 128 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((( SnapShot@2010-03-17_16.57.52 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll - 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll - 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll - 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll - 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll - 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll - 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll - 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll - 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll - 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll - 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll - 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll - 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll - 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll - 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2010-03-27 18:48 . 2010-03-27 18:48 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat + 2010-03-26 00:42 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys - 2009-08-15 09:46 . 2010-03-17 15:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-08-15 09:46 . 2010-03-19 20:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-08-15 09:46 . 2010-03-19 20:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-08-15 09:46 . 2010-03-17 15:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-03-19 20:28 . 2010-03-19 20:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll - 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2010-03-27 00:48 . 2010-03-27 00:48 700416 c:\windows\Installer\1177f.msi + 2010-03-27 00:48 . 2010-03-27 00:48 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe - 2009-10-02 18:45 . 2009-10-02 18:45 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll - 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll - 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2010-03-27 00:48 . 2010-03-27 00:48 1575936 c:\windows\Installer\11775.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] "BitComet"="c:\program files\BitComet\BitComet.exe" [2009-09-24 2768696] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520] "Google Update"="c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-14 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Goran\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "8144:TCP"= 8144:TCP:BitComet 8144 TCP "8144:UDP"= 8144:UDP:BitComet 8144 UDP R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 3:50 PM 61424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 1:42 AM 108289] R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [4/8/2005 9:46 AM 162176] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2010 1:58 PM 685816] S0 vvhslws;vvhslws; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/15/2009 11:04 AM 1684736] . Contents of the 'Scheduled Tasks' folder 2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003Core.job - c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10] 2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003UA.job - c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=RfwXD0hH0_yfVz.W9XH1uw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll FF - plugin: c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . *********************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1614895754-838170752-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B53329D-D4E4-A282-D395-B6CF193DBA77}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaopppengbbkgnmekm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e, 70,62,00,f2 "haipfdcfmbpppcpm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e, 70,62,00,f2 "eaacmjoged"=hex:61,61,00,7c "eagpclefbf"=hex:61,61,00,7c . Completion time: 2010-03-27 19:56:32 ComboFix-quarantined-files.txt 2010-03-27 18:56 ComboFix2.txt 2010-03-17 17:19 ComboFix3.txt 2010-03-17 17:02 Pre-Run: 18,162,040,832 bytes free Post-Run: 18,168,897,536 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - A9A34F0697A66BF7B8B6E273894402A3

Profil

helen1 Poslao: 27 Mar 2010 20:41 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: vvhslws Firefox:: FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=RfwXD0hH0_yfVz.W9XH1uw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

blacksilhouette Poslao: 27 Mar 2010 21:00 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-03-26.02 - Goran 03/27/2010 20:49:33.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1627 [GMT 1:00] Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Goran\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VVHSLWS -------\Service_vvhslws ((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 ))))))))))))))))))))))))))))))) . 2010-03-27 00:49 . 2009-07-21 13:40 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2010-03-27 00:49 . 2009-06-03 15:26 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2010-03-27 00:49 . 2009-04-09 09:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2010-03-27 00:49 . 2009-02-13 15:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2010-03-27 00:49 . 2008-12-05 10:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll 2010-03-27 00:48 . 2010-03-27 00:48 -------- d-----w- c:\program files\Common Files\Skype 2010-03-27 00:45 . 2010-03-27 00:45 1481488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-03-26 19:57 . 2010-03-26 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-26 19:57 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\Goran\Application Data\SUPERAntiSpyware.com 2010-03-26 19:57 . 2010-03-26 21:17 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-26 00:42 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-03-26 00:42 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-03-26 00:42 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\program files\Avira 2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\Goran\Application Data\Malwarebytes 2010-03-17 17:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-17 17:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-17 16:14 . 2010-03-23 08:59 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\avG 2010-03-16 14:29 . 2010-03-16 14:29 65296 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-16 14:26 . 2010-03-16 14:26 -------- d-----w- c:\program files\Bonjour 2010-03-14 14:10 . 2010-03-24 21:20 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\Temp 2010-03-11 14:07 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2010-03-11 14:07 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2010-03-11 14:07 . 2010-03-11 14:07 -------- d-----w- c:\windows\Logs 2010-03-11 14:06 . 2010-03-11 14:06 -------- d-----w- c:\program files\Winamp Detect 2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\documents and settings\Goran\Application Data\FVZilla 2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\program files\Free Video Zilla . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-27 19:55 . 2009-08-16 10:41 -------- d-----w- c:\documents and settings\Goran\Application Data\Skype 2010-03-27 19:27 . 2009-10-14 13:03 -------- d-----w- c:\program files\BitComet 2010-03-27 15:01 . 2009-08-16 10:43 -------- d-----w- c:\documents and settings\Goran\Application Data\skypePM 2010-03-27 02:31 . 2009-10-14 13:17 -------- d-----w- c:\program files\CometBird 2010-03-27 00:50 . 2009-08-16 20:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-21 14:54 . 2009-09-15 09:21 45 ----a-w- c:\windows\popcinfo.dat 2010-03-19 20:28 . 2010-03-19 20:28 8 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat 2010-03-17 14:28 . 2009-10-19 23:25 -------- d-----w- c:\documents and settings\Goran\Application Data\Incredible Ink 2010-03-17 14:09 . 2010-03-17 14:09 12 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcdyt.dat 2010-03-16 14:29 . 2010-02-12 07:43 -------- d-----w- c:\documents and settings\Goran\Application Data\Apple Computer 2010-03-16 14:15 . 2010-02-23 16:28 -------- d-----w- c:\program files\Opera 2010-03-11 14:07 . 2009-08-15 10:16 -------- d-----w- c:\program files\Winamp 2010-02-25 09:54 . 2010-02-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-02-24 19:47 . 2010-02-24 19:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-02-24 18:29 . 2010-02-24 18:29 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-02-24 18:27 . 2010-02-24 16:10 1923880 ----a-w- c:\documents and settings\Goran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-02-24 13:32 . 2009-09-23 00:11 -------- d-----w- c:\program files\RealArcade 2010-02-24 13:20 . 2009-08-16 19:03 -------- d-----w- c:\program files\Macromedia 2010-02-24 13:20 . 2009-08-15 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-18 22:50 . 2010-02-18 22:50 -------- d-----w- c:\program files\Engleski 2010-02-14 22:34 . 2010-02-14 22:34 1437696 ----a-w- c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll 2010-02-14 22:34 . 2010-02-14 22:34 -------- d-----w- c:\program files\CometMarks 2010-02-12 12:58 . 2010-02-12 12:58 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 07:35 . 2009-10-18 12:20 -------- d-----w- c:\documents and settings\Goran\Application Data\PC Suite 2010-02-09 19:50 . 2009-08-15 09:49 88512 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-04 17:46 . 2010-02-09 14:12 52224 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll 2010-02-04 17:46 . 2010-02-09 14:12 101376 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll 2010-01-29 11:23 . 2010-01-29 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-01-21 17:01 . 2010-01-21 17:01 128 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((( SnapShot_2010-03-27_18.55.16 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-27 19:54 . 2010-03-27 19:54 16384 c:\windows\temp\Perflib_Perfdata_26c.dat + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2009-08-15 09:39 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2009-08-15 09:39 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-03-27 19:46 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2009-08-15 09:39 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2009-08-15 09:39 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 11:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 11:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2009-08-15 09:39 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2009-08-15 09:39 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2009-08-15 09:39 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll + 2009-08-15 09:39 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2009-08-15 09:39 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2009-08-15 09:39 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2009-08-15 09:39 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2009-08-15 09:39 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] "BitComet"="c:\program files\BitComet\BitComet.exe" [2009-09-24 2768696] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520] "Google Update"="c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-14 135664] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Goran\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "8144:TCP"= 8144:TCP:BitComet 8144 TCP "8144:UDP"= 8144:UDP:BitComet 8144 UDP R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2010 1:58 PM 685816] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 3:50 PM 61424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 1:42 AM 108289] R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [4/8/2005 9:46 AM 162176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/15/2009 11:04 AM 1684736] . Contents of the 'Scheduled Tasks' folder 2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003Core.job - c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10] 2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003UA.job - c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll FF - plugin: c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . *********************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1614895754-838170752-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B53329D-D4E4-A282-D395-B6CF193DBA77}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaopppengbbkgnmekm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e, 70,62,00,f2 "haipfdcfmbpppcpm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e, 70,62,00,f2 "eaacmjoged"=hex:61,61,00,7c "eagpclefbf"=hex:61,61,00,7c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2696) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\msiexec.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\windows\System32\PAStiSvc.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\Microsoft ActiveSync\Wcescomm.exe c:\program files\Skype\Phone\Skype.exe c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Skype\Toolbars\Shared\SkypeNames2.exe . ************************************************************************* . Completion time: 2010-03-27 20:57:37 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-27 19:57 ComboFix2.txt 2010-03-27 18:56 ComboFix3.txt 2010-03-17 17:19 ComboFix4.txt 2010-03-17 17:02 Pre-Run: 18,163,892,224 bytes free Post-Run: 18,018,304,000 bytes free - - End Of File - - F739219D180D72B82F5EF7F4ABE2BA99

Profil

helen1 Poslao: 27 Mar 2010 22:52 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imas li sada problema?

Profil

blacksilhouette Poslao: 31 Mar 2010 00:21 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 27 Mar 2010 23:21 Ne primecujem nikakav problem za sada , testiracu u narednih nekoliko dana ako nesto primetim javljam vam se , samo jos da resim problem sa nevidljivim skriptama ili ko zna cime na sajtovima i sve ce biti savrseno Hvala puno na brzoj pomoci, najvaznije je da mi niko ne hakuje FTP u total commander. Dopuna: 31 Mar 2010 0:21 Upomoc , moj PC idalje se normalno ponasa ali evo sta mi je nasao stinger sta da radim? Ljudi pomagajte , prikacicu vam fajl mycity.rs/must-login.png

Profil

helen1 Poslao: 31 Mar 2010 00:26 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sto skeniras tim stingerom, koristi AV redovan.

Profil

blacksilhouette Poslao: 31 Mar 2010 00:28 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sada imam aviru , mislila si na Avast?

Profil

helen1 Poslao: 31 Mar 2010 01:34 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislio sam na Stinger, McAfee Stinger. Sto si sa njim skenirao? Jel javlja Avira nesto?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim za pomoc

Ko je trenutno na forumu

Ukupno su 846 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 842 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: draggan, MilosKop, Shilok, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by