MyCity » Ambulanta -> Arhiva Ambulante » Pomoc ne znam sta je

Pomoc ne znam sta je

Napisano na dan: 11.11.2009

Strana:
1
2

Pomoc ne znam sta je

Sledeća strana

Pagination

Odgovori

Strana:
1
2

gorance Poslao: 11 Nov 2009 22:49 Idi na vrh
offline gorance Građanin Pridružio: 10 Maj 2005 Poruke: 273 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nece da mi dozvoli da vidim skrivene fajlove.Kad uradim Tools-Folder option-View-Show hiden files and folders-Apply on samo izadje i ne otvori skrivene fajlove.Evo fajlovi koje trazite za proveru.Hvala unapred. [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

helen1 Poslao: 11 Nov 2009 22:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8653 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, nisi mi postavio DDS log. postavi ga.

Profil

gorance Poslao: 11 Nov 2009 22:52 Idi na vrh
offline gorance Građanin Pridružio: 10 Maj 2005 Poruke: 273 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo i dds [Link mogu videti samo ulogovani korisnici] DDS (Ver_09-10-26.01) - NTFSx86 Run by GORANCE at 22:38:02.54 on Wed 11/11/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.529 [GMT 1:00] AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Sygate Personal Firewall enabled {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Free Download Manager\FUM\fumoei.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\GORANCE\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Page = uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchAssistant = mSearchAssistant = BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Free Uploader Oe Integration] c:\program files\free download manager\fum\fumoei.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [IE Privacy Keeper] "c:\program files\unh solutions\ie privacy keeper\IEPrivacyKeeper.exe" -startup mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download all with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\free download manager\dlall.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download selected with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\free download manager\dllink.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\free download manager\fum\fumiebtn.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici] TCP: {05090535-139C-492D-8339-C438BE9B03A5} = 212.124.160.1,82.117.194.2 TCP: {1C324343-A816-476C-ADED-701895CD52AA} = 212.124.160.1,82.117.194.2 Notify: PCANotify - PCANotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\gorance\applic~1\mozilla\firefox\profiles\dxwpyqaj.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960] R3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [2007-5-30 86144] R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2008-12-28 62824] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-13 27632] S2 yzbiixo;yzbiixo;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-10-13 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-10-13 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-10-13 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-10-13 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-10-13 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-10-13 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-10-13 115752] =============== Created Last 30 ================ 2009-11-11 21:29:44 0 d-----w- c:\program files\Ask.com 2009-11-11 21:28:59 0 d-----w- c:\program files\The KMPlayer 2009-11-11 20:57:59 0 d-----w- c:\program files\Webteh 2009-11-05 23:43:50 21900 ----a-w- c:\windows\system32\x 2009-10-25 22:08:08 0 d-----w- c:\program files\ESET 2009-10-25 22:04:41 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys 2009-10-25 22:04:40 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys 2009-10-25 22:04:40 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys 2009-10-25 22:04:40 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys 2009-10-25 22:04:39 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys 2009-10-25 22:04:39 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys 2009-10-25 22:04:33 83096 ----a-w- c:\windows\system32\SSSensor.dll 2009-10-25 22:04:29 0 d-----w- c:\program files\Sygate 2009-10-23 19:32:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Rising 2009-10-21 17:25:27 0 d-----w- c:\program files\common files\xing shared 2009-10-15 16:52:37 0 d-----w- c:\program files\USDownloader-Lite 2009-10-14 20:20:08 0 d-----w- c:\docume~1\gorance\applic~1\M3 2009-10-14 20:17:52 0 d-----w- c:\program files\M3 2009-10-12 23:01:09 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys 2009-10-12 23:00:36 115752 ----a-w- c:\windows\system32\drivers\s0016unic.sys 2009-10-12 23:00:36 10792 ----a-w- c:\windows\system32\drivers\s0016cr.sys 2009-10-12 23:00:35 114216 ----a-w- c:\windows\system32\drivers\s0016mgmt.sys 2009-10-12 23:00:35 110632 ----a-w- c:\windows\system32\drivers\s0016obex.sys 2009-10-12 23:00:34 25512 ----a-w- c:\windows\system32\drivers\s0016nd5.sys 2009-10-12 23:00:33 89256 ----a-w- c:\windows\system32\drivers\s0016bus.sys 2009-10-12 23:00:33 15016 ----a-w- c:\windows\system32\drivers\s0016mdfl.sys 2009-10-12 23:00:33 12200 ----a-w- c:\windows\system32\drivers\s0016whnt.sys 2009-10-12 23:00:33 12200 ----a-w- c:\windows\system32\drivers\s0016wh.sys 2009-10-12 23:00:33 12200 ----a-w- c:\windows\system32\drivers\s0016cmnt.sys 2009-10-12 23:00:33 12200 ----a-w- c:\windows\system32\drivers\s0016cm.sys 2009-10-12 23:00:33 120744 ----a-w- c:\windows\system32\drivers\s0016mdm.sys 2009-10-12 22:46:29 0 d-----w- c:\program files\common files\Sony Shared 2009-10-12 22:38:22 0 d-----w- c:\windows\system32\LogFiles 2009-10-12 22:36:49 0 d-----w- c:\program files\Sony Setup 2009-10-12 22:26:09 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-12 22:26:09 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys ==================== Find3M ==================== 2009-10-21 17:25:07 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-21 17:25:07 348160 ----a-w- c:\windows\system32\msvcr71.dll ============= FINISH: 22:38:29.29 ===============

Profil

helen1 Poslao: 11 Nov 2009 22:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8653 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

gorance Poslao: 11 Nov 2009 23:15 Idi na vrh
offline gorance Građanin Pridružio: 10 Maj 2005 Poruke: 273 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo i ovo sam zavrsio [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] ComboFix 09-11-11.02 - GORANCE 11/11/2009 23:02.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.533 [GMT 1:00] Running from: c:\documents and settings\GORANCE\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Sygate Personal Firewall enabled {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\GORANCE\Local Settings\Temporary Internet Files\udRemove.exe C:\Microsoft . ((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 ))))))))))))))))))))))))))))))) . 2009-11-11 21:29 . 2009-11-11 21:29 -------- d-----w- c:\program files\Ask.com 2009-11-11 21:28 . 2009-11-11 21:29 -------- d-----w- c:\program files\The KMPlayer 2009-11-11 20:57 . 2009-11-11 20:57 -------- d-----w- c:\program files\Webteh 2009-10-25 22:08 . 2009-11-11 21:15 -------- d-----w- c:\program files\ESET 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys 2009-10-25 22:04 . 2004-10-15 17:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys 2009-10-25 22:04 . 2004-10-15 17:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys 2009-10-25 22:04 . 2004-10-15 17:32 83096 ----a-w- c:\windows\system32\SSSensor.dll 2009-10-25 22:04 . 2009-11-11 21:15 -------- d-----w- c:\program files\Sygate 2009-10-25 19:26 . 2009-10-25 19:28 -------- d-----w- c:\program files\QuickTime 2009-10-25 19:26 . 2009-10-25 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-10-25 19:25 . 2009-10-25 19:25 -------- d-----w- c:\program files\Common Files\Apple 2009-10-25 19:25 . 2009-10-25 19:25 -------- d-----w- c:\program files\Apple Software Update 2009-10-25 19:25 . 2009-10-25 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-10-25 18:21 . 2009-10-25 18:21 152576 ----a-w- c:\documents and settings\GORANCE\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-23 19:32 . 2009-10-23 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Rising 2009-10-21 17:25 . 2009-10-21 17:25 -------- d-----w- c:\program files\Common Files\xing shared 2009-10-15 16:52 . 2009-10-21 18:34 -------- d-----w- c:\program files\USDownloader-Lite 2009-10-14 20:23 . 2008-09-17 09:19 1093632 ----a-w- c:\documents and settings\GORANCE\Application Data\M3\Nero\neroAacEnc.exe 2009-10-14 20:20 . 2009-10-14 21:19 -------- d-----w- c:\documents and settings\GORANCE\Application Data\M3 2009-10-14 20:17 . 2009-10-14 20:18 -------- d-----w- c:\program files\M3 2009-10-13 20:39 . 2009-10-13 20:39 -------- d-----w- c:\documents and settings\GORANCE\Application Data\Sony 2009-10-13 20:39 . 2009-10-13 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-10-12 23:02 . 2009-10-12 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-10-12 23:01 . 2008-01-09 09:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys 2009-10-12 23:00 . 2008-05-16 10:33 115752 ----a-w- c:\windows\system32\drivers\s0016unic.sys 2009-10-12 23:00 . 2008-05-16 10:33 10792 ----a-w- c:\windows\system32\drivers\s0016cr.sys 2009-10-12 23:00 . 2008-05-16 10:33 114216 ----a-w- c:\windows\system32\drivers\s0016mgmt.sys 2009-10-12 23:00 . 2008-05-16 10:33 110632 ----a-w- c:\windows\system32\drivers\s0016obex.sys 2009-10-12 23:00 . 2008-05-16 10:33 25512 ----a-w- c:\windows\system32\drivers\s0016nd5.sys 2009-10-12 23:00 . 2008-05-16 10:33 15016 ----a-w- c:\windows\system32\drivers\s0016mdfl.sys 2009-10-12 23:00 . 2008-05-16 10:33 89256 ----a-w- c:\windows\system32\drivers\s0016bus.sys 2009-10-12 23:00 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016whnt.sys 2009-10-12 23:00 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016wh.sys 2009-10-12 23:00 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016cmnt.sys 2009-10-12 23:00 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016cm.sys 2009-10-12 23:00 . 2008-05-16 10:33 120744 ----a-w- c:\windows\system32\drivers\s0016mdm.sys 2009-10-12 22:58 . 2009-10-13 20:39 -------- d-----w- c:\documents and settings\GORANCE\Local Settings\Application Data\Sony 2009-10-12 22:46 . 2009-10-12 22:46 -------- d-----w- c:\program files\Common Files\Sony Shared 2009-10-12 22:38 . 2009-10-12 22:39 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-10-12 22:38 . 2009-10-12 22:38 -------- d-----w- c:\windows\system32\LogFiles 2009-10-12 22:36 . 2009-10-12 22:36 -------- d-----w- c:\program files\Sony Setup 2009-10-12 22:26 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-12 22:26 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 22:08 . 2009-04-28 23:20 -------- d-----w- c:\documents and settings\GORANCE\Application Data\DMCache 2009-11-11 22:06 . 2007-05-30 22:37 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2009-11-11 21:11 . 2009-05-22 23:07 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-11-10 23:43 . 2008-10-13 22:29 -------- d-----w- c:\documents and settings\GORANCE\Application Data\AIMP 2009-10-25 18:22 . 2007-09-02 00:54 -------- d-----w- c:\program files\Java 2009-10-21 17:25 . 2009-09-29 20:29 -------- d-----w- c:\program files\Common Files\Real 2009-10-21 17:25 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-21 17:25 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-12 22:59 . 2007-05-30 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-07 21:43 . 2009-10-07 21:41 -------- d-----w- c:\program files\Opera 2009-10-06 22:31 . 2009-03-29 16:54 -------- d-----w- c:\documents and settings\GORANCE\Application Data\Skype 2009-10-06 20:53 . 2009-04-28 23:27 -------- d-----w- c:\documents and settings\GORANCE\Application Data\IDM 2009-09-29 20:29 . 2009-09-29 20:29 -------- d-----w- c:\program files\Real 2009-09-16 21:23 . 2009-09-16 21:23 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-11 06:26 . 2009-09-11 06:26 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-09-11 06:23 . 2009-09-11 06:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-09-11 06:17 . 2009-09-11 06:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-08-26 17:41 . 2009-08-26 17:41 152576 ----a-w- c:\documents and settings\GORANCE\Application Data\Sun\Java\jre1.6.0_15\lzma.dll . Files Infected - Patched c:\windows\system32\NeroCheck.exe ... hex repaired c:\program files\Free Download Manager\FUM\fumoei.exe ... hex repaired c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe ... hex repaired . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2009-11-11 40960] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2009-11-11 962560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-11-11 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-6 657168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-05-29 09:00 8704 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 07:23 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 07:26 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 07:24 735960] R3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [5/30/2007 20:44 86144] R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [12/28/2008 22:19 62824] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [10/13/2009 00:01 27632] S2 yzbiixo;yzbiixo;c:\windows\system32\svchost.exe -k netsvcs [12/31/2002 13:00 14336] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [10/13/2009 00:00 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [10/13/2009 00:00 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [10/13/2009 00:00 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [10/13/2009 00:00 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [10/13/2009 00:00 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [10/13/2009 00:00 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [10/13/2009 00:00 115752] --- Other Services/Drivers In Memory --- NewlyCreated - MBR NewlyCreated - PROCEXP113 NewlyCreated - ROOTREPEAL Deregistered - mbr Deregistered - PROCEXP113 Deregistered - rootrepeal HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yzbiixo [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-11-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download all with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download selected with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll TCP: {05090535-139C-492D-8339-C438BE9B03A5} = 212.124.160.1,82.117.194.2 TCP: {1C324343-A816-476C-ADED-701895CD52AA} = 212.124.160.1,82.117.194.2 FF - ProfilePath - c:\documents and settings\GORANCE\Application Data\Mozilla\Firefox\Profiles\dxwpyqaj.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\documents and settings\GORANCE\Desktop\guty\HijackThis.exe AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-11-11 23:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Link mogu videti samo ulogovani korisnici] device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D91F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x867d91f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK PE file found in sector at 0x098A4272 ! Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-117609710-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1124d175-584e-4115-b6c1-9c71970e069a}] @Denied: (Full) (Everyone) "Model"=dword:000000f2 "Therad"=dword:0000001d "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ae,95,aa,4d,03,b3,b8,fb,5d,0b,ed,45,8c,ed,11,19,9b,14,c5,eb,9a, 36,34,7f,c4,1b,a3,95,5b,f6,0b,c3,76,2e,da,c4,c5,d2,39,44,00,00,00,00,00,00,\ . Completion time: 2009-11-11 23:10 ComboFix-quarantined-files.txt 2009-11-11 22:10 Pre-Run: 27,621,326,848 bytes free Post-Run: 27,607,744,512 bytes free - - End Of File - - 2352596A1C330B35D3DDFE3786A494D6

Profil

helen1 Poslao: 11 Nov 2009 23:34 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8653 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li je racunar usporen i da li se vrsi redirekcija sajtova? --------- Preuzmite program GMER sa donjeg linka na Desktop: GMER download Kliknite dati link; Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save. Dvoklikom pokrenite GMER. Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No; kliknite Scan i sačekajte da skeniranje bude završeno; kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1); kliknite desnim tasterom u prozor programa Gmer i odaberite Options > Only non MS files - kliknite Scan; po završetku kratkotrajnog skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2); kliknite taster >>> i odaberite Autostart karticu; po završetku kratkotrajnog skeniranja, kliknite Copy; otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3); Slikoviti prikaz postupka Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

Profil

gorance Poslao: 11 Nov 2009 23:39 Idi na vrh
offline gorance Građanin Pridružio: 10 Maj 2005 Poruke: 273 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma nije sve radi ok evo sad mogu da ukljucim show hiden files.Sad mi radi svasta

Profil

helen1 Poslao: 11 Nov 2009 23:43 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8653 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `NetSvc:: yzbiixo Driver:: yzbiixo` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

gorance Poslao: 12 Nov 2009 00:17 Idi na vrh
offline gorance Građanin Pridružio: 10 Maj 2005 Poruke: 273 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo i ovo [Link mogu videti samo ulogovani korisnici] ComboFix 09-11-11.02 - GORANCE 11/11/2009 23:57.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.522 [GMT 1:00] Running from: c:\documents and settings\GORANCE\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\GORANCE\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Sygate Personal Firewall enabled {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_YZBIIXO -------\Service_yzbiixo ((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 ))))))))))))))))))))))))))))))) . 2009-11-11 21:29 . 2009-11-11 21:29 -------- d-----w- c:\program files\Ask.com 2009-11-11 21:28 . 2009-11-11 21:29 -------- d-----w- c:\program files\The KMPlayer 2009-11-11 20:57 . 2009-11-11 20:57 -------- d-----w- c:\program files\Webteh 2009-10-25 22:08 . 2009-11-11 21:15 -------- d-----w- c:\program files\ESET 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys 2009-10-25 22:04 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys 2009-10-25 22:04 . 2004-10-15 17:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys 2009-10-25 22:04 . 2004-10-15 17:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys 2009-10-25 22:04 . 2004-10-15 17:32 83096 ----a-w- c:\windows\system32\SSSensor.dll 2009-10-25 22:04 . 2009-11-11 21:15 -------- d-----w- c:\program files\Sygate 2009-10-25 19:26 . 2009-10-25 19:28 -------- d-----w- c:\program files\QuickTime 2009-10-25 19:26 . 2009-10-25 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-10-25 19:25 . 2009-10-25 19:25 -------- d-----w- c:\program files\Common Files\Apple 2009-10-25 19:25 . 2009-10-25 19:25 -------- d-----w- c:\program files\Apple Software Update 2009-10-25 19:25 . 2009-10-25 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-10-25 18:21 . 2009-10-25 18:21 152576 ----a-w- c:\documents and settings\GORANCE\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-23 19:32 . 2009-10-23 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Rising 2009-10-21 17:25 . 2009-10-21 17:25 -------- d-----w- c:\program files\Common Files\xing shared 2009-10-15 16:52 . 2009-10-21 18:34 -------- d-----w- c:\program files\USDownloader-Lite 2009-10-14 20:23 . 2008-09-17 09:19 1093632 ----a-w- c:\documents and settings\GORANCE\Application Data\M3\Nero\neroAacEnc.exe 2009-10-14 20:20 . 2009-10-14 21:19 -------- d-----w- c:\documents and settings\GORANCE\Application Data\M3 2009-10-14 20:17 . 2009-10-14 20:18 -------- d-----w- c:\program files\M3 2009-10-13 20:39 . 2009-10-13 20:39 -------- d-----w- c:\documents and settings\GORANCE\Application Data\Sony 2009-10-13 20:39 . 2009-10-13 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 22:54 . 2009-04-28 23:20 -------- d-----w- c:\documents and settings\GORANCE\Application Data\DMCache 2009-11-11 22:06 . 2007-05-30 22:37 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2009-11-11 21:11 . 2009-05-22 23:07 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-11-10 23:43 . 2008-10-13 22:29 -------- d-----w- c:\documents and settings\GORANCE\Application Data\AIMP 2009-10-25 18:22 . 2007-09-02 00:54 -------- d-----w- c:\program files\Java 2009-10-21 17:25 . 2009-09-29 20:29 -------- d-----w- c:\program files\Common Files\Real 2009-10-21 17:25 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-21 17:25 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-12 23:02 . 2009-10-12 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-10-12 22:59 . 2007-05-30 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-12 22:46 . 2009-10-12 22:46 -------- d-----w- c:\program files\Common Files\Sony Shared 2009-10-12 22:36 . 2009-10-12 22:36 -------- d-----w- c:\program files\Sony Setup 2009-10-07 21:43 . 2009-10-07 21:41 -------- d-----w- c:\program files\Opera 2009-10-06 22:31 . 2009-03-29 16:54 -------- d-----w- c:\documents and settings\GORANCE\Application Data\Skype 2009-10-06 20:53 . 2009-04-28 23:27 -------- d-----w- c:\documents and settings\GORANCE\Application Data\IDM 2009-09-29 20:29 . 2009-09-29 20:29 -------- d-----w- c:\program files\Real 2009-09-16 21:23 . 2009-09-16 21:23 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-11 06:26 . 2009-09-11 06:26 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-09-11 06:23 . 2009-09-11 06:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-09-11 06:17 . 2009-09-11 06:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-08-26 17:41 . 2009-08-26 17:41 152576 ----a-w- c:\documents and settings\GORANCE\Application Data\Sun\Java\jre1.6.0_15\lzma.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-11 23:07 . 2009-11-11 23:07 16384 c:\windows\temp\Perflib_Perfdata_1d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2009-11-11 40960] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2009-11-11 962560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-11-11 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-6 657168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-05-29 09:00 8704 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 07:23 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 07:26 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 07:24 735960] R3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [5/30/2007 20:44 86144] R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [12/28/2008 22:19 62824] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [10/13/2009 00:01 27632] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [10/13/2009 00:00 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [10/13/2009 00:00 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [10/13/2009 00:00 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [10/13/2009 00:00 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [10/13/2009 00:00 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [10/13/2009 00:00 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [10/13/2009 00:00 115752] --- Other Services/Drivers In Memory --- Deregistered - mbr [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-11-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download all with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download selected with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll TCP: {05090535-139C-492D-8339-C438BE9B03A5} = 212.124.160.1,82.117.194.2 TCP: {1C324343-A816-476C-ADED-701895CD52AA} = 212.124.160.1,82.117.194.2 FF - ProfilePath - c:\documents and settings\GORANCE\Application Data\Mozilla\Firefox\Profiles\dxwpyqaj.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - component: c:\documents and settings\GORANCE\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-11-12 00:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Link mogu videti samo ulogovani korisnici] device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D91F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x867d91f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK PE file found in sector at 0x098A4272 ! Use "Recovery Console" command "fixmbr" to clear infection ! ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-117609710-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1124d175-584e-4115-b6c1-9c71970e069a}] @Denied: (Full) (Everyone) "Model"=dword:000000f2 "Therad"=dword:0000001d "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ae,95,aa,4d,03,b3,b8,fb,5d,0b,ed,45,8c,ed,11,19,9b,14,c5,eb,9a, 36,34,7f,c4,1b,a3,95,5b,f6,0b,c3,76,2e,da,c4,c5,d2,39,44,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3344) c:\windows\system32\SSSensor.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Sygate\SPF\smc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE . ************************************************************************ . Completion time: 2009-11-11 0:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-11 23:13 Pre-Run: 27,845,226,496 bytes free Post-Run: 27,747,385,344 bytes free - - End Of File - - 321CA4CCFDF5C837C71C41A7B262C13D

Profil

helen1 Poslao: 12 Nov 2009 15:34 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8653 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako sve radi, onda OK. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc ne znam sta je

Ko je trenutno na forumu

Ukupno su 792 korisnika na forumu :: 89 registrovanih, 6 sakrivenih i 697 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 04bokibole, AleksandarV, ALEKSICMILE, alternator, Asteker, Avalon015, avijacija, Bahuss, Bane5, Bbbggg1979, Black Luster Soldier, Bojan198527, Bosnjo, BOXRR, bpop, branko7, BrcakRS, Bubimir, BZ, Colt D, cuvarkuca, Dare, dekiz, djonsule, doktor097, Dolinc, DonRumataEstorski, Dorcolac, Feller, gaga23, GH69, Gigi13, Giskard, goxin, gripen, Hans Gajger, HrcAk47, igorkozar83, Insan, Jecmendo, Krusarac, kybonacci, ladro, LjubisaR, Lotus, M74AB3, Maruti, mercedesamg, mexo, Miler88, Milos ZA, mnn2, Morava71, morava_01, mrvica78, museum, nebojsag, Nikoletina Bursac, nixos, ozzy, Panter, pedjolino76, pein, Pilence, PlayerOne, precan, rakivan, RED4G-304, royst33, Rupert, Siti2, Sky diver 29, StefanNBG90, tanakadzo, Tas011, Tihi86, Tumansky, Tvrtko I, Username1000, varda, vargas, vidra boy, Vlada1389, vlahale, vzd1389, yufighter, zajcev1, Zi0mek, Zvonkozvonko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by