Pozdrav

1

Pozdrav

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

Ovako,
Imam problem prilikom podizanja sistema na racunaru(windows XP). Dodje do ovog dijela i zablokira:
CHECKING FILE SISTEM ON C
WINDOWS VERIFYING FILES AND FOLDERS
/WINDOWS/DUMP2476.tmp IS CROSS-LINKEDON ALLOCATION UNIT 1466658.

Mislim da ima mnogo virusa na racunaru, trazim vasu pomoc, unapred hvala.


DDS (Ver_09-12-01.01) - FAT32x86
Run by XPMCE at 19:07:44.09 on Mon 01/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1369 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.rs/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.4.0.970\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [<NO NAME>]
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\9117181146.dll
DPF: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232646204265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xpmce\applic~1\mozilla\firefox\profiles\d6fewvzj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q=
FF - component: c:\program files\bs.player controlbar\firefoxdtt\components\BSToolbarFF.dll
FF - plugin: c:\documents and settings\xpmce\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2008-11-26 99328]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-18 38496]
S0 emuw;emuw;c:\windows\system32\drivers\erxecnm.sys --> c:\windows\system32\drivers\erxecnm.sys [?]
S2 defaultlib;Service AntiVir;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 eq2soft;Service Eset;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 netmantow;Network Ming;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-2-27 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-19 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2009-8-16 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2009-8-16 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2009-8-16 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2009-8-16 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2009-8-16 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2009-8-16 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2009-8-16 110120]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-8-31 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-8-31 476032]

============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-12-27 18:33:47 0 d-----w- c:\program files\Ask.com
2009-12-20 16:11:44 0 d-sh--w- C:\FOUND.049
2009-12-20 16:05:52 0 d-sh--w- C:\FOUND.048
2009-12-20 15:38:58 0 d-sh--w- C:\FOUND.047
2009-12-11 19:40:58 0 d-sh--w- C:\FOUND.046
2009-12-08 19:18:24 0 d-sh--w- C:\FOUND.045

==================== Find3M ====================

2010-01-03 19:35:32 90112 ----a-w- c:\windows\DUMP2476.tmp
2009-10-22 22:36:44 90112 ----a-w- c:\windows\DUMP20ec.tmp
2009-01-24 12:56:28 40065 ----a-w- c:\program files\bugreport.txt
2009-03-31 23:27:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-03-23 16:41:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031620090323\index.dat
2009-03-31 23:36:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032320090330\index.dat
2009-03-31 23:48:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat
2009-03-31 23:36:54 81920 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2009-03-31 23:27:12 32768 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat

============= FINISH: 19:08:53.65 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Preskenirao sam racunar sa Malwarebytes' Anti-Malware i dobio sledece rezultate:
Malwarebytes' Anti-Malware 1.43
Verzija baze podataka: 3493
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2010 10:24:25 PM
mbam-log-2010-01-04 (22-24-04).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 116861
Proteklo vreme: 1 minute(s), 44 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 30
Inficirane vrednosti u registru: 12
Inficirani podaci u registru: 1
Inficirane fascikle: 5
Inficirane datoteke: 149

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\OKME\softyinforwow1 (Trojan.PWS) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\defaultlib (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\eq2soft (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netmantow (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\softyinforwow1 (Trojan.PWS) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Xstudio_Packet_Capture (LSP.Hijacker) -> No action taken.

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> No action taken.

Inficirani podaci u registru:
HKEY_CLASSES_ROOT\txtfile\shell\open\command\(default) (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> No action taken.

Inficirane fascikle:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910 (Adware.DoubleD) -> No action taken.

Inficirane datoteke:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\config.md (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000355.171.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000504.750.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000623.625.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001324.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001540.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004225.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004457.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004737.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004742.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004743.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005045.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005047.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-061915.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171754.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171832.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171915.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193846.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193949.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-194431.734.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-200918.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-201740.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202118.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202130.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202157.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203030.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203305.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203941.281.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-204040.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-212841.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-214338.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222449.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222500.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-223248.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-234809.859.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-235124.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061332.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061918.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154044.593.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154121.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171717.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171935.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-180846.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-181454.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-182503.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-183044.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-195211.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-201319.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-212327.671.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131640.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131744.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134931.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134939.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140240.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140545.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-141242.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-190700.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-191404.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-192351.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193208.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193935.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-194047.312.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215610.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215635.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215713.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215818.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235411.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235454.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011239.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011951.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012310.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012312.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013707.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013846.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013851.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020526.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020534.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020620.640.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-072142.421.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-073325.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-085409.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-092642.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141640.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141920.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164429.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164541.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-170958.265.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-172044.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-195606.609.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201201.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201302.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221006.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221651.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-234910.984.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-235212.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022214.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022633.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-061707.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-062503.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-192831.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-193919.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194334.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194340.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-215813.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-223041.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-230608.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061505.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061937.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-062338.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-201825.328.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202109.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202225.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-204727.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-210623.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-211210.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212426.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212800.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-225214.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-230952.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-231001.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-232932.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233219.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233852.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-234952.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235325.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235602.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235612.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193534.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193636.906.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-195908.187.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200419.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200746.890.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-202755.437.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203043.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203258.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203310.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203339.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203738.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204159.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204452.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204531.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205051.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205900.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210136.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210330.296.log (Adware.DoubleD) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
Sta su ovde virusi, a sta ne? Jos jednom unapred hvala!
veliki pozzz

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

evo izvjestaja:

ComboFix 10-01-04.01 - XPMCE 01/05/2010 15:02:46.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1518 [GMT 1:00]
Running from: c:\documents and settings\XPMCE\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\XPMCE\Local Settings\Application Data\DoubleD
c:\program files\FunWebProducts
c:\windows\d.ini
c:\windows\Install.txt
c:\windows\system32\comsa32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\tmp0_735416545421.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DEFAULTLIB
-------\Legacy_MSNCACHE
-------\Legacy_NETMANTOW
-------\Legacy_SOFTYINFORWOW1
-------\Service_defaultlib
-------\Service_msncache
-------\Service_netmantow
-------\Service_softyinforwow1


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\xircom
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\program files\microsoft frontpage
2010-01-04 20:45 . 2010-01-04 20:45 5061519 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-28 18:19 . 2009-12-28 18:19 -------- d-----w- c:\documents and settings\XPMCE\Local Settings\Application Data\AskToolbar
2009-12-27 18:33 . 2009-12-27 18:33 -------- d-----w- c:\program files\Ask.com
2009-12-26 13:14 . 2009-12-26 13:14 -------- d-----w- c:\documents and settings\XPMCE\Local Settings\Application Data\Temp
2009-12-20 16:11 . 2009-12-20 16:11 -------- d-----w- C:\FOUND.049
2009-12-20 16:05 . 2009-12-20 16:05 -------- d-----w- C:\FOUND.048
2009-12-20 15:38 . 2009-12-20 15:38 -------- d-----w- C:\FOUND.047
2009-12-11 19:40 . 2009-12-11 19:40 -------- d-----w- C:\FOUND.046
2009-12-08 19:18 . 2009-12-08 19:18 -------- d-----w- C:\FOUND.045

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 20:10 . 2008-11-26 22:27 72776 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 19:35 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP2476.tmp
2009-12-30 13:55 . 2009-02-18 18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-02-18 18:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 18:30 . 2009-11-04 18:32 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-22 22:36 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP20ec.tmp
2009-01-24 12:56 . 2009-01-02 15:35 40065 ----a-w- c:\program files\bugreport.txt
.

------- Sigcheck -------

[-] 2008-07-30 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-04-13 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-29 14:43 133104 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-19 11:27 65536 ----a-w- c:\program files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-06-16 20:09 1277440 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-22 19:59 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-16 20:59 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 16:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
S0 emuw;emuw;c:\windows\system32\drivers\erxecnm.sys --> c:\windows\system32\drivers\erxecnm.sys [?]
S2 eq2soft;Service Eset;c:\windows\System32\svchost.exe -k netsvcs [4/14/2008 12:00 PM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/27/2009 10:15 PM 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/19/2009 6:51 PM 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8/16/2009 12:02 PM 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8/16/2009 12:02 PM 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8/16/2009 12:02 PM 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8/16/2009 12:02 PM 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8/16/2009 12:02 PM 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8/16/2009 12:02 PM 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8/16/2009 12:02 PM 110120]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8/31/2009 2:20 AM 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8/31/2009 2:20 AM 476032]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eq2soft

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-616249376-682003330-1004.job
- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:43]

2009-05-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-05-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{12291577-23AC-4901-829C-D9DCFFD27973}.job
- c:\windows\system32\msfeedssync.exe [2008-11-26 03:31]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ca03e2060b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 08:58]

2009-12-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\d6fewvzj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q=
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKU-Default-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.4.0.970\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-05 15:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\‘|f*i*l*e*\DefaultIcon]
@="c:\\Program Files\\Winamp\\winamp.exe,1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-05 15:09:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 14:09

Pre-Run: 42,401,955,840 bytes free
Post-Run: 42,318,004,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\ = "Unidentified operating system on drive C."

- - End Of File - - 031E7AD854891FDFA56989788A5FEAC4

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
eq2soft
emuw

NetSvc::
eq2soft

File::
c:\windows\system32\drivers\erxecnm.sys


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

ComboFix 10-01-04.01 - XPMCE 01/05/2010 16:18:42.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1585 [GMT 1:00]
Running from: c:\documents and settings\XPMCE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\XPMCE\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\system32\drivers\erxecnm.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EQ2SOFT
-------\Service_emuw
-------\Service_eq2soft


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 14:16 . 2010-01-05 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\xircom
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\program files\microsoft frontpage
2010-01-04 20:45 . 2010-01-04 20:45 5061519 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-26 13:14 . 2009-12-26 13:14 -------- d-----w- c:\documents and settings\XPMCE\Local Settings\Application Data\Temp
2009-12-20 16:11 . 2009-12-20 16:11 -------- d-----w- C:\FOUND.049
2009-12-20 16:05 . 2009-12-20 16:05 -------- d-----w- C:\FOUND.048
2009-12-20 15:38 . 2009-12-20 15:38 -------- d-----w- C:\FOUND.047
2009-12-11 19:40 . 2009-12-11 19:40 -------- d-----w- C:\FOUND.046
2009-12-08 19:18 . 2009-12-08 19:18 -------- d-----w- C:\FOUND.045

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 20:10 . 2008-11-26 22:27 72776 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 19:35 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP2476.tmp
2009-12-30 13:55 . 2009-02-18 18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-02-18 18:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 13:06 . 2009-11-14 13:06 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-11-04 18:30 . 2009-11-04 18:32 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-22 22:36 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP20ec.tmp
2009-01-24 12:56 . 2009-01-02 15:35 40065 ----a-w- c:\program files\bugreport.txt
.

------- Sigcheck -------

[-] 2008-07-30 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-05_14.06.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-05 15:22 . 2010-01-05 15:22 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-04-13 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-29 14:43 133104 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-19 11:27 65536 ----a-w- c:\program files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-06-16 20:09 1277440 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-22 19:59 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-16 20:59 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 16:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/27/2009 10:15 PM 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/19/2009 6:51 PM 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8/16/2009 12:02 PM 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8/16/2009 12:02 PM 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8/16/2009 12:02 PM 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8/16/2009 12:02 PM 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8/16/2009 12:02 PM 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8/16/2009 12:02 PM 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8/16/2009 12:02 PM 110120]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8/31/2009 2:20 AM 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8/31/2009 2:20 AM 476032]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-616249376-682003330-1004.job
- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:43]

2009-05-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-05-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{12291577-23AC-4901-829C-D9DCFFD27973}.job
- c:\windows\system32\msfeedssync.exe [2008-11-26 03:31]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ca03e2060b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 08:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\d6fewvzj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-05 16:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\‘|f*i*l*e*\DefaultIcon]
@="c:\\Program Files\\Winamp\\winamp.exe,1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-01-05 16:25:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 15:25
ComboFix2.txt 2010-01-05 14:09

Pre-Run: 42,183,589,888 bytes free
Post-Run: 42,105,569,280 bytes free

- - End Of File - - 89D00DD127A19140C863FE12735D3598

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Ima li sad problema?

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

Napisano: 05 Jan 2010 16:48

Idalje sve isto kao sto sam naveo u prvoj poruci! Mozda je izbrisao koji virus, jer evo novih rezultata skeniranih Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.43
Verzija baze podataka: 3495
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/5/2010 4:49:42 PM
mbam-log-2010-01-05 (16-49-33).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 116679
Proteklo vreme: 2 minute(s), 40 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 5
Inficirane vrednosti u registru: 1
Inficirani podaci u registru: 0
Inficirane fascikle: 3
Inficirane datoteke: 147

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910 (Adware.DoubleD) -> No action taken.

Inficirane datoteke:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\config.md (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000355.171.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000504.750.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000623.625.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001324.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001540.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004225.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004457.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004737.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004742.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004743.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005045.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005047.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-061915.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171754.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171832.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171915.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193846.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193949.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-194431.734.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-200918.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-201740.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202118.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202130.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202157.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203030.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203305.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203941.281.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-204040.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-212841.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-214338.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222449.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222500.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-223248.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-234809.859.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-235124.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061332.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061918.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154044.593.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154121.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171717.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171935.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-180846.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-181454.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-182503.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-183044.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-195211.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-201319.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-212327.671.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131640.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131744.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134931.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134939.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140240.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140545.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-141242.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-190700.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-191404.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-192351.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193208.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193935.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-194047.312.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215610.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215635.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215713.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215818.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235411.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235454.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011239.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011951.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012310.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012312.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013707.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013846.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013851.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020526.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020534.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020620.640.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-072142.421.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-073325.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-085409.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-092642.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141640.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141920.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164429.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164541.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-170958.265.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-172044.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-195606.609.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201201.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201302.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221006.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221651.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-234910.984.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-235212.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022214.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022633.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-061707.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-062503.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-192831.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-193919.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194334.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194340.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-215813.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-223041.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-230608.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061505.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061937.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-062338.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-201825.328.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202109.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202225.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-204727.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-210623.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-211210.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212426.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212800.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-225214.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-230952.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-231001.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-232932.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233219.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233852.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-234952.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235325.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235602.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235612.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193534.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193636.906.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-195908.187.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200419.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200746.890.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-202755.437.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203043.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203258.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203310.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203339.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203738.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204159.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204452.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204531.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205051.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205900.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210136.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210330.296.log (Adware.DoubleD) -> No action taken.

Dopuna: 05 Jan 2010 18:14

Oce li neko pogledati ovu temu i pomoci mi?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

I sam sam zarazen, pa prvo sebe spasavam. Mr. Green Wink

Pomocicemo ti....

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

Pa daj potegni veze, nadji nekog ko nije zarayen, a zna....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Kad vec koristis MBAM, onda upotrebi i njegove opcije da te zaleci.

Neka ukloni to sto nadje.

Ko je trenutno na forumu
 

Ukupno su 996 korisnika na forumu :: 24 registrovanih, 2 sakrivenih i 970 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AK - 230, babaroga, Bluper, darkangel, dragan_mig31, elenemste, FOX, Griffon vulture, HogarStrashni, HrcAk47, ivan979, mercedesamg, mikrimaus, milos97, Niko Bitan, royst33, Shinobi, Srle993, Toper, Vatreni Zmaj, wolf431, Zimbabwe, šumar bk2