Pozdrav

1

Pozdrav

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

Ovako,
Imam problem prilikom podizanja sistema na racunaru(windows XP). Dodje do ovog dijela i zablokira:
CHECKING FILE SISTEM ON C
WINDOWS VERIFYING FILES AND FOLDERS
/WINDOWS/DUMP2476.tmp IS CROSS-LINKEDON ALLOCATION UNIT 1466658.

Mislim da ima mnogo virusa na racunaru, trazim vasu pomoc, unapred hvala.


DDS (Ver_09-12-01.01) - FAT32x86
Run by XPMCE at 19:07:44.09 on Mon 01/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1369 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.rs/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.4.0.970\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [<NO NAME>]
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\9117181146.dll
DPF: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232646204265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xpmce\applic~1\mozilla\firefox\profiles\d6fewvzj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q=
FF - component: c:\program files\bs.player controlbar\firefoxdtt\components\BSToolbarFF.dll
FF - plugin: c:\documents and settings\xpmce\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2008-11-26 99328]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-18 38496]
S0 emuw;emuw;c:\windows\system32\drivers\erxecnm.sys --> c:\windows\system32\drivers\erxecnm.sys [?]
S2 defaultlib;Service AntiVir;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 eq2soft;Service Eset;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 netmantow;Network Ming;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-2-27 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-19 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2009-8-16 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2009-8-16 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2009-8-16 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2009-8-16 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2009-8-16 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2009-8-16 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2009-8-16 110120]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-8-31 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-8-31 476032]

============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-12-27 18:33:47 0 d-----w- c:\program files\Ask.com
2009-12-20 16:11:44 0 d-sh--w- C:\FOUND.049
2009-12-20 16:05:52 0 d-sh--w- C:\FOUND.048
2009-12-20 15:38:58 0 d-sh--w- C:\FOUND.047
2009-12-11 19:40:58 0 d-sh--w- C:\FOUND.046
2009-12-08 19:18:24 0 d-sh--w- C:\FOUND.045

==================== Find3M ====================

2010-01-03 19:35:32 90112 ----a-w- c:\windows\DUMP2476.tmp
2009-10-22 22:36:44 90112 ----a-w- c:\windows\DUMP20ec.tmp
2009-01-24 12:56:28 40065 ----a-w- c:\program files\bugreport.txt
2009-03-31 23:27:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-03-23 16:41:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031620090323\index.dat
2009-03-31 23:36:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032320090330\index.dat
2009-03-31 23:48:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat
2009-03-31 23:36:54 81920 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2009-03-31 23:27:12 32768 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat

============= FINISH: 19:08:53.65 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Preskenirao sam racunar sa Malwarebytes' Anti-Malware i dobio sledece rezultate:
Malwarebytes' Anti-Malware 1.43
Verzija baze podataka: 3493
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2010 10:24:25 PM
mbam-log-2010-01-04 (22-24-04).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 116861
Proteklo vreme: 1 minute(s), 44 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 30
Inficirane vrednosti u registru: 12
Inficirani podaci u registru: 1
Inficirane fascikle: 5
Inficirane datoteke: 149

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\OKME\softyinforwow1 (Trojan.PWS) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\defaultlib (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\eq2soft (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netmantow (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\softyinforwow1 (Trojan.PWS) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Xstudio_Packet_Capture (LSP.Hijacker) -> No action taken.

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> No action taken.

Inficirani podaci u registru:
HKEY_CLASSES_ROOT\txtfile\shell\open\command\(default) (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> No action taken.

Inficirane fascikle:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910 (Adware.DoubleD) -> No action taken.

Inficirane datoteke:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\config.md (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000355.171.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000504.750.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000623.625.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001324.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001540.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004225.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004457.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004737.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004742.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004743.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005045.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005047.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-061915.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171754.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171832.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171915.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193846.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193949.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-194431.734.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-200918.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-201740.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202118.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202130.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202157.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203030.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203305.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203941.281.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-204040.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-212841.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-214338.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222449.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222500.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-223248.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-234809.859.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-235124.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061332.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061918.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154044.593.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154121.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171717.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171935.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-180846.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-181454.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-182503.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-183044.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-195211.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-201319.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-212327.671.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131640.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131744.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134931.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134939.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140240.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140545.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-141242.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-190700.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-191404.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-192351.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193208.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193935.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-194047.312.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215610.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215635.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215713.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215818.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235411.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235454.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011239.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011951.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012310.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012312.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013707.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013846.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013851.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020526.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020534.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020620.640.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-072142.421.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-073325.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-085409.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-092642.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141640.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141920.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164429.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164541.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-170958.265.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-172044.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-195606.609.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201201.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201302.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221006.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221651.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-234910.984.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-235212.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022214.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022633.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-061707.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-062503.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-192831.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-193919.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194334.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194340.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-215813.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-223041.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-230608.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061505.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061937.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-062338.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-201825.328.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202109.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202225.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-204727.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-210623.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-211210.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212426.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212800.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-225214.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-230952.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-231001.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-232932.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233219.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233852.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-234952.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235325.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235602.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235612.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193534.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193636.906.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-195908.187.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200419.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200746.890.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-202755.437.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203043.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203258.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203310.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203339.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203738.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204159.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204452.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204531.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205051.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205900.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210136.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210330.296.log (Adware.DoubleD) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
Sta su ovde virusi, a sta ne? Jos jednom unapred hvala!
veliki pozzz

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

evo izvjestaja:

ComboFix 10-01-04.01 - XPMCE 01/05/2010 15:02:46.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1518 [GMT 1:00]
Running from: c:\documents and settings\XPMCE\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\XPMCE\Local Settings\Application Data\DoubleD
c:\program files\FunWebProducts
c:\windows\d.ini
c:\windows\Install.txt
c:\windows\system32\comsa32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\tmp0_735416545421.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DEFAULTLIB
-------\Legacy_MSNCACHE
-------\Legacy_NETMANTOW
-------\Legacy_SOFTYINFORWOW1
-------\Service_defaultlib
-------\Service_msncache
-------\Service_netmantow
-------\Service_softyinforwow1


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\xircom
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\program files\microsoft frontpage
2010-01-04 20:45 . 2010-01-04 20:45 5061519 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-28 18:19 . 2009-12-28 18:19 -------- d-----w- c:\documents and settings\XPMCE\Local Settings\Application Data\AskToolbar
2009-12-27 18:33 . 2009-12-27 18:33 -------- d-----w- c:\program files\Ask.com
2009-12-26 13:14 . 2009-12-26 13:14 -------- d-----w- c:\documents and settings\XPMCE\Local Settings\Application Data\Temp
2009-12-20 16:11 . 2009-12-20 16:11 -------- d-----w- C:\FOUND.049
2009-12-20 16:05 . 2009-12-20 16:05 -------- d-----w- C:\FOUND.048
2009-12-20 15:38 . 2009-12-20 15:38 -------- d-----w- C:\FOUND.047
2009-12-11 19:40 . 2009-12-11 19:40 -------- d-----w- C:\FOUND.046
2009-12-08 19:18 . 2009-12-08 19:18 -------- d-----w- C:\FOUND.045

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 20:10 . 2008-11-26 22:27 72776 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 19:35 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP2476.tmp
2009-12-30 13:55 . 2009-02-18 18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-02-18 18:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 18:30 . 2009-11-04 18:32 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-22 22:36 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP20ec.tmp
2009-01-24 12:56 . 2009-01-02 15:35 40065 ----a-w- c:\program files\bugreport.txt
.

------- Sigcheck -------

[-] 2008-07-30 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-04-13 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-29 14:43 133104 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-19 11:27 65536 ----a-w- c:\program files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-06-16 20:09 1277440 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-22 19:59 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-16 20:59 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 16:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
S0 emuw;emuw;c:\windows\system32\drivers\erxecnm.sys --> c:\windows\system32\drivers\erxecnm.sys [?]
S2 eq2soft;Service Eset;c:\windows\System32\svchost.exe -k netsvcs [4/14/2008 12:00 PM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/27/2009 10:15 PM 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/19/2009 6:51 PM 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8/16/2009 12:02 PM 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8/16/2009 12:02 PM 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8/16/2009 12:02 PM 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8/16/2009 12:02 PM 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8/16/2009 12:02 PM 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8/16/2009 12:02 PM 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8/16/2009 12:02 PM 110120]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8/31/2009 2:20 AM 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8/31/2009 2:20 AM 476032]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eq2soft

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-616249376-682003330-1004.job
- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:43]

2009-05-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-05-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{12291577-23AC-4901-829C-D9DCFFD27973}.job
- c:\windows\system32\msfeedssync.exe [2008-11-26 03:31]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ca03e2060b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 08:58]

2009-12-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\d6fewvzj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q=
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKU-Default-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.4.0.970\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-05 15:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\‘|f*i*l*e*\DefaultIcon]
@="c:\\Program Files\\Winamp\\winamp.exe,1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-05 15:09:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 14:09

Pre-Run: 42,401,955,840 bytes free
Post-Run: 42,318,004,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\ = "Unidentified operating system on drive C."

- - End Of File - - 031E7AD854891FDFA56989788A5FEAC4

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
eq2soft
emuw

NetSvc::
eq2soft

File::
c:\windows\system32\drivers\erxecnm.sys


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

ComboFix 10-01-04.01 - XPMCE 01/05/2010 16:18:42.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1585 [GMT 1:00]
Running from: c:\documents and settings\XPMCE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\XPMCE\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\system32\drivers\erxecnm.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EQ2SOFT
-------\Service_emuw
-------\Service_eq2soft


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 14:16 . 2010-01-05 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\xircom
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-05 14:05 . 2010-01-05 14:05 -------- d-----w- c:\program files\microsoft frontpage
2010-01-04 20:45 . 2010-01-04 20:45 5061519 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-26 13:14 . 2009-12-26 13:14 -------- d-----w- c:\documents and settings\XPMCE\Local Settings\Application Data\Temp
2009-12-20 16:11 . 2009-12-20 16:11 -------- d-----w- C:\FOUND.049
2009-12-20 16:05 . 2009-12-20 16:05 -------- d-----w- C:\FOUND.048
2009-12-20 15:38 . 2009-12-20 15:38 -------- d-----w- C:\FOUND.047
2009-12-11 19:40 . 2009-12-11 19:40 -------- d-----w- C:\FOUND.046
2009-12-08 19:18 . 2009-12-08 19:18 -------- d-----w- C:\FOUND.045

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 20:10 . 2008-11-26 22:27 72776 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 19:35 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP2476.tmp
2009-12-30 13:55 . 2009-02-18 18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-02-18 18:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 13:06 . 2009-11-14 13:06 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-11-04 18:30 . 2009-11-04 18:32 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-22 22:36 . 2008-11-26 21:06 90112 ----a-w- c:\windows\DUMP20ec.tmp
2009-01-24 12:56 . 2009-01-02 15:35 40065 ----a-w- c:\program files\bugreport.txt
.

------- Sigcheck -------

[-] 2008-07-30 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 . 8C4050BD9FD87E23CDED28FFA889B0BA . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-05_14.06.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-05 15:22 . 2010-01-05 15:22 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-04-13 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^XPMCE^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XPMCE\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-29 14:43 133104 ----a-w- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-19 11:27 65536 ----a-w- c:\program files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-06-16 20:09 1277440 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-22 19:59 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-16 20:59 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 16:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/27/2009 10:15 PM 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/19/2009 6:51 PM 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8/16/2009 12:02 PM 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8/16/2009 12:02 PM 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8/16/2009 12:02 PM 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8/16/2009 12:02 PM 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8/16/2009 12:02 PM 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8/16/2009 12:02 PM 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8/16/2009 12:02 PM 110120]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8/31/2009 2:20 AM 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8/31/2009 2:20 AM 476032]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-616249376-682003330-1004.job
- c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:43]

2009-05-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-05-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:58]

2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{12291577-23AC-4901-829C-D9DCFFD27973}.job
- c:\windows\system32\msfeedssync.exe [2008-11-26 03:31]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ca03e2060b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 08:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\d6fewvzj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: c:\documents and settings\XPMCE\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-05 16:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\‘|f*i*l*e*\DefaultIcon]
@="c:\\Program Files\\Winamp\\winamp.exe,1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-01-05 16:25:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 15:25
ComboFix2.txt 2010-01-05 14:09

Pre-Run: 42,183,589,888 bytes free
Post-Run: 42,105,569,280 bytes free

- - End Of File - - 89D00DD127A19140C863FE12735D3598

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ima li sad problema?

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

Napisano: 05 Jan 2010 16:48

Idalje sve isto kao sto sam naveo u prvoj poruci! Mozda je izbrisao koji virus, jer evo novih rezultata skeniranih Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.43
Verzija baze podataka: 3495
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/5/2010 4:49:42 PM
mbam-log-2010-01-05 (16-49-33).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 116679
Proteklo vreme: 2 minute(s), 40 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 5
Inficirane vrednosti u registru: 1
Inficirani podaci u registru: 0
Inficirane fascikle: 3
Inficirane datoteke: 147

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910 (Adware.DoubleD) -> No action taken.

Inficirane datoteke:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\config.md (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000355.171.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000504.750.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-000623.625.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001324.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-001540.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004225.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004457.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004737.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004742.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-004743.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005045.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-005047.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-061915.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171754.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171832.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-171915.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-174803.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193846.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-193949.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-194431.734.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-200918.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-201740.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202118.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202130.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-202157.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203030.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203305.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-203941.281.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-204040.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-212841.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-214338.515.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222449.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-222500.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-223248.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-234809.859.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090827-235124.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061332.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-061918.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154044.593.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-154121.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171717.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-171935.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-180846.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-181454.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-182503.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-183044.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-195211.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-201319.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090828-212327.671.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131640.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-131744.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134931.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-134939.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140240.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-140545.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-141242.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-190700.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-191404.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-192351.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193208.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-193935.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-194047.312.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215610.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215635.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215713.828.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-215818.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235411.781.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090829-235454.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011239.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-011951.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012310.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-012312.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013707.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013846.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-013851.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020526.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020534.921.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-020620.640.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-072142.421.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-073325.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-085409.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-092642.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141640.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-141920.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164429.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-164541.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-170958.265.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-172044.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-195606.609.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201201.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-201302.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221006.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-221651.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-234910.984.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090830-235212.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022214.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-022633.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-061707.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-062503.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-192831.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-193919.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194334.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-194340.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-215813.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-223041.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090831-230608.578.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061505.875.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-061937.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-062338.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-201825.328.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202109.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-202225.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-204727.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-210623.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-211210.093.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212426.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-212800.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-225214.125.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-230952.390.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-231001.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-232932.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233219.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-233852.375.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-234952.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235325.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235602.203.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090901-235612.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193534.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-193636.906.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-195908.187.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200419.359.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-200746.890.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-202755.437.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203043.765.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203258.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203310.484.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203339.953.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-203738.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204159.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204452.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-204531.656.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205051.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-205900.703.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210136.687.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\XPMCE\Local Settings\Application Data\Media Access Startup\1.5.6.910\HJHP_20090902-210330.296.log (Adware.DoubleD) -> No action taken.

Dopuna: 05 Jan 2010 18:14

Oce li neko pogledati ovu temu i pomoci mi?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

I sam sam zarazen, pa prvo sebe spasavam. Mr. Green Wink

Pomocicemo ti....

offline
  • Pridružio: 04 Jan 2010
  • Poruke: 5

Pa daj potegni veze, nadji nekog ko nije zarayen, a zna....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Kad vec koristis MBAM, onda upotrebi i njegove opcije da te zaleci.

Neka ukloni to sto nadje.

Ko je trenutno na forumu
 

Ukupno su 885 korisnika na forumu :: 46 registrovanih, 5 sakrivenih i 834 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Bane san, bufanje, Denaya, Dimitrije Paunovic, FOX, Frunze, Georgius, ILGromovnik, ivan979, Ivica1102, Karla, kovinacc, kybonacci, Leonov, ljuba, ljubacv, Lošmi, maiden6657, milenko crazy north, Milometer, milutin134, Mlav, mocnijogurt, Mravce, nemkea71, nick79, opt1, pein, Rakenica, raptorsi, rodoljub, Sirius, slonic_tonic, solic, sombrero, Srky Boy, Srle993, Steeeefan, theNedjeljko, Trpe Grozni, Vlad000, Vlajman1957, YU-UKI, zillbg