MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Problem sa virusima

Napisano na dan: 14.1.2012

Strana:
1
2
3

Problem sa virusima

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

ScreenSaver Poslao: 14 Jan 2012 13:44 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam veliki problem sa virusima. . . Naime, non stop mi iskaču poruke kad treba da posetim neki sajt da ne može da pristupi i da ga je Mozila blokirala. . . A istovremeno, kad god hoću da udjem u neki sajt, svaki link mi počinje sa hxxp:\|\| www. 95p. com/ Avira je našla 6 virusa. . . Da li neko ima ideju kako da rešim problem? Svakih deset sekundi mi iskače obaveštenje o virusima, pominje se Rootkit... Problemi traju od juče, a danas je još gore...Ne mogu da pristupim većini stranica, a kad hocu da udjem u neke programe, iskaču greške...Pomagajte Skenirano je sa Malwarebyte, ali nije pomoglo puno... Skenirano je i sa Avirom, ali od nje tek vajde nema...Molim vas, pomozite!

Profil

NIx Car Poslao: 14 Jan 2012 14:04 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav ScreenSaver U ovom potforumu postoje pravila pre otvaranja teme...zamolio bih te da ih procitas i postavis odgovarajuce logove. http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html NIx Car (AMF Tim)

Profil

ScreenSaver Poslao: 14 Jan 2012 14:10 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Izvinjavam se, evo, valjda je ovako . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by P4 at 13:56:21 on 2012-01-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.289 [GMT 1:00] . AV: AntiVir Desktop Disabled/Outdated {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm941YYRS&fl=0&ptb=k1WhwAhCwxJo1YKz62Hesw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uDefault_Page_URL = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: MjTunes.com Toolbar: {908abdd0-74d6-433b-aed5-8f3e7f792319} - c:\program files\mjtunes.com\prxtbMjT0.dll uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbIncr.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MjTunes.com Toolbar: {908abdd0-74d6-433b-aed5-8f3e7f792319} - c:\program files\mjtunes.com\prxtbMjT0.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbIncr.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: MjTunes.com Toolbar: {908abdd0-74d6-433b-aed5-8f3e7f792319} - c:\program files\mjtunes.com\prxtbMjT0.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbIncr.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - d:\program files\ivt corporation\bluesoleil\BlueSoleil.exe IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\free download manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - file://c:\program files\free download manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\free download manager\dlall.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\funnsystems yump3com-user-authorization\YuMp3ComLogin.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: mswsock.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.bigfishgames.com/en_mysterysolitairese/online/SpinTopGamesLauncher.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 79.101.33.4 79.101.33.6 TCP: Interfaces\{58A7CAA9-528B-4BA8-916F-ACC7A549E054} : DhcpNameServer = 79.101.33.4 79.101.33.6 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm941YYRS&fl=0&ptb=k1WhwAhCwxJo1YKz62Hesw&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor= FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCore.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{a3f96249-7650-49a8-b54e-9cbf46fbbdf7}\components\FFExternalAlert.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{a3f96249-7650-49a8-b54e-9cbf46fbbdf7}\components\RadioWMPCore.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\FFExternalAlert.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCore.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\engine@conduit.com\components\RadioWMPCore.dll FF - component: c:\documents and settings\p4\application data\mozilla\firefox\profiles\vpjidu5e.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-8-22 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-22 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-22 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-22 66616] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-18 54752] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-13 652872] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-13 20464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-8-22 119528] S2 LRMINIPORT;A016mgmt;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336] S3 fsssvc;Usluga Windows Live Porodicna bezbednost;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] . =============== Created Last 30 ================ . 2012-01-13 17:26:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-13 17:26:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-13 15:41:58 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-01-12 22:44:25 0 --sha-w- c:\windows\system32\dds_log_trash.cmd 2012-01-12 09:07:39 -------- d-sh--w- c:\documents and settings\p4\local settings\application data\123a0ffd 2012-01-03 10:29:42 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2012-01-03 10:29:42 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-01-03 10:29:42 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-03 10:29:42 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2011-12-28 22:17:16 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-12-28 22:17:15 159232 ----a-w- c:\windows\system32\ptpusd.dll . ==================== Find3M ==================== . 2011-12-20 15:24:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2009-03-15 12:50:54 9914224 ----a-w- c:\program files\winamp5551_full_emusic-7plus_en-us.exe . ============= FINISH: 13:57:09.17 =============== https://www.mycity.rs/must-login.png

Profil

NIx Car Poslao: 14 Jan 2012 14:22 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fale ti GMER1,GMER2,GMER3 logovi ili RootRepeal log

Profil

ScreenSaver Poslao: 14 Jan 2012 14:42 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

NIx Car Poslao: 14 Jan 2012 16:53 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

ScreenSaver Poslao: 14 Jan 2012 20:26 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 14 Jan 2012 17:50 Evo valjda sam dobro sve uradila https://www.mycity.rs/must-login.png ComboFix 12-01-13.05 - P4 01/14/2012 17:33:04.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.642 [GMT 1:00] Running from: c:\documents and settings\P4\Desktop\ComboFix.exe AV: AntiVir Desktop Disabled/Outdated {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\P4\Application Data\PriceGong c:\documents and settings\P4\Application Data\PriceGong\Data\1.xml c:\documents and settings\P4\Application Data\PriceGong\Data\a.xml c:\documents and settings\P4\Application Data\PriceGong\Data\b.xml c:\documents and settings\P4\Application Data\PriceGong\Data\c.xml c:\documents and settings\P4\Application Data\PriceGong\Data\d.xml c:\documents and settings\P4\Application Data\PriceGong\Data\e.xml c:\documents and settings\P4\Application Data\PriceGong\Data\f.xml c:\documents and settings\P4\Application Data\PriceGong\Data\g.xml c:\documents and settings\P4\Application Data\PriceGong\Data\h.xml c:\documents and settings\P4\Application Data\PriceGong\Data\i.xml c:\documents and settings\P4\Application Data\PriceGong\Data\J.xml c:\documents and settings\P4\Application Data\PriceGong\Data\k.xml c:\documents and settings\P4\Application Data\PriceGong\Data\l.xml c:\documents and settings\P4\Application Data\PriceGong\Data\m.xml c:\documents and settings\P4\Application Data\PriceGong\Data\mru.xml c:\documents and settings\P4\Application Data\PriceGong\Data\n.xml c:\documents and settings\P4\Application Data\PriceGong\Data\o.xml c:\documents and settings\P4\Application Data\PriceGong\Data\p.xml c:\documents and settings\P4\Application Data\PriceGong\Data\q.xml c:\documents and settings\P4\Application Data\PriceGong\Data\r.xml c:\documents and settings\P4\Application Data\PriceGong\Data\s.xml c:\documents and settings\P4\Application Data\PriceGong\Data\t.xml c:\documents and settings\P4\Application Data\PriceGong\Data\u.xml c:\documents and settings\P4\Application Data\PriceGong\Data\v.xml c:\documents and settings\P4\Application Data\PriceGong\Data\w.xml c:\documents and settings\P4\Application Data\PriceGong\Data\x.xml c:\documents and settings\P4\Application Data\PriceGong\Data\y.xml c:\documents and settings\P4\Application Data\PriceGong\Data\z.xml c:\documents and settings\P4\mail.dat c:\documents and settings\P4\mess.dat c:\documents and settings\P4\WINDOWS c:\program files\AutocompletePro c:\program files\AutocompletePro\InstTracker.exe c:\program files\winamp5551_full_emusic-7plus_en-us.exe c:\windows\$NtUninstallKB57912$ c:\windows\$NtUninstallKB57912$\1229172561 c:\windows\$NtUninstallKB57912$\305795069\@ c:\windows\$NtUninstallKB57912$\305795069\L\snewntez c:\windows\$NtUninstallKB57912$\305795069\loader.tlb c:\windows\$NtUninstallKB57912$\305795069\U\@00000001 c:\windows\$NtUninstallKB57912$\305795069\U\@000000c0 c:\windows\$NtUninstallKB57912$\305795069\U\@000000cb c:\windows\$NtUninstallKB57912$\305795069\U\@000000cf c:\windows\$NtUninstallKB57912$\305795069\U\@80000000 c:\windows\$NtUninstallKB57912$\305795069\U\@800000c0 c:\windows\$NtUninstallKB57912$\305795069\U\@800000cb c:\windows\$NtUninstallKB57912$\305795069\U\@800000cf c:\windows\assembly\GAC_MSIL\desktop.ini c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll c:\windows\system32\acprfmgrsvc.dll c:\windows\system32\amdppm.dll c:\windows\system32\aw_host.dll c:\windows\system32\bc_pat_f.dll c:\windows\system32\bcftdi.dll c:\windows\system32\beep.dll c:\windows\system32\d-link_st3402.dll c:\windows\system32\dbmang.dll c:\windows\System32\Drivers\sptd.sys c:\windows\system32\elservice.dll c:\windows\system32\flexbios.dll c:\windows\system32\ghostsec.dll c:\windows\system32\hddsvc.dll c:\windows\system32\idsvc.dll c:\windows\system32\lexbces.dll c:\windows\system32\ltmodem5.dll c:\windows\system32\LVCap138.dll c:\windows\system32\messenger.dll c:\windows\system32\mindrepair.dll c:\windows\system32\NMSAccessU.dll c:\windows\system32\NMSSvc.dll c:\windows\system32\nsm1serd.dll c:\windows\system32\NVTCP.dll c:\windows\system32\oracleformsserver-forms60server-oraform.dll c:\windows\system32\OVT511Plus.dll c:\windows\system32\p17xfilt.dll c:\windows\system32\pavatscheduler.dll c:\windows\system32\ppmoucls.dll c:\windows\system32\ProcObsrv.dll c:\windows\system32\qcmerced.dll c:\windows\system32\REVOSENS.dll c:\windows\system32\rpsupdaterr.dll c:\windows\system32\sbservice.dll c:\windows\system32\SE2Cbus.dll c:\windows\system32\SNTIE.dll c:\windows\system32\T6963C.dll c:\windows\system32\Tablet2k.dll c:\windows\system32\TeamViewer.dll c:\windows\system32\tme3srv.dll c:\windows\system32\tmmbd.dll c:\windows\system32\toside.dll c:\windows\system32\ulcdrhlp.dll c:\windows\system32\VAIOMediaPlatform-MusicServer-UPnP.dll c:\windows\system32\vpctcom.dll c:\windows\system32\wacomvhid.dll c:\windows\system32\wfxsvc.dll c:\windows\system32\wininit.dll c:\windows\system32\wlluc48.dll c:\windows\system32\WSIMD.dll c:\windows\system32\Xponaut_WBD.dll c:\windows\system32\YahooAUService.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_FRAMEWORK -------\Legacy_NWSAPAGENT -------\Legacy_STEC3 -------\Service_framework -------\Service_NwSapAgent -------\Service_STEC3 -------\Legacy_imonitor -------\Legacy_LKbdFlt2 -------\Legacy_LMS -------\Legacy_ndiscm -------\Legacy_rampartsvc -------\Legacy_sptd -------\Legacy_ZuneWlanCfgSvc -------\Service_imonitor -------\Service_LKbdFlt2 -------\Service_LMS -------\Service_ndiscm -------\Service_rampartsvc -------\Service_sptd -------\Service_ZuneWlanCfgSvc . . ((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 ))))))))))))))))))))))))))))))) . . 2012-01-13 17:26 . 2012-01-13 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-13 17:26 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-13 16:23 . 2012-01-13 16:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-01-13 15:41 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-01-12 22:44 . 2012-01-14 12:29 0 --sha-w- c:\windows\system32\dds_log_trash.cmd 2012-01-12 09:07 . 2012-01-13 16:29 -------- d-sh--w- c:\documents and settings\P4\Local Settings\Application Data\123a0ffd 2012-01-03 10:29 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-03 10:29 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-03 10:29 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-03 10:29 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-28 22:17 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-12-28 22:17 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-14 16:42 . 2012-01-14 16:42 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-12-20 15:24 . 2011-05-16 15:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-21 07:24 . 2012-01-13 15:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{908abdd0-74d6-433b-aed5-8f3e7f792319}"= "c:\program files\MjTunes.com\prxtbMjT0.dll" [2011-01-17 175912] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912] . [HKEY_CLASSES_ROOT\clsid\{908abdd0-74d6-433b-aed5-8f3e7f792319}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908abdd0-74d6-433b-aed5-8f3e7f792319}] 2011-01-17 14:54 175912 ----a-w- c:\program files\MjTunes.com\prxtbMjT0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2011-06-27 10:05 175912 ----a-w- c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{908abdd0-74d6-433b-aed5-8f3e7f792319}"= "c:\program files\MjTunes.com\prxtbMjT0.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912] . [HKEY_CLASSES_ROOT\clsid\{908abdd0-74d6-433b-aed5-8f3e7f792319}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{908ABDD0-74D6-433B-AED5-8F3E7F792319}"= "c:\program files\MjTunes.com\prxtbMjT0.dll" [2011-01-17 175912] "{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912] . [HKEY_CLASSES_ROOT\clsid\{908abdd0-74d6-433b-aed5-8f3e7f792319}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661369] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "Windows Defender"=c:\documents and settings\P4\Application Data\explorer.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Documents and Settings\\P4\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"= "d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Free Download Manager\\fdm.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\msfeedssync.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/14/2012 5:42 PM 232512] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/22/2011 5:32 PM 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/13/2012 6:26 PM 652872] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/13/2012 6:26 PM 20464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/22/2011 5:53 PM 119528] S2 pcouffin;MxlW2k;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 4:42 AM 14336] . NETSVCS REQUIRES REPAIRS - current entries shown 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto afs2k spmgr symlcbrd NwSapAgent backupexecnotificationserver nvport sscdbhk5 ppmoucls gbpoll pxfhbus enethusb hpci wacomvhid symids netdevio aswlsvc pdlnshay starwindservice k750obex MA8032U pserve MSSQL$MSSMLBIZ BCM43XV mcstrm bthenum antivirscheduler pcouffin Defrag32 AmdIde avg7core oracleorahomepagingserver USBDongle ZuneWlanCfgSvc wap3gx gmer sentinel AVWLP_USB truecrypt stylexphelper DVDVRRdr_xp LKbdFlt2 WSIMD cpsvc pxfhmdm cdudf_xp regservice pdlndint nvidesm hibernation IWCA oracleoradb10g_home1isqlplus SE2Dmgmt adfs idebusdr ntpr_nic_service2 MRESP50 amon se45mdfl sysplant transactional ser2plms StillCam DELL_A02 Invoker U3sHlpDr ndiscm mdmxsdk ProcObsrv P16X AmdLLD mysql CVPNDRVA wintabservice AF15BDA mqdmmdm w22n51 LCcfltr mdc8021x downloadmanagerlite REVOSENS pnkbstra DevUpper tgsrvc_smartagent ino_fltr l8042pr2 PNDIS5 CBTNDIS5 om518p mcafeeframework nicser_wmp11 p2psvc 2wirepcp npapimon trackcam4 MSMQTriggers AsIO pinnacleupdatesvc ONSIO FINEPIX_PCC ccsetmgr w200bus Cinemsup Mtlstrm s616mdm liveupdate RDID1027 yats32 SWNC8U51 SSFS0BB9 odclientservice djsnetcn pdscheduler SE2Bobex roammgr apfiltrservice wampapache filterservice exfat incdfs navapsvc proxyserverservice imonitor se59mdm SrvcSSIOMngr ibmpmdrv acrsch2svc iaimfp2 vci UlSata sleepy hpqcxs08 dvpapi oraclemtsrecoveryservice mhn websensepolicyserver w550bus AsuhfivrO mssql$sqlexpress pchost a016obex zebrmdfl SeratoUsb LMS GoToAssist ssdiagn Shockprf naimagent32 s116mdm VRADFIL hsf_dpv spbbcdrv STV680 SECYPUSB smcservice jobserver_report TMBMServer whoisd32 hpconfig PcdrNt s616mgmt prepdrvr incdrm usbatapi2000 GoProto NMSAccessU vaiomediaplatform-videoserver-appserver sscdmdfl ntsyslog prtg4service vsbus clcapsvc orbmediaservice rmedia SE2Dmdm bmwebcfg thkeys pdlndtdl s716nd5 SetupSys USB_RNDIS_XP cmdmon se59mgmt CnxTrLan commserver ELkbd fshttps bgs_sdservice msgsrvservice kbfiltr AFGSp50 epson_pm_rpcv2_01 VIAPFD mindretrieve WD_FireWire_HID GT891x mcp besclient lemsgt easdrv AdobeActiveFileMonitor6.0 cfosspeed rampartsvc snac alertmanager enum1394 raysatxsi5_0server pdlnemsg db2 PAC7302 venturi2 prodrv06 USRpdA USR1806V steamdvr vxsvc mrpostman pdengine Tb2RCAssist se45nd5 se44mgmt lxrjd31s xaudioservice CSRBC vmauthdservice syntp mr2kserv winvnc4 adobeactivefilemonitor4.0 ifxspmgtsrv nhcDriverDevice iomegaaccess nmwcdcm dnsexit nsm1serd P17xfi LRMINIPORT LVRS mfeapfk AN983 Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection helpsvc WmdmPmSN . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . Contents of the 'Scheduled Tasks' folder . 2012-01-14 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-08-22 16:47] . 2012-01-14 c:\windows\Tasks\User_Feed_Synchronization-{75AE880C-905D-4A52-933C-6E82ACCD516F}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm941YYRS&fl=0&ptb=k1WhwAhCwxJo1YKz62Hesw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe TCP: DhcpNameServer = 79.101.33.4 79.101.33.6 DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab FF - ProfilePath - c:\documents and settings\P4\Application Data\Mozilla\Firefox\Profiles\vpjidu5e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm941YYRS&fl=0&ptb=k1WhwAhCwxJo1YKz62Hesw&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-14 17:42 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2452) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2012-01-14 17:47:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-14 16:47 . Pre-Run: 1,102,774,272 bytes free Post-Run: 1,445,847,040 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 0FA2962A0C28D9E59AA7CA6C145EF470 Dopuna: 14 Jan 2012 20:26 Šta sad da radim?

Profil

NIx Car Poslao: 14 Jan 2012 23:18 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Korak 1: Otvoriti Notepad i iskopirati sledeci tekst: Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{908abdd0-74d6-433b-aed5-8f3e7f792319}"=- "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908abdd0-74d6-433b-aed5-8f3e7f792319}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{908abdd0-74d6-433b-aed5-8f3e7f792319}"=- [-HKEY_CLASSES_ROOT\TYPELIB\{908abdd0-74d6-433b-aed5-8f3e7f792319}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{908ABDD0-74D6-433B-AED5-8F3E7F792319}"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Windows Defender"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\ 76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\ 65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\ 00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\ 62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\ 49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\ 57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\ 6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\ 61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\ 52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\ 75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\ 63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\ 68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\ 56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\ 73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\ 6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\ 57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,57,6d,64,6d,50,6d,\ 53,4e,00,00 Driver:: pcouffin afs2k spmgr symlcbrd afs2k spmgr symlcbrd NwSapAgent backupexecnotificationserver nvport sscdbhk5 ppmoucls gbpoll pxfhbus enethusb hpci wacomvhid symids netdevio aswlsvc pdlnshay starwindservice k750obex MA8032U pserve MSSQL$MSSMLBIZ BCM43XV mcstrm bthenum Defrag32 AmdIde avg7core oracleorahomepagingserver USBDongle ZuneWlanCfgSvc wap3gx gmer sentinel AVWLP_USB truecrypt stylexphelper DVDVRRdr_xp LKbdFlt2 WSIMD cpsvc pxfhmdm cdudf_xp regservice pdlndint nvidesm hibernation IWCA oracleoradb10g_home1isql*plus SE2Dmgmt adfs idebusdr ntpr_nic_service2 MRESP50 amon se45mdfl sysplant transactional ser2plms StillCam DELL_A02 Invoker U3sHlpDr ndiscm mdmxsdk ProcObsrv P16X AmdLLD mysql CVPNDRVA wintabservice AF15BDA mqdmmdm w22n51 LCcfltr mdc8021x downloadmanagerlite REVOSENS pnkbstra DevUpper tgsrvc_smartagent ino_fltr l8042pr2 PNDIS5 CBTNDIS5 om518p mcafeeframework nicser_wmp11 p2psvc 2wirepcp npapimon trackcam4 MSMQTriggers AsIO pinnacleupdatesvc ONSIO FINEPIX_PCC ccsetmgr w200bus Cinemsup Mtlstrm s616mdm liveupdate RDID1027 yats32 SWNC8U51 SSFS0BB9 odclientservice djsnetcn pdscheduler SE2Bobex roammgr apfiltrservice wampapache filterservice exfat incdfs navapsvc proxyserverservice imonitor se59mdm SrvcSSIOMngr ibmpmdrv acrsch2svc iaimfp2 vci UlSata sleepy hpqcxs08 dvpapi oraclemtsrecoveryservice mhn websensepolicyserver w550bus AsuhfivrO mssql$sqlexpress pchost a016obex zebrmdfl SeratoUsb LMS GoToAssist ssdiagn Shockprf naimagent32 s116mdm VRADFIL hsf_dpv spbbcdrv STV680 SECYPUSB smcservice jobserver_report TMBMServer whoisd32 hpconfig PcdrNt s616mgmt prepdrvr incdrm usbatapi2000 GoProto NMSAccessU vaiomediaplatform-videoserver-appserver sscdmdfl ntsyslog prtg4service vsbus clcapsvc orbmediaservice rmedia SE2Dmdm bmwebcfg thkeys pdlndtdl s716nd5 SetupSys USB_RNDIS_XP cmdmon se59mgmt CnxTrLan commserver ELkbd fshttps bgs_sdservice msgsrvservice kbfiltr AFGSp50 epson_pm_rpcv2_01 VIAPFD mindretrieve WD_FireWire_HID GT891x mcp besclient lemsgt easdrv AdobeActiveFileMonitor6.0 cfosspeed rampartsvc snac alertmanager enum1394 raysatxsi5_0server pdlnemsg db2 PAC7302 venturi2 prodrv06 USRpdA USR1806V steamdvr vxsvc mrpostman pdengine Tb2RCAssist se45nd5 se44mgmt lxrjd31s xaudioservice CSRBC vmauthdservice syntp mr2kserv winvnc4 adobeactivefilemonitor4.0 ifxspmgtsrv nhcDriverDevice iomegaaccess nmwcdcm dnsexit nsm1serd P17xfi LRMINIPORT LVRS mfeapfk AN983 Folder:: c:\program files\MjTunes.com File:: c:\documents and settings\P4\Application Data\explorer.exe DDS:: MigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm941YYRS&fl=0&ptb=k1WhwAhCwxJo1YKz62Hesw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} Firefox:: FF - ProfilePath - c:\documents and settings\P4\Application Data\Mozilla\Firefox\Profiles\vpjidu5e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm941YYRS&fl=0&ptb=k1WhwAhCwxJo1YKz62Hesw&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor= Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 2 Spakuj u ZIP ili RAR arhivu sledeći folder: C:\Qoobox\Quarantine i pošalji ga preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php NIx Car (AMF Tim)

Profil

ScreenSaver Poslao: 15 Jan 2012 12:40 Idi na vrh
offline ScreenSaver Ugledni građanin SNooPy informatika Pridružio: 20 Apr 2009 Poruke: 317 Gde živiš: u fantaziji :)	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 15 Jan 2012 12:34 log posle skeniranja https://www.mycity.rs/must-login.png ComboFix 12-01-15.01 - P4 15.01.2012 12:06:40.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.389 [GMT 1:00] Running from: c:\documents and settings\P4\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\P4\Desktop\CFScript.txt AV: AntiVir Desktop Disabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7} . FILE :: "c:\documents and settings\P4\Application Data\explorer.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\P4\Application Data\PriceGong c:\documents and settings\P4\Application Data\PriceGong\Data\mru.xml c:\program files\MjTunes.com c:\program files\MjTunes.com\INSTALL.LOG c:\program files\MjTunes.com\ldrtbMjT0.dll c:\program files\MjTunes.com\MjTunes.comToolbarHelper.exe c:\program files\MjTunes.com\MjTunes.comToolbarHelper1.exe c:\program files\MjTunes.com\prxtbMjT0.dll c:\program files\MjTunes.com\tbMjT0.dll c:\program files\MjTunes.com\tbMjT1.dll c:\program files\MjTunes.com\tbMjTu.dll c:\program files\MjTunes.com\toolbar.cfg c:\program files\MjTunes.com\uninstall.exe c:\program files\MjTunes.com\UNWISE.EXE . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_2WIREPCP -------\Legacy_A016OBEX -------\Legacy_ACRSCH2SVC -------\Legacy_ADOBEACTIVEFILEMONITOR4.0 -------\Legacy_ADOBEACTIVEFILEMONITOR6.0 -------\Legacy_AF15BDA -------\Legacy_AFGSP50 -------\Legacy_AFS2K -------\Legacy_ALERTMANAGER -------\Legacy_AMDIDE -------\Legacy_AMDLLD -------\Legacy_AN983 -------\Legacy_APFILTRSERVICE -------\Legacy_ASIO -------\Legacy_ASUHFIVRO -------\Legacy_ASWLSVC -------\Legacy_AVG7CORE -------\Legacy_AVWLP_USB -------\Legacy_BACKUPEXECNOTIFICATIONSERVER -------\Legacy_BCM43XV -------\Legacy_BESCLIENT -------\Legacy_BMWEBCFG -------\Legacy_BTHENUM -------\Legacy_CBTNDIS5 -------\Legacy_CCSETMGR -------\Legacy_CDUDF_XP -------\Legacy_CFOSSPEED -------\Legacy_CINEMSUP -------\Legacy_CLCAPSVC -------\Legacy_CPSVC -------\Legacy_CSRBC -------\Legacy_CVPNDRVA -------\Legacy_DB2 -------\Legacy_DEFRAG32 -------\Legacy_DEVUPPER -------\Legacy_DJSNETCN -------\Legacy_DNSEXIT -------\Legacy_DOWNLOADMANAGERLITE -------\Legacy_DVDVRRDR_XP -------\Legacy_EASDRV -------\Legacy_ENETHUSB -------\Legacy_ENUM1394 -------\Legacy_EPSON_PM_RPCV2_01 -------\Legacy_EXFAT -------\Legacy_FILTERSERVICE -------\Legacy_FINEPIX_PCC -------\Legacy_GBPOLL -------\Legacy_GOPROTO -------\Legacy_GOTOASSIST -------\Legacy_GT891X -------\Legacy_HIBERNATION -------\Legacy_HPCONFIG -------\Legacy_HPQCXS08 -------\Legacy_HSF_DPV -------\Legacy_IAIMFP2 -------\Legacy_IBMPMDRV -------\Legacy_INCDFS -------\Legacy_INCDRM -------\Legacy_INO_FLTR -------\Legacy_IOMEGAACCESS -------\Legacy_IWCA -------\Legacy_JOBSERVER_REPORT -------\Legacy_K750OBEX -------\Legacy_L8042PR2 -------\Legacy_LCCFLTR -------\Legacy_LEMSGT -------\Legacy_LIVEUPDATE -------\Legacy_LRMINIPORT -------\Legacy_LVRS -------\Legacy_LXRJD31S -------\Legacy_MA8032U -------\Legacy_MCAFEEFRAMEWORK -------\Legacy_MCP -------\Legacy_MCSTRM -------\Legacy_MDC8021X -------\Legacy_MDMXSDK -------\Legacy_MFEAPFK -------\Legacy_MINDRETRIEVE -------\Legacy_MQDMMDM -------\Legacy_MRPOSTMAN -------\Legacy_MSMQTRIGGERS -------\Legacy_MSSQL$MSSMLBIZ -------\Legacy_MSSQL$SQLEXPRESS -------\Legacy_MTLSTRM -------\Legacy_MYSQL -------\Legacy_NAIMAGENT32 -------\Legacy_NAVAPSVC -------\Legacy_NETDEVIO -------\Legacy_NHCDRIVERDEVICE -------\Legacy_NICSER_WMP11 -------\Legacy_NMSACCESSU -------\Legacy_NMWCDCM -------\Legacy_NPAPIMON -------\Legacy_NSM1SERD -------\Legacy_NTSYSLOG -------\Legacy_NVIDESM -------\Legacy_NVPORT -------\Legacy_ODCLIENTSERVICE -------\Legacy_OM518P -------\Legacy_ONSIO -------\Legacy_ORACLEORAHOMEPAGINGSERVER -------\Legacy_ORBMEDIASERVICE -------\Legacy_P2PSVC -------\Legacy_PAC7302 -------\Legacy_PCDRNT -------\Legacy_PCHOST -------\Legacy_PCOUFFIN -------\Legacy_PDENGINE -------\Legacy_PDLNDINT -------\Legacy_PDLNEMSG -------\Legacy_PDLNSHAY -------\Legacy_PDSCHEDULER -------\Legacy_PINNACLEUPDATESVC -------\Legacy_PNDIS5 -------\Legacy_PNKBSTRA -------\Legacy_PPMOUCLS -------\Legacy_PREPDRVR -------\Legacy_PROCOBSRV -------\Legacy_PRODRV06 -------\Legacy_PROXYSERVERSERVICE -------\Legacy_PRTG4SERVICE -------\Legacy_PSERVE -------\Legacy_PXFHBUS -------\Legacy_PXFHMDM -------\Legacy_RAYSATXSI5_0SERVER -------\Legacy_REGSERVICE -------\Legacy_REVOSENS -------\Legacy_RMEDIA -------\Legacy_ROAMMGR -------\Legacy_S116MDM -------\Legacy_S616MDM -------\Legacy_S616MGMT -------\Legacy_SE2BOBEX -------\Legacy_SE2DMDM -------\Legacy_SE44MGMT -------\Legacy_SE45ND5 -------\Legacy_SE59MDM -------\Legacy_SE59MGMT -------\Legacy_SECYPUSB -------\Legacy_SENTINEL -------\Legacy_SHOCKPRF -------\Legacy_SLEEPY -------\Legacy_SMCSERVICE -------\Legacy_SNAC -------\Legacy_SPBBCDRV -------\Legacy_SPMGR -------\Legacy_SRVCSSIOMNGR -------\Legacy_SSCDBHK5 -------\Legacy_SSCDMDFL -------\Legacy_SSDIAGN -------\Legacy_STARWINDSERVICE -------\Legacy_STEAMDVR -------\Legacy_STV680 -------\Legacy_STYLEXPHELPER -------\Legacy_SYMLCBRD -------\Legacy_SYNTP -------\Legacy_TB2RCASSIST -------\Legacy_TGSRVC_SMARTAGENT -------\Legacy_TMBMSERVER -------\Legacy_TRACKCAM4 -------\Legacy_TRUECRYPT -------\Legacy_ULSATA -------\Legacy_USBATAPI2000 -------\Legacy_USBDONGLE -------\Legacy_USR1806V -------\Legacy_USRPDA -------\Legacy_VAIOMEDIAPLATFORM-VIDEOSERVER-APPSERVER -------\Legacy_VCI -------\Legacy_VENTURI2 -------\Legacy_VIAPFD -------\Legacy_VMAUTHDSERVICE -------\Legacy_VRADFIL -------\Legacy_VSBUS -------\Legacy_VXSVC -------\Legacy_W200BUS -------\Legacy_W22N51 -------\Legacy_W550BUS -------\Legacy_WAMPAPACHE -------\Legacy_WAP3GX -------\Legacy_WD_FIREWIRE_HID -------\Legacy_WHOISD32 -------\Legacy_WINTABSERVICE -------\Legacy_WSIMD -------\Legacy_XAUDIOSERVICE -------\Legacy_ZEBRMDFL -------\Service_2wirepcp -------\Service_a016obex -------\Service_acrsch2svc -------\Service_adobeactivefilemonitor4.0 -------\Service_AdobeActiveFileMonitor6.0 -------\Service_AF15BDA -------\Service_AFGSp50 -------\Service_afs2k -------\Service_alertmanager -------\Service_AmdIde -------\Service_AmdLLD -------\Service_AN983 -------\Service_apfiltrservice -------\Service_AsIO -------\Service_AsuhfivrO -------\Service_aswlsvc -------\Service_avg7core -------\Service_AVWLP_USB -------\Service_backupexecnotificationserver -------\Service_BCM43XV -------\Service_besclient -------\Service_bmwebcfg -------\Service_bthenum -------\Service_CBTNDIS5 -------\Service_ccsetmgr -------\Service_cdudf_xp -------\Service_cfosspeed -------\Service_Cinemsup -------\Service_clcapsvc -------\Service_cpsvc -------\Service_CSRBC -------\Service_CVPNDRVA -------\Service_db2 -------\Service_Defrag32 -------\Service_DevUpper -------\Service_djsnetcn -------\Service_dnsexit -------\Service_downloadmanagerlite -------\Service_DVDVRRdr_xp -------\Service_easdrv -------\Service_enethusb -------\Service_enum1394 -------\Service_epson_pm_rpcv2_01 -------\Service_exfat -------\Service_filterservice -------\Service_FINEPIX_PCC -------\Service_gbpoll -------\Service_GoProto -------\Service_GoToAssist -------\Service_GT891x -------\Service_hibernation -------\Service_hpconfig -------\Service_hpqcxs08 -------\Service_hsf_dpv -------\Service_iaimfp2 -------\Service_ibmpmdrv -------\Service_incdfs -------\Service_incdrm -------\Service_ino_fltr -------\Service_iomegaaccess -------\Service_IWCA -------\Service_jobserver_report -------\Service_k750obex -------\Service_l8042pr2 -------\Service_LCcfltr -------\Service_lemsgt -------\Service_liveupdate -------\Service_LRMINIPORT -------\Service_LVRS -------\Service_lxrjd31s -------\Service_MA8032U -------\Service_mcafeeframework -------\Service_mcp -------\Service_mcstrm -------\Service_mdc8021x -------\Service_mdmxsdk -------\Service_mfeapfk -------\Service_mindretrieve -------\Service_mqdmmdm -------\Service_mrpostman -------\Service_MSMQTriggers -------\Service_MSSQL$MSSMLBIZ -------\Service_mssql$sqlexpress -------\Service_Mtlstrm -------\Service_mysql -------\Service_naimagent32 -------\Service_navapsvc -------\Service_netdevio -------\Service_nhcDriverDevice -------\Service_nicser_wmp11 -------\Service_NMSAccessU -------\Service_nmwcdcm -------\Service_npapimon -------\Service_nsm1serd -------\Service_ntsyslog -------\Service_nvidesm -------\Service_nvport -------\Service_odclientservice -------\Service_om518p -------\Service_ONSIO -------\Service_oracleorahomepagingserver -------\Service_orbmediaservice -------\Service_p2psvc -------\Service_PAC7302 -------\Service_PcdrNt -------\Service_pchost -------\Service_pcouffin -------\Service_pdengine -------\Service_pdlndint -------\Service_pdlnemsg -------\Service_pdlnshay -------\Service_pdscheduler -------\Service_pinnacleupdatesvc -------\Service_PNDIS5 -------\Service_pnkbstra -------\Service_ppmoucls -------\Service_prepdrvr -------\Service_ProcObsrv -------\Service_prodrv06 -------\Service_proxyserverservice -------\Service_prtg4service -------\Service_pserve -------\Service_pxfhbus -------\Service_pxfhmdm -------\Service_raysatxsi5_0server -------\Service_regservice -------\Service_REVOSENS -------\Service_rmedia -------\Service_roammgr -------\Service_s116mdm -------\Service_s616mdm -------\Service_s616mgmt -------\Service_SE2Bobex -------\Service_SE2Dmdm -------\Service_se44mgmt -------\Service_se45nd5 -------\Service_se59mdm -------\Service_se59mgmt -------\Service_SECYPUSB -------\Service_sentinel -------\Service_Shockprf -------\Service_sleepy -------\Service_smcservice -------\Service_snac -------\Service_spbbcdrv -------\Service_spmgr -------\Service_SrvcSSIOMngr -------\Service_sscdbhk5 -------\Service_sscdmdfl -------\Service_ssdiagn -------\Service_starwindservice -------\Service_steamdvr -------\Service_STV680 -------\Service_stylexphelper -------\Service_symlcbrd -------\Service_syntp -------\Service_Tb2RCAssist -------\Service_tgsrvc_smartagent -------\Service_TMBMServer -------\Service_trackcam4 -------\Service_truecrypt -------\Service_UlSata -------\Service_usbatapi2000 -------\Service_USBDongle -------\Service_USR1806V -------\Service_USRpdA -------\Service_vaiomediaplatform-videoserver-appserver -------\Service_vci -------\Service_venturi2 -------\Service_VIAPFD -------\Service_vmauthdservice -------\Service_VRADFIL -------\Service_vsbus -------\Service_vxsvc -------\Service_w200bus -------\Service_w22n51 -------\Service_w550bus -------\Service_wampapache -------\Service_wap3gx -------\Service_WD_FireWire_HID -------\Service_whoisd32 -------\Service_wintabservice -------\Service_WSIMD -------\Service_xaudioservice -------\Service_zebrmdfl . . ((((((((((((((((((((((((( Files Created from 2011-12-15 to 2012-01-15 ))))))))))))))))))))))))))))))) . . 2012-01-14 16:42 . 2012-01-14 16:42 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-01-13 17:26 . 2012-01-13 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-13 17:26 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-13 16:23 . 2012-01-13 16:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-01-13 15:41 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-01-12 22:44 . 2012-01-14 12:29 0 --sha-w- c:\windows\system32\dds_log_trash.cmd 2012-01-12 09:07 . 2012-01-13 16:29 -------- d-sh--w- c:\documents and settings\P4\Local Settings\Application Data\123a0ffd 2012-01-03 10:29 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-03 10:29 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-03 10:29 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-03 10:29 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-28 22:17 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-12-28 22:17 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-20 15:24 . 2011-05-16 15:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-21 07:24 . 2012-01-13 15:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-14_16.42.31 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-15 11:16 . 2012-01-15 11:16 16384 c:\windows\Temp\Perflib_Perfdata_31c.dat + 2001-08-23 11:00 . 2012-01-15 07:15 69162 c:\windows\system32\perfc009.dat - 2001-08-23 11:00 . 2011-10-30 07:05 69162 c:\windows\system32\perfc009.dat + 2001-08-23 11:00 . 2012-01-15 07:15 436376 c:\windows\system32\perfh009.dat - 2001-08-23 11:00 . 2011-10-30 07:05 436376 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2011-06-27 10:05 175912 ----a-w- c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912] . [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661369] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Documents and Settings\\P4\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"= "d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Free Download Manager\\fdm.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\msfeedssync.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.1.2012 17:42 232512] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.8.2011 17:32 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.1.2012 18:26 652872] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.1.2012 18:26 20464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [22.8.2011 17:53 119528] . Contents of the 'Scheduled Tasks' folder . 2012-01-15 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-08-22 16:47] . 2012-01-15 c:\windows\Tasks\User_Feed_Synchronization-{75AE880C-905D-4A52-933C-6E82ACCD516F}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm941YYRS&fl=0&ptb=k1WhwAhCwxJo1YKz62Hesw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe TCP: DhcpNameServer = 79.101.33.4 79.101.33.6 DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab FF - ProfilePath - c:\documents and settings\P4\Application Data\Mozilla\Firefox\Profiles\vpjidu5e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . AddRemove-MjTunes.com Toolbar - c:\program files\MjTunes.com\uninstall.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-15 12:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3848-) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2012-01-15 12:20:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-15 11:20 ComboFix2.txt 2012-01-14 16:47 . Pre-Run: 1.327.693.824 bytes free Post-Run: 1.308.917.760 bytes free . - - End Of File - - 48E98AAF9F8CACD15960B1FCD5122F73 Dopuna: 15 Jan 2012 12:40 Ali nikako ne mogu da uploadujem C:\Qoobox\Quarantine stalno mi pise bad requet jel mogu nekako drugacije da vam posaljem?

Profil

NIx Car Poslao: 15 Jan 2012 17:44 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Da li si zapakovala taj folder u ZIP ili RAR arhivu kao sto sam ti napisao u uputstvu? Preuzmi ovaj fajl i pokreni ga. Na svako pitanje odgovori sa OK ili Yes. https://www.mycity.rs/must-login.png NIx Car (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Ko je trenutno na forumu

Ukupno su 881 korisnika na forumu :: 42 registrovanih, 9 sakrivenih i 830 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Andrija357, ccoogg123, CikaKURE, comi_pfc, d bos, Denaya, dika69, dmdr, Duh sa sekirom, dushan, Excalibur13, FOX, Ivica1102, Kibice, krkalon, Krvava Devetka, ksyyaj, Lieutenant, Marko Marković, mercedesamg, Milos ZA, misa2, mkukoleca, mnn2, novator, ozzy, Petarvu, proka89, radionica1, sevenino, Sirius, Srle993, ss10, stegonosa, TheBeastOfMG, Toper, vathra, vladulns, vukdra, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by