MyCity » Ambulanta -> Arhiva Ambulante » Racunar zamrzava cesto

Racunar zamrzava cesto

Napisano na dan: 3.11.2011

Racunar zamrzava cesto

Sledeća strana

Pagination

Odgovori

Rakun94 Poslao: 03 Nov 2011 20:53 Idi na vrh
offline Rakun94 Novi MyCity građanin Pridružio: 02 Nov 2011 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Racunar cesto zamrzava prilikom vrsenja obicnih aktivnosti eset je prijavljivao nesto ali sad nemam logove. Molim vas pogledajte. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29 Run by Raso at 20:44:57 on 2011-11-03 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1053 [GMT 1:00] . AV: ESET Smart Security 4.2 Enabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall Enabled . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe svchost.exe C:\WINDOWS\system32\WTClient.exe C:\WINDOWS\vVX1000.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Raso\temp\TeamViewer\Version4\TeamViewer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=ccb423a40000000000006cf04995299f&tlver=1.4.19.19&ss=1&affID=17981 mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=ccb423a40000000000006cf04995299f&tlver=1.4.19.19&ss=1&affID=17981 uURLSearchHooks: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\prxtbFre2.dll mWinlogon: Taskman=c:\documents and settings\raso\jvxqnu.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\bh\BabylonToolbar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\prxtbFre2.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\prxtbFre2.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarTlbr.dll EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [AdobeBridge] uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [RTHDCPL] RTHDCPL.EXE mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [WTClient] WTClient.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [VX1000] c:\windows\vVX1000.exe mRun: [VMSnap3] c:\windows\VMSnap3.EXE mRun: [Domino] c:\windows\Domino.EXE mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) mRun: [dskl] c:\ds\dskl.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: &Search - tbedits.smileycentral.com/one-toolbaredits/.....2010113019 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284902203531 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{34E8D06B-E785-43BC-AC85-DE1B91030BF5} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\raso\application data\mozilla\firefox\profiles\q4cxjuxm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - component: c:\documents and settings\raso\application data\mozilla\firefox\profiles\q4cxjuxm.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\raso\application data\mozilla\firefox\profiles\q4cxjuxm.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: d:\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\smileycentral_1vei\installr\2.bin\NP1vEISb.dll . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-8 218688] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144] R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2011-2-21 428160] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-9-19 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\raso\locals~1\temp\oeo99.tmp --> c:\docume~1\raso\locals~1\temp\OEO99.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\+cookiez+\garena nova\garena\safedrv.sys --> d:\+cookiez+\garena nova\garena\safedrv.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-2-20 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-2-20 8576] S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504] . =============== Created Last 30 ================ . 2011-10-24 21:17:57 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan 2011-10-24 21:17:56 -------- d-----w- c:\program files\McAfee Security Scan 2011-10-24 20:05:14 -------- d--h--w- c:\windows\PIF 2011-10-24 18:42:54 -------- d-----w- c:\documents and settings\raso\local settings\application data\Macromedia 2011-10-24 18:41:18 45056 ----a-r- c:\documents and settings\raso\application data\microsoft\installer\{885a63ea-382b-4dd4-a755-14809b8557d6}\ARPPRODUCTICON.exe 2011-10-24 18:41:09 -------- d-----w- c:\program files\common files\Macromedia 2011-10-24 18:40:40 409600 ------w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll 2011-10-24 18:40:40 32768 ------w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll 2011-10-24 18:40:40 266240 ------w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll 2011-10-24 18:40:40 180224 ------w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll 2011-10-24 18:40:40 172032 ------w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll 2011-10-24 18:40:39 761856 ------w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe 2011-10-24 18:40:39 540772 ------w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll 2011-10-24 17:14:16 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll 2011-10-24 17:12:39 -------- d-----w- c:\documents and settings\raso\application data\URSoft 2011-10-24 17:12:33 -------- d-----w- c:\program files\Your Uninstaller! 7 2011-10-13 21:02:31 45056 ----a-r- c:\documents and settings\raso\application data\microsoft\installer\{aa07dded-8675-4d41-ba82-93fdf7106a74}\Coyote.exe1_AA07DDED86754D41BA8293FDF7106A74.exe 2011-10-13 21:02:31 45056 ----a-r- c:\documents and settings\raso\application data\microsoft\installer\{aa07dded-8675-4d41-ba82-93fdf7106a74}\Coyote.exe_AA07DDED86754D41BA8293FDF7106A74.exe 2011-10-13 21:02:28 -------- d-----w- c:\program files\Carving Technologies, LLC 2011-10-13 21:02:03 -------- d-----w- c:\windows\Downloaded Installations 2011-10-13 21:02:00 -------- d-----w- c:\documents and settings\raso\local settings\application data\ApplicationHistory 2011-10-10 09:09:40 4550304 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2011-10-24 21:18:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-30 10:59:48 5018 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys . ============= FINISH: 20:45:13.06 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 03 Nov 2011 21:57 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Rakun94. U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

Rakun94 Poslao: 03 Nov 2011 22:56 Idi na vrh
offline Rakun94 Novi MyCity građanin Pridružio: 02 Nov 2011 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-11-03.03 - Raso 03-Nov-11 22:22:32.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.618 [GMT 1:00] Running from: c:\documents and settings\Raso\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 Enabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall Enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Raso\WINDOWS C:\Win c:\win\1.exe c:\win\names.txt c:\windows\system32\d3d9caps.dat . . ((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 ))))))))))))))))))))))))))))))) . . 2011-10-28 12:39 . 2011-10-28 12:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-10-24 21:17 . 2011-10-24 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2011-10-24 21:17 . 2011-10-28 12:39 -------- d-----w- c:\program files\McAfee Security Scan 2011-10-24 20:05 . 2011-10-24 20:05 -------- d--h--w- c:\windows\PIF 2011-10-24 18:42 . 2011-10-24 18:42 -------- d-----w- c:\documents and settings\Raso\Local Settings\Application Data\Macromedia 2011-10-24 18:41 . 2011-10-24 18:41 45056 ----a-r- c:\documents and settings\Raso\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe 2011-10-24 18:41 . 2011-10-24 18:42 -------- d-----w- c:\program files\Common Files\Macromedia 2011-10-24 18:40 . 2011-10-24 18:40 409600 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll 2011-10-24 18:40 . 2011-10-24 18:40 32768 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll 2011-10-24 18:40 . 2011-10-24 18:40 266240 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll 2011-10-24 18:40 . 2011-10-24 18:40 180224 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll 2011-10-24 18:40 . 2011-10-24 18:40 172032 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll 2011-10-24 18:40 . 2011-10-24 18:41 540772 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll 2011-10-13 21:02 . 2011-10-13 21:03 -------- d-----w- c:\documents and settings\Raso\Local Settings\Application Data\ApplicationHistory . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-24 21:18 . 2011-05-19 13:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2010-10-15 09:28 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37 . 2010-10-15 09:28 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-30 10:59 . 2010-10-18 18:50 5018 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2011-10-01 07:44 . 2011-05-07 09:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\prxtbFre2.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] 2011-01-17 14:54 175912 ----a-w- c:\program files\Free_Lunch_Design\prxtbFre2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\prxtbFre2.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\prxtbFre2.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "WTClient"="WTClient.exe" [2009-08-19 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-08 273544] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2010-06-24 07:27 2202704 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Documents and Settings\\Raso\\My Documents\\utorrent-1.6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [08-May-11 14:57 218688] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28-Apr-10 7:17 114984] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24-Jun-10 8:27 810144] R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [22-Jun-09 10:58 23208] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [21-Feb-11 17:59 428160] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19-Sep-10 13:47 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Raso\LOCALS~1\Temp\OEO99.tmp --> c:\docume~1\Raso\LOCALS~1\Temp\OEO99.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\+cookiez+\GARENA NOVA\Garena\safedrv.sys --> d:\+cookiez+\GARENA NOVA\Garena\safedrv.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-Jan-10 13:49 227232] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20-Feb-11 15:25 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20-Feb-11 15:25 8576] S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [22-Jun-09 10:58 14504] . Contents of the 'Scheduled Tasks' folder . 2011-11-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-602609370-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-11-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-602609370-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-11-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-602609370-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-10-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-602609370-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=ccb423a40000000000006cf04995299f&tlver=1.4.19.19&ss=1&affID=17981 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Raso\Application Data\Mozilla\Firefox\Profiles\q4cxjuxm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE HKLM-Run-dskl - c:\ds\dskl.exe HKLM-Run-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Chicken Invaders: Ultimate Omelette demo_is1 - d:\+cookiez+\ChickenInvadersUOdemo\unins000.exe AddRemove-GamePlayLabs Plugin - c:\documents and settings\Raso\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-11-03 22:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Raso\LOCALS~1\Temp\OEO99.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(968-) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-11-03 22:27:21 ComboFix-quarantined-files.txt 2011-11-03 21:27 . Pre-Run: 19,662,741,504 bytes free Post-Run: 20,913,868,800 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 9E5E7B2C0AD92D966422449DA7764B8D

Profil

1l padr1n0 Poslao: 04 Nov 2011 00:44 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prvo i osnovno - moras detaljno da pratis moja uputstva. Zasto nisi iskljucio Anti-Virus (ESET SS) pre pokretanja ComboFix-a (kada to lepo pise i to crvenim slovima)?! Na dalje - detaljno prati uputstva koja dobijas. - Start -> Control Panel -> Add or Remove Programs - deinstaliraj sve aplikacije koje su visak, tj. ne trebaju ti. Takodje preporucio bih ti i deinstaliranje toolbar-ova ako ih ne koristis (a verovatno ih ne koristis): Babylon toolbar, Conduit Engine, DAEMON Tools Toolbar, Free_Lunch_Design Toolbar, GamePlayLabs Plugin Korak 1 Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). Korak 2 - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. goran9888 (AMF Tim)

Profil

Rakun94 Poslao: 06 Nov 2011 17:49 Idi na vrh
offline Rakun94 Novi MyCity građanin Pridružio: 02 Nov 2011 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Malwarebytes' Anti-Malware 1.51.2.1300 malwarebytes.org Database version: 8095 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 06-Nov-11 17:45:24 mbam-log-2011-11-06 (17-45-24).txt Scan type: Quick scan Objects scanned: 178827 Time elapsed: 3 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Profil

1l padr1n0 Poslao: 06 Nov 2011 17:53 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USB No Risk izvestaj?

Profil

Rakun94 Poslao: 08 Nov 2011 16:46 Idi na vrh
offline Rakun94 Novi MyCity građanin Pridružio: 02 Nov 2011 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne zamrzava vise. Sad je ok

Profil

1l padr1n0 Poslao: 08 Nov 2011 16:53 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Rakun94 ::Ne zamrzava vise. Sad je ok Nismo zavrsili slucaj. Napisacu ti kada sve bude gotovo. To sto ne zamrzava vise, ne znaci i da smo resili sve probleme. Odradi ono sto sam trazio. Ako mislis da ti pomoc nije potrebna - tvoja stvar, zatvoricemo slucaj. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Racunar zamrzava cesto

Ko je trenutno na forumu

Ukupno su 767 korisnika na forumu :: 26 registrovanih, 3 sakrivenih i 738 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, cuculo, draganca, helen1, Herman Terrance Aubrey, janbo, krkalon, Kubovac, laki_bb, Mi lao shu, MiroslavD, Mlav, naki011, nikoladim, panzerwaffe, Pohovani_00, rodoljub, S2M, Srki94, Srle993, stegonosa, vathra, vladetije, vlajkox, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by