Restartuje se komp Task Manager ne radi

1

Restartuje se komp Task Manager ne radi

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2629
  • Gde živiš: Milan, Italy

p0z svima.....

Drugu mi je poludeo komp ja predpostavljam da su virusi u pitanju, restartuje mu se komp kad ubaci USB ili preko USB kad kaci fon takodje i kad izvlaci Task Manger ne radi pise da je ""task manager has been disabled by your administrator" usporen mu je racunar i sve nekako naginje da je zarazen virusima evo vec jedno 10dana mu je tako... Brzina neta mu je 5Mbps. A evo i logova ako je jos sta potrebno slobodno recite Smile

Hvala unapred na pomoci.... smešak



DDS (Ver_10-03-17.01) - NTFSx86
Run by Korisnik at 1:07:20,18 on sub 12.06.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1800 [GMT 2:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Korisnik\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
uDefault_Search_URL = hxxp://search13.net/
uDefault_Page_URL = hxxp://search13.net/
uInternet Connection Wizard,ShellNext = hxxp://ww.4um.co.yu/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
mSearchAssistant = hxxp://start.facemoods.com/?s={searchTerms}&f=4
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe scvhost.exe
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.3.60.6\facemoods.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: WitBHO Class: {75ed56af-4dc9-4243-a30c-4ef4dd0ca28f} - c:\documents and settings\korisnik\appdata\locallow\chameleontom for ie\wit4ie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: TomBHO Class: {8aa217b9-d729-4ee0-aed7-e93d695e94a2} - c:\program files\stylish profile\tom4ie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe0.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
TB: greatbar23dec2009 Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe0.dll
TB: Chameleon Tom Toolbar: {fc00cdd1-38e2-4a90-9805-bfc987777712} - c:\program files\chameleon tom toolbar\toolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.3.60.6\facemoodsTlbr.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\korisnik\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Yahoo Messengger] c:\windows\system32\scvhost.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [LFAgent]
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinPatrol] c:\sa starog c\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [64552830] c:\docume~1\alluse~1\applic~1\64552830\64552830.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NPSStartup]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [4shared Update] "c:\program files\4shared desktop\checkUpdate.exe"
StartupFolder: c:\docume~1\korisnik\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NofolderOptions = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: Start = 04000000
mPolicies-explorer: NoNetCrawling = 01000000
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\down_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\korisnik\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\stylish profile\ct.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\h3ndo5qi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\h3ndo5qi.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\h3ndo5qi.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\h3ndo5qi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\h3ndo5qi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-12-1 14336]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-15 54752]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-30 233472]
R2 LF30FS;LF30FS;c:\program files\everstrike software\lock folder xp 3.5\LF30XP.sys [2004-11-19 101488]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-9-28 10752]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-30 36608]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-8-21 30510960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2009-12-21 30272]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-5-30 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-5-30 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-5-30 121856]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-06-09 06:42:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 19:23:47 0 d-----w- c:\docume~1\korisnik\applic~1\4shared Desktop
2010-06-07 19:23:45 0 d-----w- c:\program files\4shared Desktop
2010-06-04 22:51:02 0 d-----w- C:\DivX Movies
2010-06-03 19:13:15 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-31 11:49:08 0 d-----w- C:\My Art
2010-05-30 20:36:36 0 d-----w- c:\program files\MarkAnyContentSAFER
2010-05-30 18:40:03 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-05-30 18:39:42 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-30 18:38:51 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-05-30 18:38:51 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-05-30 18:38:50 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-05-30 18:38:50 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-05-30 18:38:50 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-05-30 18:38:49 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-05-30 18:38:49 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-05-30 18:37:50 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-05-30 18:37:50 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-05-30 18:37:50 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-05-30 18:37:12 0 d-----w- c:\program files\MarkAny
2010-05-30 18:37:08 0 d-----w- c:\program files\PC Connectivity Solution
2010-05-30 18:35:42 0 d-----w- c:\program files\Samsung
2010-05-27 17:34:28 0 d-----w- c:\docume~1\alluse~1\applic~1\VirtualizedApplications
2010-05-27 11:31:18 0 d-----w- c:\docume~1\korisnik\applic~1\NVD
2010-05-27 11:30:24 0 d-----w- c:\docume~1\korisnik\applic~1\SoftGrid Client
2010-05-27 11:29:03 0 d-----w- c:\program files\Microsoft Application Virtualization Client
2010-05-27 11:26:06 0 d-----w- c:\docume~1\korisnik\applic~1\TP
2010-05-15 12:52:36 9369 --sha-r- c:\windows\system32\setting.ini
2010-05-15 12:51:32 23 --sha-r- c:\windows\system32\autorun.ini

==================== Find3M ====================

2010-05-30 20:33:49 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40:40 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 22:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 20:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 1:07:51,03 ===============




https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Pozdrav


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2629
  • Gde živiš: Milan, Italy

ComboFIX je odradio sve kao sto pise ovdje, ali na kraju nema loga niti u C:\ ComboFix.txt ne mogu da nadjem... Neutral

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Napisano: 12 Jun 2010 18:01

Pronadji ovaj folder
C:\QooBox

Upload-uj ga preko ove forme
http://www.mycity.rs/ambulanta-upload.php

javi kad to odradis.

Dopuna: 12 Jun 2010 18:02

edit: pre upload-a ga zip/rar -uj.

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2629
  • Gde živiš: Milan, Italy

evo uspeo sam tek sad, pise uspjesno uploadovano smešak

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Ovako...


Arrow Preuzmi Dr.Web CureIt (~24 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu


Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.



........................................



Arrow Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2629
  • Gde živiš: Milan, Italy

Napisano: 13 Jun 2010 0:53

Samo da javim da skeniranje u Safe modu sa " Dr.Web CureIt " traje evo vec oko 4sata i oko 65% je... ostace upaljeno do jutra... Neutral

Dopuna: 13 Jun 2010 16:54

evo loga od Dr.Web CureIt...

libcurl-4.dll;C:\Program Files\Lupo PenSuite v6.75 Full\Apps\GIMP Plus\App\Gimp\bin;Trojan.Siggen.6251;Neizleèiv.Premešten.;
A0140219.dll;C:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Trojan.Siggen.6251;Neizleèiv.Premešten.;
BearShareV7.exe/BearShareV7.exe/rogram Files/data009/Bin/Static/sms_inst.exe\___\Install.dll;F:\BearShareV7.exe/BearShareV7.exe/rogram Files/data009/Bin/Static/sms_inst.exe;Adware.Shopper.24;;
Bin/Static/sms_inst.exe;F:\;Kontejner sadrži inficirane objekte;;
data009;F:\;Arhiva sadrži inficirane objekte;;
rogram Files;F:\;Kontejner sadrži inficirane objekte;;
BearShareV7.exe;F:\;Kontejner sadrži inficirane objekte;;
BearShareV7.exe;F:\;Kontejner sadrži inficirane objekte;Premešten.;
MailPassView.exe;F:\muzika i slike - zadnje\60 Most Wanted Portable Applications Collection\60 Most Wanted Portable Applications Collection\60 M;Tool.PassView;Neizleèiv.Izbrisan.;
pass_IE.exe;F:\muzika i slike - zadnje\60 Most Wanted Portable Applications Collection\60 Most Wanted Portable Applications Collection\60 M;Tool.PassView.22;Neizleèiv.Izbrisan.;
strun.exe;F:\muzika i slike - zadnje\60 Most Wanted Portable Applications Collection\60 Most Wanted Portable Applications Collection\60 M;Tool.StartupRun.122;Neizleèiv.Izbrisan.;
Windows XP simulator.exe\Tutorial.exe;F:\Programi\Windows XP simulator.exe;Trojan.KeyLogger.478;;
Windows XP simulator.exe;F:\Programi;Kontejner sadrži inficirane objekte;Premešten.;
DivXPro505GAINBundle.exe\unvised_23.bin;F:\Programi\Programi\Codecs\DivX\DivXPro505GAINBundle.exe;Adware.Gator;;
DivXPro505GAINBundle.exe;F:\Programi\Programi\Codecs\DivX;Kontejner sadrži inficirane objekte;Premešten.;
SmileyCentar.exe/data002\mwsSrcSp.CommonCodebase.exe;F:\Programi\Programi za cetovanje\MSN\SmileyCentar.exe/data002;Adware.Websearch;;
data002;F:\Programi\Programi za cetovanje\MSN;Arhiva sadrži inficirane objekte;;
SmileyCentar.exe;F:\Programi\Programi za cetovanje\MSN;Kontejner sadrži inficirane objekte;Premešten.;
LimeWire Turbo 5.4.1.exe/data002\{tmp}\VVSNInst.exe;F:\Programi\Programi za skidanje\LimeWire\LimeWire Turbo 5.4.1.exe/data002;Adware.SaveNow;;
data002;F:\Programi\Programi za skidanje\LimeWire;Kontejner sadrži inficirane objekte;;
LimeWire Turbo 5.4.1.exe;F:\Programi\Programi za skidanje\LimeWire;Kontejner sadrži inficirane objekte;Premešten.;
Tutorial.exe;F:\Programi\XP Simulation\xp_simulation_setup;Trojan.KeyLogger.478;Izbrisan.;
A0140220.exe/BearShareV7.exe/rogram Files/data009/Bin/Static/sms_inst.exe\___\Install.dll;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311\A0140220.exe/BearShareV7.exe/rogram Files/dat;Adware.Shopper.24;;
Bin/Static/sms_inst.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;;
data009;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Arhiva sadrži inficirane objekte;;
rogram Files;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;;
BearShareV7.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;;
A0140220.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;Premešten.;
A0140221.exe\Tutorial.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311\A0140221.exe;Trojan.KeyLogger.478;;
A0140221.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;Premešten.;
A0140222.exe\unvised_23.bin;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311\A0140222.exe;Adware.Gator;;
A0140222.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;Premešten.;
A0140223.exe/data002\mwsSrcSp.CommonCodebase.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311\A0140223.exe/data002;Adware.Websearch;;
data002;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Arhiva sadrži inficirane objekte;;
A0140223.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;Premešten.;
A0140224.exe/data002\{tmp}\VVSNInst.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311\A0140224.exe/data002;Adware.SaveNow;;
data002;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;;
A0140224.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Kontejner sadrži inficirane objekte;Premešten.;
A0140225.exe;F:\System Volume Information\_restore{3CA24AAE-C416-43E1-840F-960570A678AD}\RP311;Trojan.KeyLogger.478;Izbrisan.;
Laka premija.EXE;F:\Zajebancije;Joke.Dollars;Neizleèiv.Izbrisan.;
Masina za zvuke.exe;F:\Zajebancije;Trojan.PWS.Legmir.3686;Neizleèiv.Premešten.;
Mona Liza.EXE;F:\Zajebancije;Joke.Mona;Neizleèiv.Izbrisan.;

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Hajde odradi jos skeniranje sa Malwarebytes-om (nece trajati dugo)
pa mi onda postavi svez DDS log...

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2629
  • Gde živiš: Milan, Italy

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4193

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.6.2010 17:06:46
mbam-log-2010-06-13 (17-06-46).txt

Scan type: Quick scan
Objects scanned: 119279
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yahoo messengger (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64552830 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe scvhost.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Odlicno...
hajde sad ponovo pokreni DDS program i postavi svez DDS.txt

I reci mi kakvo je sad stanje.

Ko je trenutno na forumu
 

Ukupno su 789 korisnika na forumu :: 45 registrovanih, 6 sakrivenih i 738 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Atomski čoban, bojankrstc, Boris90, crnitrn, dac, flash12, Fulcrum, Georgius, HrcAk47, hyla, Insan, janezek67, Klecaviks, KUZMAR, Leonardo, leptirleptir, Lucije Kvint, madza, Marko Marković, MB120mm, mercedesamg, Mihajlo, Milan A. Nikolic, milekNS, milos.cbr, Miskohd, mrav pesadinac, operniki, Regrut Boskica, rovac, S-lash, Sr.Stat., stegonosa, StepskiVuk, time, Trpe Grozni, vasa.93, Vislaseki, Vlada78, voja64, vranjanac29, Wisdomseeker, Čivi