MyCity » Ambulanta -> Arhiva Ambulante » USB

USB

Napisano na dan: 29.9.2009

Strana:
1
2

USB

Sledeća strana

Pagination

Odgovori

Strana:
1
2

nemamIme:P Poslao: 29 Sep 2009 11:32 Idi na vrh
offline nemamIme:P Novi MyCity građanin Pridružio: 10 Sep 2009 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ja se izvinjavam imam jos jedan problem ... kada ubacim usb od mob.telefona nece da mi prikaze nista znaci ne otvara ni memorijsku ni nistta...a i kad ubacim cd nece da mi radi auto run DDS (Ver_09-09-29.01) - NTFSx86 Run by Admin at 11:16:36,09 on uto 29.09.2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.500 [GMT 2:00] AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=NqTEAGZA2vyOdz.WaV..FA uSearch Page = hxxp://search.live.com uDefault_Page_URL = hxxp://www.msn.com uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=An6ArYFISwpcJXC4pj4LQg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = hxxp://search.live.com/sphome.aspx uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [SkyTel] SkyTel.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\1.bin\MWSBAR.DLL,S mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-explorer: NoInstrumentation = 1 (0x1) IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000 IE: Download with GetRight - c:\program files\getright\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://msn.worldwinner.com/games/v47/shared/FunGamesLoader.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\ta7mzuo1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=NqTEAGZA2vyOdz.WaV..FA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-11 11608] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-9-1 13696] R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-9-3 8192] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-11 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-11 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-9 55656] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-16 24652] S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-9-29 28762] S3 BS_Flash;BS_Flash;c:\program files\bios\bios flash\BS_Flash.sys [2008-9-3 3604] =============== Created Last 30 ================ 2009-09-29 11:04 <DIR> --d----- c:\windows\Modio 2009-09-29 11:03 <DIR> --d----- c:\windows\PCTEL 2009-09-29 11:03 50,040 -------- c:\windows\system32\ptPTT.dat 2009-09-29 11:03 308 -------- c:\windows\system32\pthsp.dat 2009-09-29 10:54 <DIR> --d----- c:\program files\Driver 2009-09-29 10:28 28,672 a------- c:\windows\system32\f3PSSavr.scr 2009-09-29 10:28 <DIR> --d----- c:\program files\FunWebProducts 2009-09-29 10:28 <DIR> --d----- c:\program files\MyWebSearch 2009-09-28 20:32 <DIR> --dsh--- c:\documents and settings\admin\IECompatCache 2009-09-28 20:32 <DIR> --dsh--- c:\documents and settings\admin\PrivacIE 2009-09-28 20:30 <DIR> --dsh--- c:\documents and settings\admin\IETldCache 2009-09-28 20:28 81,920 a------- c:\windows\system32\ieencode.dll 2009-09-28 20:28 81,920 a------- c:\windows\system32\dllcache\ieencode.dll 2009-09-28 20:28 <DIR> --d-h--- c:\windows\msdownld.tmp 2009-09-28 19:24 294,912 -c------ c:\windows\system32\dllcache\msctf.dll 2009-09-26 17:48 54,156 a---h--- c:\windows\QTFont.qfn 2009-09-26 17:48 1,409 a------- c:\windows\QTFont.for 2009-09-19 18:17 <DIR> --d----- c:\program files\Virtual Trumpet 2009-09-19 18:14 249,856 -------- c:\windows\Setup1.exe 2009-09-19 18:14 73,216 a------- c:\windows\ST6UNST.EXE 2009-09-19 18:14 1,608 a------- c:\windows\ST6UNST.000 2009-09-19 00:09 140,488 a------- c:\windows\system32\COMDLG32.OCX 2009-09-19 00:09 115,920 a------- c:\windows\system32\MSINET.OCX 2009-09-17 23:22 <DIR> --ds---- C:\ComboFix 2009-09-16 18:03 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector 2009-09-16 18:01 <DIR> --d----- c:\program files\Microsoft 2009-09-14 21:09 45,056 a------- c:\windows\system32\vusetup.dll 2009-09-14 21:09 11,264 a------- c:\windows\system32\drivers\vulfntr.sys 2009-09-14 21:09 6,912 a------- c:\windows\system32\drivers\vulfnth.sys 2009-09-14 21:09 307,200 a------- c:\windows\IsUn041a.exe 2009-09-14 20:53 69,632 a------- c:\windows\Alcmtr.exe 2009-09-12 20:31 <DIR> --d----- c:\docume~1\admin\applic~1\BSplayer Pro 2009-09-12 20:31 <DIR> --d----- c:\docume~1\admin\applic~1\BSplayer 2009-09-11 17:28 <DIR> --d----- C:\Lop SD 2009-09-11 00:06 <DIR> --d----- c:\program files\Avira 2009-09-11 00:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-09-10 21:41 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-09-10 21:40 <DIR> --d----- C:\games 2009-09-10 21:40 <DIR> --d----- c:\program files\Solsoft 2009-09-09 12:35 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-09 12:24 124,688 a------- c:\windows\system32\MSWINSCK.OCX 2009-09-09 12:05 153,088 -c------ c:\windows\system32\dllcache\triedit.dll 2009-09-08 22:55 <DIR> --d----- c:\program files\Multi Password Recovery 2009-09-08 22:41 786 ---sh--- c:\windows\system\actualspystart.lnk 2009-09-08 16:04 <DIR> --d----- c:\docume~1\admin\applic~1\TeamViewer 2009-09-08 16:04 <DIR> --d----- c:\program files\TeamViewer 2009-09-08 16:04 <DIR> --d----- c:\documents and settings\admin\temp 2009-09-07 22:02 <DIR> --d----- c:\program files\Polyhedric Software 2009-09-07 22:02 299,520 a------- c:\windows\uninst.exe 2009-09-07 22:02 <DIR> --d----- c:\documents and settings\admin\WINDOWS 2009-09-07 21:59 <DIR> --d----- c:\docume~1\admin\applic~1\fltk.org 2009-09-06 12:54 <DIR> --d----- c:\program files\NetTVPlus Player ==================== Find3M ==================== 2009-08-05 11:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 20:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll ============= FINISH: 11:16:59,03 =============== mycity.rs/must-login.png a device manager mi izgleda ovako

Profil

helen1 Poslao: 29 Sep 2009 12:21 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, kad si pre uspeo da se zarazis? Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

nemamIme:P Poslao: 29 Sep 2009 13:22 Idi na vrh
offline nemamIme:P Novi MyCity građanin Pridružio: 10 Sep 2009 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 29 Sep 2009 13:08 ne znam na koju foru ...al auto run nije radio ni onda... evo izvestaj sa combofix-a ComboFix 09-09-28.01 - Admin 29.09.2009 12:53.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.468 [GMT 2:00] Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Application Data\Desktopicon c:\documents and settings\Admin\Application Data\Desktopicon\config.ini c:\documents and settings\Admin\Application Data\Desktopicon\eBayShortcuts.exe c:\program files\driver c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\000D4A58.FA c:\program files\MyWebSearch\bar\Cache\000D51CA c:\program files\MyWebSearch\bar\Cache\000D5350.bin c:\program files\MyWebSearch\bar\Cache\000D5573.bin c:\program files\MyWebSearch\bar\Cache\000D57D5.bin c:\program files\MyWebSearch\bar\Cache\000D59C9.bin c:\program files\MyWebSearch\bar\Cache\000D5B8E.bin c:\program files\MyWebSearch\bar\Cache\000D5CF5.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\windows\system32\f3PSSavr.scr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))))) . 2009-09-29 09:04 . 2009-09-29 09:04 -------- d-----w- c:\windows\Modio 2009-09-29 09:03 . 2009-09-29 09:03 -------- d-----w- c:\windows\LastGood.Tmp 2009-09-29 09:03 . 2009-09-29 09:03 -------- d-----w- c:\windows\PCTEL 2009-09-29 09:03 . 2003-11-25 03:26 308 ------w- c:\windows\system32\pthsp.dat 2009-09-29 09:03 . 2002-09-27 07:16 50040 ------w- c:\windows\system32\ptPTT.dat 2009-09-28 18:32 . 2009-09-28 18:32 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache 2009-09-28 18:32 . 2009-09-28 18:32 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE 2009-09-28 18:30 . 2009-09-28 18:30 -------- d-sh--w- c:\documents and settings\Admin\IETldCache 2009-09-28 18:28 . 2009-06-26 16:18 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-28 18:28 . 2009-06-26 16:18 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2009-09-28 18:28 . 2009-09-28 18:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-28 18:28 . 2009-09-28 18:29 -------- d--h--w- c:\windows\msdownld.tmp 2009-09-28 17:24 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll 2009-09-19 16:17 . 2009-09-19 16:17 -------- d-----w- c:\program files\Virtual Trumpet 2009-09-19 16:14 . 2009-09-19 16:19 249856 ------w- c:\windows\Setup1.exe 2009-09-19 16:14 . 2009-09-19 16:19 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-09-16 16:03 . 2009-09-16 16:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-09-16 16:01 . 2009-09-16 17:20 -------- d-----w- c:\program files\Microsoft 2009-09-14 19:09 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys 2009-09-14 19:09 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys 2009-09-14 19:09 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll 2009-09-14 19:09 . 1998-11-13 11:11 307200 ----a-w- c:\windows\IsUn041a.exe 2009-09-14 18:53 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe 2009-09-12 18:31 . 2009-09-12 20:50 -------- d-----w- c:\documents and settings\Admin\Application Data\BSplayer 2009-09-12 18:31 . 2009-09-12 18:31 -------- d-----w- c:\documents and settings\Admin\Application Data\BSplayer Pro 2009-09-11 15:28 . 2009-09-12 15:30 -------- d-----w- C:\Lop SD 2009-09-10 22:06 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-10 22:06 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-10 22:06 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-10 22:06 . 2009-09-10 22:06 -------- d-----w- c:\program files\Avira 2009-09-10 22:06 . 2009-09-10 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-10 19:41 . 2009-09-10 19:41 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-10 19:40 . 2009-09-10 19:40 -------- d-----w- C:\games 2009-09-10 19:40 . 2009-09-10 19:40 -------- d-----w- c:\program files\Solsoft 2009-09-09 10:35 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-09 10:05 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 20:55 . 2009-09-08 20:57 -------- d-----w- c:\program files\Multi Password Recovery 2009-09-08 14:04 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\Admin\Application Data\TeamViewer 2009-09-08 14:04 . 2009-09-08 14:05 -------- d-----w- c:\program files\TeamViewer 2009-09-08 14:04 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\Admin\temp 2009-09-07 20:02 . 2009-09-07 20:02 -------- d-----w- c:\program files\Polyhedric Software 2009-09-07 20:02 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe 2009-09-07 20:02 . 2009-09-07 20:02 -------- d-----w- c:\documents and settings\Admin\WINDOWS 2009-09-07 19:59 . 2009-09-07 19:59 -------- d-----w- c:\documents and settings\Admin\Application Data\fltk.org 2009-09-06 10:54 . 2009-09-06 11:07 -------- d-----w- c:\program files\NetTVPlus Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 10:58 . 2009-04-21 17:45 -------- d-----w- c:\program files\DNA 2009-09-29 10:58 . 2009-04-21 17:45 -------- d-----w- c:\documents and settings\Admin\Application Data\DNA 2009-09-29 09:00 . 2008-09-03 21:21 -------- d-----w- c:\program files\UIU 2009-09-16 18:18 . 2009-01-19 13:05 -------- d-----w- c:\program files\Opera 2009-09-16 17:42 . 2009-03-16 17:04 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Live Writer 2009-09-13 14:07 . 2009-07-24 12:33 -------- d-----w- c:\documents and settings\Admin\Application Data\Nokia 2009-09-12 21:01 . 2009-04-21 17:45 -------- d-----w- c:\documents and settings\Admin\Application Data\BitTorrent 2009-09-10 20:37 . 2005-10-03 19:44 -------- d-----w- c:\program files\Google 2009-09-10 20:02 . 2009-01-28 14:35 -------- d-----w- c:\program files\Valve 2009-09-09 10:01 . 2009-01-31 16:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-17 13:12 . 2005-10-03 20:53 39464 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 08:45 . 2009-08-15 08:45 -------- d-----w- c:\program files\MSBuild 2009-08-15 08:45 . 2009-08-15 08:45 -------- d-----w- c:\program files\Reference Assemblies 2009-08-15 08:42 . 2009-08-15 08:42 -------- d-----w- c:\program files\MSXML 6.0 2009-08-05 09:11 . 2002-12-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 18:55 . 2002-12-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 00:18 . 2002-12-31 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-06 15:33 . 2008-10-04 11:29 41 ----a-w- c:\windows\popcinfo.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-21 321344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP::Disabled:@xpsp2res.dll,-22009 "19199:TCP"= 19199:TCP:BitComet 19199 TCP "19199:UDP"= 19199:UDP:BitComet 19199 UDP R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1.9.2008 19:15 13696] R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3.9.2008 23:50 8192] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11.9.2009 0:06 108289] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 9:13 34064] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [16.3.2009 12:54 24652] S3 BS_Flash;BS_Flash;c:\program files\BIOS\BIOS Flash\BS_Flash.sys [3.9.2008 5:00 3604] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=NqTEAGZA2vyOdz.WaV..FA uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=An6ArYFISwpcJXC4pj4LQg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000 IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ta7mzuo1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=NqTEAGZA2vyOdz.WaV..FA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL AddRemove-Knob Mess Remote - c:\docume~1\Admin\APPLIC~1\VCFIVE~1\joy jugs.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-29 12:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf] @DACL=(02 0000) "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\ "BootConfig"=hex(:01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00, 00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3336) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe . ************************************************************************ . Completion time: 2009-09-29 13:03 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-29 11:03 ComboFix2.txt 2009-09-12 21:45 Pre-Run: 4.164.882.432 bytes free Post-Run: 4.154.966.016 bytes free 276 --- E O F --- 2009-09-10 07:47 Dopuna: 29 Sep 2009 13:22 e izvini i jos nesto kako da pojacam desni zvucnik posto je skroz smanjn na kompu negde a nmp gde u master volume je sve na sredini audio manager isto sve ok ...a zvucnik j smanjen ... nije do kabla .. jer sam ga nosila u servis i kod njih rade oba a kod mene radi ali je prigusen ...

Profil

helen1 Poslao: 29 Sep 2009 15:14 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini ovaj fajl na desktop, raspakuj ga i pokreni dvoklikom Dobices takodje na desktopu showreg.txt fajl, koji ces mi prikaciti ovde na forumu. https://www.mycity.rs/must-login.png

Profil

nemamIme:P Poslao: 29 Sep 2009 18:15 Idi na vrh
offline nemamIme:P Novi MyCity građanin Pridružio: 10 Sep 2009 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png

Profil

helen1 Poslao: 29 Sep 2009 18:23 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini ovaj fajl, pokreni ga dvoklikom, yes pa ok. https://www.mycity.rs/must-login.png

Profil

nemamIme:P Poslao: 29 Sep 2009 19:51 Idi na vrh
offline nemamIme:P Novi MyCity građanin Pridružio: 10 Sep 2009 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! iii sta sad???posto ne mogu nista da ti kopiram"?

Profil

helen1 Poslao: 29 Sep 2009 20:01 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Firefox:: FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=NqTEAGZA2vyOdz.WaV..FA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= DDS:: IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nemamIme:P Poslao: 29 Sep 2009 20:26 Idi na vrh
offline nemamIme:P Novi MyCity građanin Pridružio: 10 Sep 2009 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-28.01 - Admin 29.09.2009 20:17.6.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.486 [GMT 2:00] Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))))) . 2009-09-29 09:04 . 2009-09-29 09:04 -------- d-----w- c:\windows\Modio 2009-09-29 09:03 . 2009-09-29 09:03 -------- d-----w- c:\windows\PCTEL 2009-09-29 09:03 . 2003-11-25 03:26 308 ------w- c:\windows\system32\pthsp.dat 2009-09-29 09:03 . 2002-09-27 07:16 50040 ------w- c:\windows\system32\ptPTT.dat 2009-09-28 18:32 . 2009-09-28 18:32 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache 2009-09-28 18:32 . 2009-09-28 18:32 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE 2009-09-28 18:30 . 2009-09-28 18:30 -------- d-sh--w- c:\documents and settings\Admin\IETldCache 2009-09-28 18:28 . 2009-06-26 16:18 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-28 18:28 . 2009-06-26 16:18 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2009-09-28 18:28 . 2009-09-29 15:40 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-28 18:28 . 2009-09-28 18:29 -------- d--h--w- c:\windows\msdownld.tmp 2009-09-28 17:24 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll 2009-09-19 16:17 . 2009-09-19 16:17 -------- d-----w- c:\program files\Virtual Trumpet 2009-09-19 16:14 . 2009-09-19 16:19 249856 ------w- c:\windows\Setup1.exe 2009-09-19 16:14 . 2009-09-19 16:19 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-09-16 16:03 . 2009-09-16 16:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-09-16 16:01 . 2009-09-16 17:20 -------- d-----w- c:\program files\Microsoft 2009-09-14 19:09 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys 2009-09-14 19:09 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys 2009-09-14 19:09 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll 2009-09-14 19:09 . 1998-11-13 11:11 307200 ----a-w- c:\windows\IsUn041a.exe 2009-09-14 18:53 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe 2009-09-12 18:31 . 2009-09-12 20:50 -------- d-----w- c:\documents and settings\Admin\Application Data\BSplayer 2009-09-12 18:31 . 2009-09-12 18:31 -------- d-----w- c:\documents and settings\Admin\Application Data\BSplayer Pro 2009-09-11 15:28 . 2009-09-12 15:30 -------- d-----w- C:\Lop SD 2009-09-10 22:06 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-10 22:06 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-10 22:06 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-10 22:06 . 2009-09-10 22:06 -------- d-----w- c:\program files\Avira 2009-09-10 22:06 . 2009-09-10 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-10 19:41 . 2009-09-10 19:41 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-10 19:40 . 2009-09-10 19:40 -------- d-----w- C:\games 2009-09-10 19:40 . 2009-09-10 19:40 -------- d-----w- c:\program files\Solsoft 2009-09-09 10:35 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-09 10:05 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 20:55 . 2009-09-08 20:57 -------- d-----w- c:\program files\Multi Password Recovery 2009-09-08 14:04 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\Admin\Application Data\TeamViewer 2009-09-08 14:04 . 2009-09-08 14:05 -------- d-----w- c:\program files\TeamViewer 2009-09-08 14:04 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\Admin\temp 2009-09-07 20:02 . 2009-09-07 20:02 -------- d-----w- c:\program files\Polyhedric Software 2009-09-07 20:02 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe 2009-09-07 20:02 . 2009-09-07 20:02 -------- d-----w- c:\documents and settings\Admin\WINDOWS 2009-09-07 19:59 . 2009-09-07 19:59 -------- d-----w- c:\documents and settings\Admin\Application Data\fltk.org 2009-09-06 10:54 . 2009-09-06 11:07 -------- d-----w- c:\program files\NetTVPlus Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 18:15 . 2009-04-21 17:45 -------- d-----w- c:\documents and settings\Admin\Application Data\DNA 2009-09-29 18:05 . 2009-04-21 17:45 -------- d-----w- c:\program files\DNA 2009-09-29 09:00 . 2008-09-03 21:21 -------- d-----w- c:\program files\UIU 2009-09-16 18:18 . 2009-01-19 13:05 -------- d-----w- c:\program files\Opera 2009-09-16 17:42 . 2009-03-16 17:04 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Live Writer 2009-09-13 14:07 . 2009-07-24 12:33 -------- d-----w- c:\documents and settings\Admin\Application Data\Nokia 2009-09-12 21:01 . 2009-04-21 17:45 -------- d-----w- c:\documents and settings\Admin\Application Data\BitTorrent 2009-09-10 20:37 . 2005-10-03 19:44 -------- d-----w- c:\program files\Google 2009-09-10 20:02 . 2009-01-28 14:35 -------- d-----w- c:\program files\Valve 2009-09-09 10:01 . 2009-01-31 16:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-17 13:12 . 2005-10-03 20:53 39464 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 08:45 . 2009-08-15 08:45 -------- d-----w- c:\program files\MSBuild 2009-08-15 08:45 . 2009-08-15 08:45 -------- d-----w- c:\program files\Reference Assemblies 2009-08-15 08:42 . 2009-08-15 08:42 -------- d-----w- c:\program files\MSXML 6.0 2009-08-05 09:11 . 2002-12-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 18:55 . 2002-12-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 00:18 . 2002-12-31 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-06 15:33 . 2008-10-04 11:29 41 ----a-w- c:\windows\popcinfo.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-21 321344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP::Disabled:@xpsp2res.dll,-22009 "19199:TCP"= 19199:TCP:BitComet 19199 TCP "19199:UDP"= 19199:UDP:BitComet 19199 UDP R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1.9.2008 19:15 13696] R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3.9.2008 23:50 8192] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11.9.2009 0:06 108289] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 9:13 34064] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [16.3.2009 12:54 24652] S3 BS_Flash;BS_Flash;c:\program files\BIOS\BIOS Flash\BS_Flash.sys [3.9.2008 5:00 3604] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=NqTEAGZA2vyOdz.WaV..FA uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=An6ArYFISwpcJXC4pj4LQg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ta7mzuo1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-29 20:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf] @DACL=(02 0000) "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\ "BootConfig"=hex(:01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00, 00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1796) c:\windows\system32\msi.dll . Completion time: 2009-09-29 20:23 ComboFix-quarantined-files.txt 2009-09-29 18:23 ComboFix2.txt 2009-09-29 11:03 ComboFix3.txt 2009-09-12 21:45 Pre-Run: 3.883.384.832 bytes free Post-Run: 3.884.830.720 bytes free 167 --- E O F --- 2009-09-10 07:47

Profil

helen1 Poslao: 29 Sep 2009 21:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"=- "SearchMigratedDefaultName"=- "SearchMigratedDefaultUrl"=- [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » USB

Ko je trenutno na forumu

Ukupno su 1064 korisnika na forumu :: 48 registrovanih, 12 sakrivenih i 1004 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Apok, babaroga, Batinas, Bobrock1, bokisha253, Boris90, cenejac111, cifra, CikaKURE, comi_pfc, Dimitrise93, drimer, HogarStrashni, HrcAk47, ikan, ILGromovnik, Insan, JOntra, Još malo pa deda, Karla, Krvava Devetka, ladro, Marko Marković, mercedesamg, Metanoja, mikrimaus, milenko crazy north, milutin134, moldway, mrav pesadinac, nebidrag, nemkea71, nenad81, Nobunaga, opt1, rasok, Ripanjac, RJ, Rogan33, Sirius, stalja, vathra, Vladko, voja64, YugoSlav, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by