MyCity » Ambulanta -> Arhiva Ambulante » Veliki problemi sa kompjuterom!

Veliki problemi sa kompjuterom!

Napisano na dan: 23.7.2010

Strana:
1
2
3

Veliki problemi sa kompjuterom!

Pagination

Prethodna strana

Odgovori

Strana:
1
2
3

50nE Poslao: 28 Jul 2010 21:08 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 28 Jul 2010 21:05 Da li znaš za šta je namenjen ovaj fajl aec.sys? Toliko muke oko njega.. Kako da pobrišem ove ostake? Kada palim komp pita me da izaberem između Windows XP i nešto Recovery... znam samo da ima veze sa combo fix-om.. Kako mi sve izgleda na prvi pogled sve se vratilo u normalu..Zvuk "WELCOME" se ujednačio sa slikom,net radi OK Google Chrom,takođe! Čini mi se da je sada sve Ok! Da li sam u pravu evo pogledaj CF Log! Hvala ti! Što se tiče zipovanih fajlova C://Avanger obrisano je! ComboFix 10-07-27.05 - Sone 28.07.2010 20:55:46.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.316 [GMT 2:00] Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))) . 2010-07-28 18:27 . 2010-07-28 18:27 -------- d-sh--w- c:\documents and settings\Administrator.NEBOJSA\IETldCache 2010-07-28 01:11 . 2010-07-28 01:11 676224 ----a-w- c:\windows\system32\ogacheckcontrol.dll 2010-07-28 00:36 . 2010-07-28 00:36 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-28 18:50 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat 2010-07-28 13:47 . 2009-03-20 09:32 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2010-07-28 02:14 . 2009-05-04 03:30 -------- d-----w- c:\program files\Uniblue 2010-07-28 02:13 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-28 01:15 . 2010-01-05 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-28 00:38 . 2009-05-04 02:23 -------- d-----w- c:\documents and settings\Sone\Application Data\Media Player Classic 2010-07-28 00:16 . 2009-05-04 03:33 -------- d-----w- c:\documents and settings\Sone\Application Data\uniblue 2010-07-24 11:17 . 2009-06-18 23:43 -------- d-----w- c:\program files\Red-Devils S©®ipt 2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat 2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp 2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent 2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2 2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve 2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype 2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM 2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit 2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] 2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation] 2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289] S0 yiuukchi;yiuukchi; [x] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688] . Contents of the 'Scheduled Tasks' folder 2010-07-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-28 21:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version] "VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8, cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4020) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-07-28 21:04:16 ComboFix-quarantined-files.txt 2010-07-28 19:04 Pre-Run: 2.874.806.272 bytes free Post-Run: 2.870.112.256 bytes free - - End Of File - - 30939205979DB912BFD178415572CDA5 Dopuna: 28 Jul 2010 21:08 Da li znaš za šta je namenjen ovaj fajl aec.sys? Toliko muke oko njega.. Kako da pobrišem ove ostake? Kada palim komp pita me da izaberem između Windows XP i nešto Recovery... znam samo da ima veze sa combo fix-om.. Kako mi sve izgleda na prvi pogled sve se vratilo u normalu..Zvuk "WELCOME" se ujednačio sa slikom,net radi OK Google Chrom,takođe! Čini mi se da je sada sve Ok! Da li sam u pravu evo pogledaj CF Log! Hvala ti! A što se tiče zipovanih fajlova C://Avanger,obrisani su! ComboFix 10-07-27.05 - Sone 28.07.2010 20:55:46.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.316 [GMT 2:00] Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))) . 2010-07-28 18:27 . 2010-07-28 18:27 -------- d-sh--w- c:\documents and settings\Administrator.NEBOJSA\IETldCache 2010-07-28 01:11 . 2010-07-28 01:11 676224 ----a-w- c:\windows\system32\ogacheckcontrol.dll 2010-07-28 00:36 . 2010-07-28 00:36 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-28 18:50 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat 2010-07-28 13:47 . 2009-03-20 09:32 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2010-07-28 02:14 . 2009-05-04 03:30 -------- d-----w- c:\program files\Uniblue 2010-07-28 02:13 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-28 01:15 . 2010-01-05 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-28 00:38 . 2009-05-04 02:23 -------- d-----w- c:\documents and settings\Sone\Application Data\Media Player Classic 2010-07-28 00:16 . 2009-05-04 03:33 -------- d-----w- c:\documents and settings\Sone\Application Data\uniblue 2010-07-24 11:17 . 2009-06-18 23:43 -------- d-----w- c:\program files\Red-Devils S©®ipt 2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat 2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp 2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent 2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2 2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve 2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype 2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM 2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit 2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] 2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation] 2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289] S0 yiuukchi;yiuukchi; [x] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688] . Contents of the 'Scheduled Tasks' folder 2010-07-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-28 21:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version*] "VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8, cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4020) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-07-28 21:04:16 ComboFix-quarantined-files.txt 2010-07-28 19:04 Pre-Run: 2.874.806.272 bytes free Post-Run: 2.870.112.256 bytes free - - End Of File - - 30939205979DB912BFD178415572CDA5

Profil

1l padr1n0 Poslao: 28 Jul 2010 21:34 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zamolio bih te da ne zuris i da pratis moja uputstva. Odgovoricu ti na kraju na sva tvoja pitanja. Takodje cu ti i reci sta da uradis sa ovim alatima koje smo koristili pri intervenciji. Nemoj nista na svoju ruku da radis, jer time usporavas resavanje slucaja. Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: yiuukchi FileLook:: c:\windows\system32\drivers\aec.sys Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "SearchMigratedDefaultUrl"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. goran9888 (AMF Tim)

Profil

50nE Poslao: 28 Jul 2010 22:27 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok! Evo loga... ComboFix 10-07-27.05 - Sone 28.07.2010 22:13:01.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.286 [GMT 2:00] Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sone\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_YIUUKCHI -------\Service_yiuukchi ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))) . 2010-07-28 18:27 . 2010-07-28 18:27 -------- d-sh--w- c:\documents and settings\Administrator.NEBOJSA\IETldCache 2010-07-28 01:11 . 2010-07-28 01:11 676224 ----a-w- c:\windows\system32\ogacheckcontrol.dll 2010-07-28 00:36 . 2010-07-28 00:36 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-28 20:20 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat 2010-07-28 13:47 . 2009-03-20 09:32 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2010-07-28 02:14 . 2009-05-04 03:30 -------- d-----w- c:\program files\Uniblue 2010-07-28 02:13 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-28 01:15 . 2010-01-05 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-28 00:38 . 2009-05-04 02:23 -------- d-----w- c:\documents and settings\Sone\Application Data\Media Player Classic 2010-07-28 00:16 . 2009-05-04 03:33 -------- d-----w- c:\documents and settings\Sone\Application Data\uniblue 2010-07-24 11:17 . 2009-06-18 23:43 -------- d-----w- c:\program files\Red-Devils S©®ipt 2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat 2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp 2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent 2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2 2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve 2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype 2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM 2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit 2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\windows\system32\drivers\aec.sys --- Company: Microsoft Corporation File Description: Microsoft Acoustic Echo Canceller File Version: 5.1.2601.3142 Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: aec.sys File size: 142592 Created time: 2009-03-20 09:32 Modified time: 2010-07-28 13:47 MD5: 8BED39E3C35D6A489438B8141717A557 SHA1: 7CCD9DDA4ED4C776CD1A1BE021A13DBC4B277C7E ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] 2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation] 2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816] R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688] . Contents of the 'Scheduled Tasks' folder 2010-07-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-28 22:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys sptd.sys >>UNKNOWN [0x8318A8AC]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf87fdf28 \Driver\ACPI -> ACPI.sys @ 0xf858ecb8 \Driver\atapi -> atapi.sys @ 0xf8523b40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76 NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf8405bb0 PacketIndicateHandler -> NDIS.sys @ 0xf8412a21 SendHandler -> NDIS.sys @ 0xf83f087b user & kernel MBR OK ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version] "VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8, cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3420) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SOUNDMAN.EXE c:\windows\system32\RUNDLL32.EXE c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2010-07-28 22:24:54 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-28 20:24 Pre-Run: 2.880.364.544 bytes free Post-Run: 2.832.019.456 bytes free - - End Of File - - 256F0FDE8F10BE93920AAFB28DA021FC

Profil

1l padr1n0 Poslao: 28 Jul 2010 22:58 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tvoj racunar je cist sto se tice malware-a. aec.sys sluzi za suzbijanje mikrofonije i eha pri audio chatovanju. Bio je jedan od zarazenih file-ova, no njegovu kopiju nismo pribavili s'obzirom da si je obrisao. Ukoliko zelis da uklonis Recovery Console isprati uputstvo sa sledeceg link-a: -> http://www.mycity.rs/Windows/Deinstalacija-Recovery-Console.html Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Sto se tice Avenger-a, ukoliko ga nisi obrisao sa Desktop-a, obrisi ga. Takodje i C:\Avenger ako postoji mozes obrisati, mada mislim da si taj folder vec izbrisao.

Profil

50nE Poslao: 30 Jul 2010 15:48 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok,to je to.. Napokon čist! Šta mi predlažeš da instaliram... Kakav je Comodo Firewell ? Koristio sam ga ali neznam da ga podesim,lupam winamp da uključim on me pita da li da uključi... Da li može da se našteluje da ne dozvoljava virusima i trojancima... da me pita samo sa neta kada se nešto skida bez mog znanja? :PPPP

Profil

1l padr1n0 Poslao: 30 Jul 2010 15:51 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Diskusiju o Firewall resenjima mozemo nastaviti u drugom delu foruma: -> http://www.mycity.rs/Firewall-programi/ Ovim mojim post-om zavrsavamo slucaj. Pozdrav i hvala sto verujes AMF Tim-u.

Profil

50nE Poslao: 30 Jul 2010 15:59 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uvek sam uz vas! Živeli!!! ))

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Veliki problemi sa kompjuterom!

Ko je trenutno na forumu

Ukupno su 978 korisnika na forumu :: 59 registrovanih, 9 sakrivenih i 910 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, babaroga, Battlehammer, BlekMen, BORUTUS, bufanje, cenejac111, comi_pfc, CrazyDiablo, croato, dane007, darcaud, darkangel, darkojbn, dekan.m, Denaya, Djokislav, doklevise, DonRumataEstorski, Dorcolac, draganca, dragoljub11987, Frunze, gasha, ginjica, gomago, goxin, hyla, ivicasimo, Još malo pa deda, kobaja77, kokodakalo, krkalon, Kubovac, kunktator, kybonacci, loon123, mercedesamg, milenko crazy north, moldway, mushroom, nemkea71, novator, nuke92, ostoja, Panter, raptorsi, Romibrat, Sančo, ser.hill, Sirius, vathra, VJ, vlad the impaler, voja64, VojvodaMisic, wizzardone, Zeks

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by