Možda tražite i:
Problem sa CD uredjajem
Problem za problemom!
[bobby]Ima nesto, ali ne znam sta. [RESENO]
Problem sa wifi na ADSL-u

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]IE problem

[bobby]IE problem

Napisano na dan: 16.11.2008

Strana:
1
2
3
4
5

[bobby]IE problem

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5

maha Poslao: 16 Nov 2008 22:22 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-16.01 - MAHA 2008-11-16 22:12:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1482 [GMT 1:00] Running from: c:\documents and settings\MAHA\Desktop\C-F.exe Command switches used :: c:\documents and settings\MAHA\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 ))))))))))))))))))))))))))))))) . 2008-11-16 08:55 . 2008-11-16 08:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby 2008-11-16 08:52 . 2008-11-16 08:54 <DIR> d-------- c:\program files\Digsby 2008-11-16 08:52 . 2008-11-16 08:55 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Digsby 2008-11-15 21:45 . 2008-11-15 21:45 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-15 21:44 . 2008-11-15 21:47 <DIR> d-------- c:\documents and settings\MAHA\Application Data\VirusRemover2008 2008-11-15 17:40 . 2008-11-15 18:05 <DIR> d-------- c:\program files\WebMediaViewer 2008-11-15 12:55 . 2008-11-15 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-11-14 13:28 . 2008-11-14 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-11-14 13:25 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-11-14 13:24 . 2008-11-14 13:25 <DIR> d-------- c:\program files\Common Files\Logishrd 2008-11-14 13:24 . 2008-11-14 13:24 <DIR> d-------- c:\documents and settings\MAHA\Application Data\InstallShield 2008-11-14 12:42 . 2008-11-14 12:42 <DIR> d-------- c:\program files\MyRealGames.com 2008-11-14 08:11 . 2008-11-14 08:11 <DIR> d-------- C:\Games 2008-11-14 08:01 . 2008-11-14 08:01 <DIR> d-------- c:\program files\FormatFactory 2008-11-14 07:36 . 2008-11-14 07:36 <DIR> d-------- c:\program files\Universal Extractor 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\program files\Stereoscopic Player 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Stereoscopic Player 2008-11-10 07:29 . 2008-11-10 07:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\program files\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo 2008-10-27 21:14 . 2008-10-27 21:15 <DIR> d-------- c:\program files\CCleaner 2008-10-27 20:50 . 2008-11-11 13:51 <DIR> d-------- c:\program files\Readon Technology . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 21:13 --------- d-----w c:\documents and settings\MAHA\Application Data\uTorrent 2008-11-16 20:15 --------- d-----w c:\documents and settings\MAHA\Application Data\Free Download Manager 2008-11-15 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2008-11-15 12:06 --------- d-----w c:\program files\AskTBar 2008-11-14 12:25 --------- d-----w c:\program files\Common Files\Logitech 2008-11-14 12:24 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-14 11:29 --------- d-----w c:\program files\FreeGamePick.com 2008-11-14 06:42 --------- d-----w c:\program files\Google 2008-10-27 20:15 --------- d-----w c:\program files\Yahoo! 2008-03-24 06:14 3,140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-03-24 06:10 88 --sh--r c:\documents and settings\All Users\Application Data\45B6F09A85.sys 2008-01-18 21:18 47,360 ----a-w c:\documents and settings\MAHA\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-29 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}] 2008-11-15 23:23 31522 --a------ c:\program files\WebMediaViewer\hpmun.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CLASSES_ROOT\clsid\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-10-08 2445359] "Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" [2007-07-30 253952] "Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-11 40960] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-22 4608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "hohohhaha"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-08 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832] "Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-15 1071472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712] "msennger"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-11-15 56073] "VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-15 74186] c:\documents and settings\MAHA\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-10-10 137728] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-27 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dk\\calling.com"= R0 MPRIFL;MPRIFL;c:\windows\system32\DRIVERS\MPRIFL.SYS [2008-01-27 17264] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-03 01:51:58 13560] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys [] S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\DRIVERS\skvlan.sys [2006-05-17 19328] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaeb9a61-2b25-11dd-a48b-000129a2b205}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 22:13:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-11-16 22:14:06 ComboFix-quarantined-files.txt 2008-11-16 21:14:00 ComboFix2.txt 2008-11-16 20:20:14 Pre-Run: 96,978,796,544 bytes free Post-Run: 96,967,225,344 bytes free 148 Dopuna: 16 Nov 2008 22:22 Da skinem Digsby u međuvremenu?

Profil

bobby Poslao: 16 Nov 2008 22:26 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini Digsby. Jesi li sigurno lepo uneo skript kao sto sam ti gore napisao? Nesto mi ne izgleda kao da je skript odradio svoje. Potrebno je u Notepad da iskopiras sve ono sto ti je gore napisano zelenim slovima. Kao da to nisi pravilno odradio.

Profil

maha Poslao: 16 Nov 2008 22:39 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvorio sam CFScript. Uneo tekstove koje si naznačio a ja našao i iskopirao. ComboFix je odradio svoje i to je to. Evo opet dobijenih rezultata.ComboFix 08-11-16.01 - MAHA 2008-11-16 22:12:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1482 [GMT 1:00] Running from: c:\documents and settings\MAHA\Desktop\C-F.exe Command switches used :: c:\documents and settings\MAHA\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 ))))))))))))))))))))))))))))))) . 2008-11-16 08:55 . 2008-11-16 08:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby 2008-11-16 08:52 . 2008-11-16 08:54 <DIR> d-------- c:\program files\Digsby 2008-11-16 08:52 . 2008-11-16 08:55 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Digsby 2008-11-15 21:45 . 2008-11-15 21:45 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-15 21:44 . 2008-11-15 21:47 <DIR> d-------- c:\documents and settings\MAHA\Application Data\VirusRemover2008 2008-11-15 17:40 . 2008-11-15 18:05 <DIR> d-------- c:\program files\WebMediaViewer 2008-11-15 12:55 . 2008-11-15 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-11-14 13:28 . 2008-11-14 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-11-14 13:25 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-11-14 13:24 . 2008-11-14 13:25 <DIR> d-------- c:\program files\Common Files\Logishrd 2008-11-14 13:24 . 2008-11-14 13:24 <DIR> d-------- c:\documents and settings\MAHA\Application Data\InstallShield 2008-11-14 12:42 . 2008-11-14 12:42 <DIR> d-------- c:\program files\MyRealGames.com 2008-11-14 08:11 . 2008-11-14 08:11 <DIR> d-------- C:\Games 2008-11-14 08:01 . 2008-11-14 08:01 <DIR> d-------- c:\program files\FormatFactory 2008-11-14 07:36 . 2008-11-14 07:36 <DIR> d-------- c:\program files\Universal Extractor 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\program files\Stereoscopic Player 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Stereoscopic Player 2008-11-10 07:29 . 2008-11-10 07:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\program files\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo 2008-10-27 21:14 . 2008-10-27 21:15 <DIR> d-------- c:\program files\CCleaner 2008-10-27 20:50 . 2008-11-11 13:51 <DIR> d-------- c:\program files\Readon Technology . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 21:13 --------- d-----w c:\documents and settings\MAHA\Application Data\uTorrent 2008-11-16 20:15 --------- d-----w c:\documents and settings\MAHA\Application Data\Free Download Manager 2008-11-15 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2008-11-15 12:06 --------- d-----w c:\program files\AskTBar 2008-11-14 12:25 --------- d-----w c:\program files\Common Files\Logitech 2008-11-14 12:24 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-14 11:29 --------- d-----w c:\program files\FreeGamePick.com 2008-11-14 06:42 --------- d-----w c:\program files\Google 2008-10-27 20:15 --------- d-----w c:\program files\Yahoo! 2008-03-24 06:14 3,140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-03-24 06:10 88 --sh--r c:\documents and settings\All Users\Application Data\45B6F09A85.sys 2008-01-18 21:18 47,360 ----a-w c:\documents and settings\MAHA\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-29 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}] 2008-11-15 23:23 31522 --a------ c:\program files\WebMediaViewer\hpmun.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CLASSES_ROOT\clsid\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-10-08 2445359] "Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" [2007-07-30 253952] "Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-11 40960] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-22 4608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "hohohhaha"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-08 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832] "Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-15 1071472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712] "msennger"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-11-15 56073] "VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-15 74186] c:\documents and settings\MAHA\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-10-10 137728] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-27 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dk\\calling.com"= R0 MPRIFL;MPRIFL;c:\windows\system32\DRIVERS\MPRIFL.SYS [2008-01-27 17264] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-03 01:51:58 13560] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys [] S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\DRIVERS\skvlan.sys [2006-05-17 19328] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaeb9a61-2b25-11dd-a48b-000129a2b205}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 22:13:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-11-16 22:14:06 ComboFix-quarantined-files.txt 2008-11-16 21:14:00 ComboFix2.txt 2008-11-16 20:20:14 Pre-Run: 96,978,796,544 bytes free Post-Run: 96,967,225,344 bytes free 148

Profil

bobby Poslao: 16 Nov 2008 22:49 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nece. Obrisi rucno sledece foldere: c:\documents and settings\MAHA\Application Data\VirusRemover2008 c:\program files\WebMediaViewer Obrisi sledeci fajl: c:\windows\system32\dk\calling.com Ukoliko ne mozes da ih obrises, onda restartuj Windows u SafeMode, pa ih tamo obrisi. Nakon toga napravi novi ComboFix log koji ces mi ovde postaviti. Ja sad moram na spavanje, tako da cu tvoj log moci da pregledam tek sutra.

Profil

maha Poslao: 16 Nov 2008 23:05 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok. Obrisano ručno. Novi ComboFix. ComboFix 08-11-16.01 - MAHA 2008-11-16 22:52:11.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470 [GMT 1:00] Running from: c:\documents and settings\MAHA\Desktop\C-F.exe . ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 ))))))))))))))))))))))))))))))) . 2008-11-16 08:55 . 2008-11-16 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby 2008-11-16 08:52 . 2008-11-16 22:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Digsby 2008-11-15 21:45 . 2008-11-15 21:45 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-15 21:44 . 2008-11-15 21:47 <DIR> d-------- c:\documents and settings\MAHA\Application Data\VirusRemover2008 2008-11-15 17:40 . 2008-11-15 18:05 <DIR> d-------- c:\program files\WebMediaViewer 2008-11-15 12:55 . 2008-11-15 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-11-14 13:28 . 2008-11-14 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-11-14 13:25 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-11-14 13:24 . 2008-11-14 13:25 <DIR> d-------- c:\program files\Common Files\Logishrd 2008-11-14 13:24 . 2008-11-14 13:24 <DIR> d-------- c:\documents and settings\MAHA\Application Data\InstallShield 2008-11-14 12:42 . 2008-11-14 12:42 <DIR> d-------- c:\program files\MyRealGames.com 2008-11-14 08:11 . 2008-11-14 08:11 <DIR> d-------- C:\Games 2008-11-14 08:01 . 2008-11-14 08:01 <DIR> d-------- c:\program files\FormatFactory 2008-11-14 07:36 . 2008-11-14 07:36 <DIR> d-------- c:\program files\Universal Extractor 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\program files\Stereoscopic Player 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Stereoscopic Player 2008-11-10 07:29 . 2008-11-10 07:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\program files\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo 2008-10-27 21:14 . 2008-10-27 21:15 <DIR> d-------- c:\program files\CCleaner 2008-10-27 20:50 . 2008-11-11 13:51 <DIR> d-------- c:\program files\Readon Technology . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 21:52 --------- d-----w c:\documents and settings\MAHA\Application Data\uTorrent 2008-11-16 20:15 --------- d-----w c:\documents and settings\MAHA\Application Data\Free Download Manager 2008-11-15 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2008-11-15 12:06 --------- d-----w c:\program files\AskTBar 2008-11-14 12:25 --------- d-----w c:\program files\Common Files\Logitech 2008-11-14 12:24 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-14 11:29 --------- d-----w c:\program files\FreeGamePick.com 2008-11-14 06:42 --------- d-----w c:\program files\Google 2008-10-27 20:15 --------- d-----w c:\program files\Yahoo! 2008-03-24 06:14 3,140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-03-24 06:10 88 --sh--r c:\documents and settings\All Users\Application Data\45B6F09A85.sys 2008-01-18 21:18 47,360 ----a-w c:\documents and settings\MAHA\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-29 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}] 2008-11-15 23:23 31522 --a------ c:\program files\WebMediaViewer\hpmun.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CLASSES_ROOT\clsid\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-10-08 2445359] "Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" [2007-07-30 253952] "Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-11 40960] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-22 4608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "hohohhaha"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-08 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832] "Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-15 1071472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712] "msennger"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-11-15 56073] "VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-15 74186] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-27 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dk\\calling.com"= R0 MPRIFL;MPRIFL;c:\windows\system32\DRIVERS\MPRIFL.SYS [2008-01-27 17264] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-03 01:51:58 13560] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys [] S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\DRIVERS\skvlan.sys [2006-05-17 19328] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaeb9a61-2b25-11dd-a48b-000129a2b205}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\MAHA\Application Data\Mozilla\Firefox\Profiles\mvgsurop.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 22:52:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-11-16 22:53:20 ComboFix-quarantined-files.txt 2008-11-16 21:53:11 ComboFix2.txt 2008-11-16 21:14:07 ComboFix3.txt 2008-11-16 20:20:14 Pre-Run: 96,981,192,704 bytes free Post-Run: 96,969,949,184 bytes free 151 Good Night! Dopuna: 16 Nov 2008 23:02 Izgleda da ručno brisanje nije uspelo.. ili jeste? Dopuna: 16 Nov 2008 23:05 Kako beše sa SafeMode-om F8 valjda? Pa dalje?

Profil

bobby Poslao: 16 Nov 2008 23:12 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisu obrisani, ili se obnavljaju nakon brisanja. Pokusacemo sutra ponovo, sada je kasno, a ja ustajem u 5 ujutru. Sutra oko pola sest cu biti ponovo na forumu, pa cemo da pogledamo sta se moze uraditi.

Profil

maha Poslao: 17 Nov 2008 12:11 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sta dalje? Dopuna: 17 Nov 2008 12:11 bobby hoćemo li da završimo čišćenje?

Profil

bobby Poslao: 17 Nov 2008 18:07 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\dk\calling.com Folder:: c:\documents and settings\MAHA\Application Data\VirusRemover2008 c:\program files\WebMediaViewer Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"=- [-HKEY_CLASSES_ROOT\clsid\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hohohhaha"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinReg"=- "msennger"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "QuickTime Task"=- "VMware hptray"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaeb9a61-2b25-11dd-a48b-000129a2b205}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

maha Poslao: 17 Nov 2008 19:59 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema "WinReg"=- u Notepadu! ComboFix 08-11-16.01 - MAHA 2008-11-17 19:51:55.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1511 [GMT 1:00] Running from: c:\documents and settings\MAHA\Desktop\C-F.exe Command switches used :: c:\documents and settings\MAHA\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 ))))))))))))))))))))))))))))))) . 2008-11-16 08:55 . 2008-11-16 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby 2008-11-16 08:52 . 2008-11-16 22:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Digsby 2008-11-15 21:45 . 2008-11-15 21:45 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-15 21:44 . 2008-11-15 21:47 <DIR> d-------- c:\documents and settings\MAHA\Application Data\VirusRemover2008 2008-11-15 17:40 . 2008-11-15 18:05 <DIR> d-------- c:\program files\WebMediaViewer 2008-11-15 12:55 . 2008-11-15 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-11-14 13:28 . 2008-11-14 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-11-14 13:25 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-11-14 13:24 . 2008-11-14 13:25 <DIR> d-------- c:\program files\Common Files\Logishrd 2008-11-14 13:24 . 2008-11-14 13:24 <DIR> d-------- c:\documents and settings\MAHA\Application Data\InstallShield 2008-11-14 12:42 . 2008-11-14 12:42 <DIR> d-------- c:\program files\MyRealGames.com 2008-11-14 08:11 . 2008-11-14 08:11 <DIR> d-------- C:\Games 2008-11-14 08:01 . 2008-11-14 08:01 <DIR> d-------- c:\program files\FormatFactory 2008-11-14 07:36 . 2008-11-14 07:36 <DIR> d-------- c:\program files\Universal Extractor 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\program files\Stereoscopic Player 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Stereoscopic Player 2008-11-10 07:29 . 2008-11-10 07:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\program files\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo 2008-10-27 21:14 . 2008-10-27 21:15 <DIR> d-------- c:\program files\CCleaner 2008-10-27 20:50 . 2008-11-11 13:51 <DIR> d-------- c:\program files\Readon Technology . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 18:49 --------- d-----w c:\documents and settings\MAHA\Application Data\uTorrent 2008-11-17 16:58 --------- d-----w c:\program files\FreeGamePick.com 2008-11-16 20:15 --------- d-----w c:\documents and settings\MAHA\Application Data\Free Download Manager 2008-11-15 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2008-11-15 12:06 --------- d-----w c:\program files\AskTBar 2008-11-14 12:25 --------- d-----w c:\program files\Common Files\Logitech 2008-11-14 12:24 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-14 06:42 --------- d-----w c:\program files\Google 2008-10-27 20:15 --------- d-----w c:\program files\Yahoo! 2008-03-24 06:14 3,140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-03-24 06:10 88 --sh--r c:\documents and settings\All Users\Application Data\45B6F09A85.sys 2008-01-18 21:18 47,360 ----a-w c:\documents and settings\MAHA\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-29 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}] 2008-11-15 23:23 31522 --a------ c:\program files\WebMediaViewer\hpmun.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490] [HKEY_CLASSES_ROOT\clsid\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-10-08 2445359] "Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" [2007-07-30 253952] "Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-11 40960] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-22 4608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "hohohhaha"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-08 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832] "Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-15 1071472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712] "msennger"="c:\windows\system32\dk\calling.com" [2006-05-13 696320] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-11-15 56073] "VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-15 74186] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-27 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dk\\calling.com"= R0 MPRIFL;MPRIFL;c:\windows\system32\DRIVERS\MPRIFL.SYS [2008-01-27 17264] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-03 01:51:58 13560] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys [] S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\DRIVERS\skvlan.sys [2006-05-17 19328] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaeb9a61-2b25-11dd-a48b-000129a2b205}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-17 19:54:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-11-17 19:55:03 ComboFix-quarantined-files.txt 2008-11-17 18:54:51 ComboFix2.txt 2008-11-16 21:53:21 ComboFix3.txt 2008-11-16 21:14:07 ComboFix4.txt 2008-11-16 20:20:14 Pre-Run: 96,930,938,880 bytes free Post-Run: 96,921,522,176 bytes free 147 .

Profil

bobby Poslao: 17 Nov 2008 20:01 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini, ali moracu da proverim da li si dobro uradio. Ovde nesto nikako ne stima. Otvori u notepadu fajl CFScript.txt koji si pripremio za prethodno skeniranje, pa mi iskopiraj ovde sadrzaj fajla. Moram da se uverim da si ga dobro iskopirao sa foruma.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]IE problem

Ko je trenutno na forumu

Ukupno su 1116 korisnika na forumu :: 42 registrovanih, 9 sakrivenih i 1065 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, aramis s, babaroga, bokisha253, Boris Bosiljčić, crnitrn, Dannyboy, delboy, Denaya, DonRumataEstorski, hologram, hooraay, Ivica1102, Još malo pa deda, Karla, Kubovac, kybonacci, laurusri, Mi lao shu, milenko crazy north, Milos ZA, opt1, ozzy, Ripanjac, rodoljub, shone34, Sićko, slonic_tonic, Srky Boy, ss10, Stoilkovic, Tandrkalo, theNedjeljko, Trpe Grozni, Vatreni Zmaj, Vlad000, YU-UKI, YugoSlav, šumar bk2, 125, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by