Možda tražite i:
virus,virusi ili....
Nepobedivi virus VIRUT W32.CF
mbam i sas nasli viruse dali su to stvarno virusi?

MyCity » Ambulanta -> Arhiva Ambulante » hi virus

hi virus

Napisano na dan: 4.11.2011

Strana:
1
2

hi virus

Sledeća strana

Pagination

Odgovori

Strana:
1
2

tomdza Poslao: 04 Nov 2011 20:14 Idi na vrh
offline tomdza Novi MyCity građanin Pridružio: 04 Nov 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pozdrav ljudi. pokupio sam virus sa fejsa preko chata koji mi je ubio aviru i napravio haos po racunaru.naime otvorio sam link gde je pisalo hi,i i ll be back i automatski mi se resetovao racunar.instalirao sam malwarebytes skenirao komp i obrisao sve viruse i sada je sve ok,medjutim ne mogu da se konektujem na fejsbuk.p.s.promenio sam lozinku na fejsu na drugom racunaru.HELP..........

Profil

1l padr1n0 Poslao: 04 Nov 2011 20:39 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav tomdza! Pocni odavde: [Link mogu videti samo ulogovani korisnici] goran9888 (AMF Tim)

Profil

tomdza Poslao: 10 Nov 2011 17:36 Idi na vrh
offline tomdza Novi MyCity građanin Pridružio: 04 Nov 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: pozdrav ljudi. pokupio sam virus sa fejsa preko chata koji mi je ubio aviru i napravio haos po racunaru.naime otvorio sam link gde je pisalo hi,i i ll be back i automatski mi se resetovao racunar.instalirao sam malwarebytes skenirao komp i obrisao sve viruse i sada je sve ok,medjutim ne mogu da se konektujem na fejsbuk.p.s.promenio sam lozinku na fejsu na drugom racunaru.HELP.......... to se desilo pre nekoliko dana a koristim telekomov internet.windows mi je 32 bitni . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5508 BrowserJavaVersion: 1.6.0_18 Run by Korisnik at 17:12:14 on 2011-11-10 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uTorrent] "c:\documents and settings\korisnik\desktop\utorrent.exe" uRun: [Google Update] "c:\documents and settings\korisnik\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [MediaGet2] c:\documents and settings\korisnik\local settings\application data\mediaget2\mediaget.exe --minimized mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [<NO NAME>] mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [tray_ico] mRun: [tray_ico1] mRun: [tray_ico2] mRun: [tray_ico3] mRun: [tray_ico4] mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableSecureUIAPaths = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{D69CD905-5FCC-4015-9252-5564BEF3DAD3} : DhcpNameServer = 192.168.1.1 Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\vckv8xbp.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\vckv8xbp.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\vckv8xbp.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\vckv8xbp.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Conduit Engine : [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Java Quick Starter: [Link mogu videti samo ulogovani korisnici] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: avast! WebRep: [Link mogu videti samo ulogovani korisnici] - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R? Ambfilt;Ambfilt R? AntiVirSchedulerService;Avira AntiVir Scheduler R? AntiVirService;Avira AntiVir Guard R? avgio;avgio R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} S? Application Updater;Application Updater S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? AtiHDAudioService;ATI Function Driver for HD Audio Service S? avast! Antivirus;avast! Antivirus S? avgntflt;avgntflt S? L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller S? VIAHdAudAddService;VIA High Definition Audio Driver Service . =============== Created Last 30 ================ . 2011-11-03 15:16:04 -------- d--h--w- c:\windows\PIF 2011-11-03 08:30:53 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-03 08:30:40 41184 ----a-w- c:\windows\avastSS.scr 2011-11-03 08:30:35 -------- d-----w- c:\program files\AVAST Software 2011-11-03 08:30:35 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2011-11-01 21:25:44 -------- d-----w- c:\documents and settings\korisnik\application data\Malwarebytes 2011-11-01 21:25:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-11-01 21:25:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-01 21:25:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-01 19:40:45 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-11-01 19:40:45 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-31 18:26:33 956160 ----a-w- c:\windows\system32\ativvamv.dll 2011-10-30 21:29:13 -------- d-----w- C:\ATI 2011-10-30 21:19:27 -------- d-----w- c:\windows\ufa 2011-10-30 21:19:27 -------- d-----w- c:\windows\phoenix 2011-10-30 21:17:40 -------- d--h--w- c:\windows\update.5.0 2011-10-30 21:16:04 246272 ----a-w- c:\windows\unrar.exe 2011-10-30 21:15:18 -------- d--h--w- c:\windows\update.2 2011-10-30 21:13:26 -------- d-----w- c:\windows\av_ico 2011-10-30 21:11:03 -------- d--h--w- c:\windows\update.1 2011-10-30 21:10:57 -------- d--h--w- c:\windows\update.tray-8-0-lnk 2011-10-30 21:10:57 -------- d--h--w- c:\windows\update.tray-8-0 2011-10-11 19:56:38 -------- d-----w- c:\documents and settings\korisnik\local settings\application data\PackageAware . ==================== Find3M ==================== . 2011-10-03 17:56:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-10-03 17:56:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-04-15 14:31:16 216064 ----a-w- c:\program files\binkw32.dll . ============= FINISH: 17:14:42.23 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

1l padr1n0 Poslao: 10 Nov 2011 17:45 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

tomdza Poslao: 10 Nov 2011 19:12 Idi na vrh
offline tomdza Novi MyCity građanin Pridružio: 04 Nov 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 10 Nov 2011 18:29 ComboFix 11-11-10.02 - Korisnik 11/10/2011 18:17:32.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2530 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: AntiVir Desktop Enabled/Outdated {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Korisnik\Application Data\PriceGong c:\documents and settings\Korisnik\Application Data\PriceGong\Data\1.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\a.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\b.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\c.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\d.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\e.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\f.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\g.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\h.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\i.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\J.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\k.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\l.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\m.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\n.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\o.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\p.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\q.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\r.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\s.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\t.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\u.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\v.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\w.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\x.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\y.xml c:\documents and settings\Korisnik\Application Data\PriceGong\Data\z.xml c:\windows\av_ico c:\windows\av_ico\ico_avira_start.ico c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\proc_list1.log c:\windows\rpcminer.rar c:\windows\system32\drivers\etc\HSTS~1 c:\windows\system32\setup.ini c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.2 c:\windows\update.5.0 c:\windows\update.tray-8-0-lnk c:\windows\update.tray-8-0-lnk\svchost.exe c:\windows\update.tray-8-0 c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\winsetupapi.log . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVIECHECK -------\Legacy_WXPDRIVERS -------\Service_usnjsvc . . ((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 ))))))))))))))))))))))))))))))) . . 2011-11-10 17:24 . 2011-11-10 17:24 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2011-11-10 17:24 . 2011-11-10 17:24 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2011-11-10 17:24 . 2011-11-10 17:24 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2011-11-10 17:24 . 2011-11-10 17:24 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2011-11-10 17:24 . 2011-11-10 17:24 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2011-11-10 17:24 . 2011-11-10 17:24 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2011-11-10 17:24 . 2011-11-10 17:24 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2011-11-10 17:24 . 2011-11-10 17:24 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2011-11-10 17:24 . 2011-11-10 17:24 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2011-11-10 17:23 . 2011-11-10 17:23 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2011-11-10 17:23 . 2011-11-10 17:23 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2011-11-10 17:23 . 2011-11-10 17:23 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2011-11-10 17:23 . 2011-11-10 17:23 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2011-11-10 17:23 . 2011-11-10 17:23 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2011-11-10 17:23 . 2011-11-10 17:23 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2011-11-10 17:23 . 2011-11-10 17:23 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2011-11-10 17:23 . 2011-11-10 17:23 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2011-11-03 15:16 . 2011-11-03 15:16 -------- d--h--w- c:\windows\PIF 2011-11-03 08:30 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-03 08:30 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-03 08:30 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-03 08:30 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-03 08:30 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-03 08:30 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-03 08:30 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-03 08:30 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-03 08:30 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr 2011-11-03 08:30 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-03 08:30 . 2011-11-03 08:30 -------- d-----w- c:\program files\AVAST Software 2011-11-03 08:30 . 2011-11-03 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-11-01 21:25 . 2011-11-01 21:25 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Malwarebytes 2011-11-01 21:25 . 2011-11-01 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-11-01 21:25 . 2011-11-10 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-01 19:40 . 2011-11-01 19:40 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-31 18:26 . 2011-07-28 21:27 956160 ----a-w- c:\windows\system32\ativvamv.dll 2011-10-30 21:29 . 2011-10-30 21:29 -------- d-----w- C:\ATI 2011-10-30 21:19 . 2011-11-01 21:30 -------- d-----w- c:\windows\ufa 2011-10-30 21:16 . 2011-10-30 21:20 246272 ----a-w- c:\windows\unrar.exe 2011-10-11 19:56 . 2011-10-11 19:56 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\PackageAware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-03 17:56 . 2011-03-13 19:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-10-03 17:56 . 2011-03-13 19:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-04-15 14:31 . 2011-04-15 14:31 216064 ----a-w- c:\program files\binkw32.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-12-04 . EF17AAE2CA10DC147879D5F3E9AD8B40 . 1614848 . . [5.1.2600.5508] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "uTorrent"="c:\documents and settings\Korisnik\Desktop\utorrent.exe" [2011-03-10 396152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-10-05 40987248] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976] "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-27 894304] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-03-20 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2008-05-19 15:24 91432 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-03-08 18:17 136176 ----atw- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-03-25 01:10 166912 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-03-25 01:10 134656 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-03-25 01:09 136192 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] 2008-03-20 19:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\[PC] Colin Mcrae DiRT [RIP] [dopeman]\\DiRT\\DiRT.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Korisnik\\Desktop\\utorrent.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/09/2010 16:58 691696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/03/2011 09:30 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/03/2011 09:30 320856] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [05/15/2008 12:07 61424] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [09/27/2011 19:08 745880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/03/2011 09:30 20568] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [03/07/2011 19:01 101904] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [03/07/2011 18:55 61552] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [03/07/2011 18:55 2135280] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/2010 12:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/2010 12:16 753504] . --- Other Services/Drivers In Memory --- . NewlyCreated - WUAUSERV . Contents of the 'Scheduled Tasks' folder . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2025429265-1417001333-1003Core.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 18:17] . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2025429265-1417001333-1003UA.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 18:17] . 2011-11-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\vckv8xbp.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Conduit Engine : [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Java Quick Starter: [Link mogu videti samo ulogovani korisnici] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: avast! WebRep: [Link mogu videti samo ulogovani korisnici] - c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . HKCU-Run-MediaGet2 - c:\documents and settings\Korisnik\Local Settings\Application Data\MediaGet2\mediaget.exe HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico1 - (no file) HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2011-11-10 18:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . . C:\## aswSnx private storage . scan completed successfully hidden files: 1 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1390067357-2025429265-1417001333-1003\Software\SecuROM\License information] "datasecu"=hex:d2,23,1d,bc,23,86,bd,34,40,09,21,8e,ef,71,41,e6,42,2e,0c,78,72, d2,53,94,33,bf,3f,47,f3,04,20,fb,81,34,18,84,0e,c7,28,a4,06,65,ca,ab,d9,23,\ "rkeysecu"=hex:21,c7,b0,98,6c,f8,26,57,08,dd,92,02,77,7b,35,e7 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(3724) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\wscntfy.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe . ************************************************************************* . Completion time: 2011-11-10 18:27:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-10 17:27 . Pre-Run: 67,648,364,544 bytes free Post-Run: 68,091,285,504 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect . - - End Of File - - AB72AA713EFF70BC801EC8DC934AD51D Dopuna: 10 Nov 2011 19:12 problem je resen,puno hvala.......najbolji ste...... samo jos jedno pitanje.da li sada mogu da aktiviram avast VELIKI POZDRAV

Profil

1l padr1n0 Poslao: 11 Nov 2011 00:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako ... Detaljno prati uputstva korak po korak. Ukoliko nesto nije jasno, pitaj. I nakon ovih koraka slucaj nije gotov - nemoj da zuris. Korak 1 Start -> Control Panel -> Add or Remove Programs - deinstaliraj sve aplikacije koje su visak, tj. ne trebaju ti. Takodje preporucio bih ti i deinstaliranje sledecih toolbar-ova: Ask Toolbar, Conduit Engine, YouTube Downloader Toolbar v4.7. Takodje ukljuci i Windows Firewall: Start -> Control Panel -> Windows Firewall -> On Korak 2 Skini sledeci fajl na Desktop: [Link mogu videti samo ulogovani korisnici] ; Razipij arhivu u neki folder i pokreni aplikaciju RegCleaner; U prozoru koji ti se otvori izaberi opciju Keys auslesen i sacekaj da aplikacija zavrsi skeniranje; Nakon zavrsenog skeniranja izaberi opciju Beenden; Okaci mi izvestaj pod nazivom REGCLEAN_d.M.yyyy_.H.mm koji se nalazi u folderu gde si razipovao arhivu. Korak 3 Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\unrar.exe Folder:: c:\windows\ufa c:\program files\Common Files\Spigot c:\program files\Application Updater Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SearchSettings"=- Driver:: Application Updater SecCenter:: {AD166499-45F9-482A-A743-FDD3350758C7}` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 4 Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: [Link mogu videti samo ulogovani korisnici] Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). goran9888 (AMF Tim)

Profil

tomdza Poslao: 11 Nov 2011 20:16 Idi na vrh
offline tomdza Novi MyCity građanin Pridružio: 04 Nov 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Nov 2011 20:04 ComboFix 11-11-11.04 - Korisnik 11/11/2011 19:55:33.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2860 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\ufa c:\windows\unrar.exe . . ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 ))))))))))))))))))))))))))))))) . . 2011-11-11 17:26 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-11-11 17:26 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-11-10 18:31 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-11-10 18:31 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-11-10 18:31 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-11-10 18:31 . 2010-12-09 13:07 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-11-10 18:27 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll 2011-11-10 18:26 . 2011-11-11 17:57 -------- d--h--w- c:\windows\$hf_mig$ 2011-11-03 15:16 . 2011-11-03 15:16 -------- d--h--w- c:\windows\PIF 2011-11-03 08:30 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-03 08:30 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-03 08:30 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-03 08:30 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-03 08:30 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-03 08:30 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-03 08:30 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-03 08:30 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-03 08:30 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr 2011-11-03 08:30 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-03 08:30 . 2011-11-03 08:30 -------- d-----w- c:\program files\AVAST Software 2011-11-03 08:30 . 2011-11-03 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-11-01 21:25 . 2011-11-01 21:25 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Malwarebytes 2011-11-01 21:25 . 2011-11-01 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-11-01 21:25 . 2011-11-10 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-01 19:40 . 2011-11-01 19:40 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-31 18:26 . 2011-07-28 21:27 956160 ----a-w- c:\windows\system32\ativvamv.dll 2011-10-30 21:29 . 2011-10-30 21:29 -------- d-----w- C:\ATI . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-03 17:56 . 2011-03-13 19:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-10-03 17:56 . 2011-03-13 19:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-04-15 14:31 . 2011-04-15 14:31 216064 ----a-w- c:\program files\binkw32.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-12-04 . EF17AAE2CA10DC147879D5F3E9AD8B40 . 1614848 . . [5.1.2600.5508] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-11 18:10 . 2011-11-11 18:10 16384 c:\windows\Temp\Perflib_Perfdata_7dc.dat + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2010-03-09 14:25 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2010-03-09 14:25 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2011-11-10 18:26 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll + 2011-11-10 17:25 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2001-08-22 19:00 . 2011-11-11 18:14 75758 c:\windows\system32\perfc009.dat - 2001-08-22 19:00 . 2011-11-10 17:05 75758 c:\windows\system32\perfc009.dat + 2008-03-20 07:48 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys + 2010-03-09 14:25 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-03-09 14:25 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2010-03-09 14:24 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe + 2008-03-20 07:48 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys + 2008-03-20 13:35 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-03-20 13:35 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll + 2008-03-20 13:35 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2008-03-20 13:35 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll + 2010-03-09 14:25 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2010-03-09 14:25 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2010-03-09 14:25 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll - 2006-10-18 20:47 . 2006-10-18 20:47 295936 c:\windows\system32\wmpeffects.dll + 2006-10-18 20:47 . 2008-06-24 17:12 295936 c:\windows\system32\wmpeffects.dll + 2008-03-20 13:36 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll + 2008-03-20 13:36 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll - 2001-08-22 19:00 . 2011-11-10 17:05 471340 c:\windows\system32\perfh009.dat + 2001-08-22 19:00 . 2011-11-11 18:14 471340 c:\windows\system32\perfh009.dat + 2008-03-20 13:35 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll + 2010-03-09 14:25 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-03-09 14:25 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-03-09 14:25 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-03-09 14:19 . 2008-04-21 12:08 215552 c:\windows\system32\dllcache\wordpad.exe + 2008-03-20 13:36 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll + 2010-03-09 14:25 . 2011-04-29 19:07 852480 c:\windows\system32\dllcache\vgx.dll + 2008-03-20 13:36 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll + 2008-03-20 13:35 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll + 2010-03-09 14:25 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2008-03-20 08:17 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe + 2008-03-20 19:23 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe + 2010-03-09 14:25 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2011-11-10 18:31 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2011-11-10 18:31 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2011-11-10 18:31 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2011-11-10 18:31 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "uTorrent"="c:\documents and settings\Korisnik\Desktop\utorrent.exe" [2011-03-10 396152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-10-05 40987248] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-03-20 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2008-05-19 15:24 91432 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-03-08 18:17 136176 ----atw- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-03-25 01:10 166912 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-03-25 01:10 134656 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-03-25 01:09 136192 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] 2008-03-20 19:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\[PC] Colin Mcrae DiRT [RIP] [dopeman]\\DiRT\\DiRT.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Korisnik\\Desktop\\utorrent.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/09/2010 16:58 691696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/03/2011 09:30 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/03/2011 09:30 320856] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [05/15/2008 12:07 61424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/03/2011 09:30 20568] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [03/07/2011 19:01 101904] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [03/07/2011 18:55 61552] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [03/07/2011 18:55 2135280] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/2010 12:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/2010 12:16 753504] . Contents of the 'Scheduled Tasks' folder . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2025429265-1417001333-1003Core.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 18:17] . 2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2025429265-1417001333-1003UA.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 18:17] . 2011-11-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\vckv8xbp.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Conduit Engine : [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: Softonic Toolbar: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\toolbar@ask.com FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Java Quick Starter: [Link mogu videti samo ulogovani korisnici] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: avast! WebRep: [Link mogu videti samo ulogovani korisnici] - c:\program files\AVAST Software\Avast\WebRep\FF . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2011-11-11 20:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1390067357-2025429265-1417001333-1003\Software\SecuROM\License information] "datasecu"=hex:d2,23,1d,bc,23,86,bd,34,40,09,21,8e,ef,71,41,e6,42,2e,0c,78,72, d2,53,94,33,bf,3f,47,f3,04,20,fb,81,34,18,84,0e,c7,28,a4,06,65,ca,ab,d9,23,\ "rkeysecu"=hex:21,c7,b0,98,6c,f8,26,57,08,dd,92,02,77,7b,35,e7 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(748-) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2011-11-11 20:02:37 ComboFix-quarantined-files.txt 2011-11-11 19:02 ComboFix2.txt 2011-11-10 17:27 . Pre-Run: 67,128,029,184 bytes free Post-Run: 67,113,775,104 bytes free . - - End Of File - - B447857E2DB29EA2A0EF951BB5562DD9 Dopuna: 11 Nov 2011 20:15 Malwarebytes' Anti-Malware 1.51.2.1300 [Link mogu videti samo ulogovani korisnici]* Database version: 8141 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5508 11/11/2011 20:14:36 mbam-log-2011-11-11 (20-14-36).txt Scan type: Quick scan Objects scanned: 149596 Time elapsed: 1 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Dopuna: 11 Nov 2011 20:16 nadam se da je sada ok,ako ima jos nesto cekam odgovor

Profil

1l padr1n0 Poslao: 12 Nov 2011 13:22 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 2 nisi odradio.

Profil

tomdza Poslao: 12 Nov 2011 13:42 Idi na vrh
offline tomdza Novi MyCity građanin Pridružio: 04 Nov 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ###################################### Avira Registry Cleaner 12.11.2011 13:41:16 ###################################### Die Registry wurde nach folgenden Wörtern durchsucht: avira,h+bedv,x-avcsd,antivir,avgio,avgntflt,avipbb,shell extension for malware Zugriff verweigert: SAM Zugriff verweigert: SECURITY Zugriff verweigert: Pending Help Session Zugriff verweigert: Credentials Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: EncryptedDirectories Zugriff verweigert: Cfg Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: EncryptedDirectories Zugriff verweigert: Cfg Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: Properties Zugriff verweigert: EncryptedDirectories Zugriff verweigert: Cfg HKEY_LOCAL_MACHINE\software\avira HKEY_LOCAL_MACHINE\software\classes\*\shellex\contextmenuhandlers\shell extension for malware scanning HKEY_LOCAL_MACHINE\software\classes\folder\shellex\contextmenuhandlers\shell extension for malware scanning HKEY_LOCAL_MACHINE\software\x-avcsd HKEY_LOCAL_MACHINE\system\controlset001\control\enum\root\legacy_antivirschedulerservice HKEY_LOCAL_MACHINE\system\controlset001\control\enum\root\legacy_antivirservice HKEY_LOCAL_MACHINE\system\controlset001\control\enum\root\legacy_avast!_antivirus HKEY_LOCAL_MACHINE\system\controlset001\control\enum\root\legacy_avgio HKEY_LOCAL_MACHINE\system\controlset001\control\enum\root\legacy_avgntflt HKEY_LOCAL_MACHINE\system\controlset001\control\enum\root\legacy_avipbb HKEY_LOCAL_MACHINE\system\controlset001\control\services\antivirschedulerservice HKEY_LOCAL_MACHINE\system\controlset001\control\services\antivirservice HKEY_LOCAL_MACHINE\system\controlset001\control\services\avast! antivirus HKEY_LOCAL_MACHINE\system\controlset001\control\services\avgio HKEY_LOCAL_MACHINE\system\controlset001\control\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\control\services\avipbb HKEY_LOCAL_MACHINE\system\controlset001\control\services\eventlog\application\avira antivir HKEY_LOCAL_MACHINE\system\controlset001\control\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\control\services\eventlog\system\avipbb HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\enum\root\legacy_antivirschedulerservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\enum\root\legacy_antivirservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\enum\root\legacy_avast!_antivirus HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\enum\root\legacy_avgio HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\enum\root\legacy_avgntflt HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\enum\root\legacy_avipbb HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\antivirschedulerservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\antivirservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\avast! antivirus HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\avgio HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\avipbb HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\eventlog\application\avira antivir HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\controlset002\control\services\eventlog\system\avipbb HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\enum\root\legacy_antivirschedulerservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\enum\root\legacy_antivirservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\enum\root\legacy_avast!_antivirus HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\enum\root\legacy_avgio HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\enum\root\legacy_avgntflt HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\enum\root\legacy_avipbb HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\antivirschedulerservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\antivirservice HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\avast! antivirus HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\avgio HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\avipbb HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\eventlog\application\avira antivir HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\controlset002\currentcontrolset\control\services\eventlog\system\avipbb Anzahl der gefundenen Keys: 49 GELÖSCHTE KEYS:

Profil

1l padr1n0 Poslao: 12 Nov 2011 16:18 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni Avira Registry Cleaner, izvrsi skeniranje, strikliraj sve unose koji se pojave i obrisi (na isto dugme unutar prozora gde i pokreces skeniranje). Obrisi folder: c:\program files\Avira Nakon toga reinstaliraj Avast - a upali mu real-time zastitu kada deinstaliramo ComboFix. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. - Poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Imas prastaru verziju Jave koju moras nadograditi zbog sigurnosnih propusta u njoj. U svakom slucaju, bilo koji dodatak da je stare verzije, bilo bi pozeljno nadograditi ga na najnoviju. Link do teme je: [Link mogu videti samo ulogovani korisnici] - Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan. Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici] Vise o MCShield-u mozes saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici] - Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. Tvoj sistem je cist sto se malware-a tice.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » hi virus

Ko je trenutno na forumu

Ukupno su 1453 korisnika na forumu :: 14 registrovanih, 1 sakriven i 1438 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 4thFlavian, Igritelj, kikisp, littlebunny, mercedesamg, opt1, Otto Grunf, ping15, Sharpshooter, Stevan Visoki, TheDictator, tooooom, VJ, Zastava

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by