MyCity » Ambulanta -> Arhiva Ambulante » problem!!!

problem!!!

Napisano na dan: 2.6.2009

Strana:
1
2

problem!!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

I NEED MONEY Poslao: 02 Jun 2009 22:01 Idi na vrh
offline I NEED MONEY Novi MyCity građanin Pridružio: 16 Avg 2008 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pojavljuje mi se neki antivirus system pro i pise da imam neki napad na moj komp i daje mi opciju da skeniram sa njim a ja cenim da je to virus...i tako me tim porukama smara ceo dan a ja sam skenirao sa awg i nista nenadje.poz Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:56:43, on 2.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\htpatch.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe G:\Program Files\Warcraft III\w3dr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\sysguard.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\User\Desktop\New Folder\TR3.exe..exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.57 security.microsoft.com O1 - Hosts: 209.44.111.57 inetavirus.com O1 - Hosts: 209.44.111.57 inetavirus.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live pomaga? za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: BHO - {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINDOWS\system32\iehelper.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [w3dr.exe] G:\Program Files\Warcraft III\w3dr.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10198 bytes

Profil

helen1 Poslao: 02 Jun 2009 22:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

I NEED MONEY Poslao: 02 Jun 2009 22:40 Idi na vrh
offline I NEED MONEY Novi MyCity građanin Pridružio: 16 Avg 2008 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-31.06 - User 02.06.2009 22:17.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.512.205 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: VirusRanger 3.6 On-access scanning enabled (Outdated) {BED2903C-5EE3-4973-9679-828AE087DAE6} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Cache\0004976A.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\0004DA9D.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\0005068F.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\00051AD2.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\00052F74.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\000A0157.swf c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini c:\program files\FunWebProducts\ScreenSaver\Images\00048FC9.urr c:\program files\FunWebProducts\ScreenSaver\Images\0004D945.dat c:\program files\FunWebProducts\ScreenSaver\Images\00050556.dat c:\program files\FunWebProducts\ScreenSaver\Images\000519C9.dat c:\program files\FunWebProducts\ScreenSaver\Images\00052E5A.dat c:\program files\FunWebProducts\ScreenSaver\Images\000549E1.dat c:\program files\FunWebProducts\ScreenSaver\Images\000577A8.dat c:\program files\FunWebProducts\ScreenSaver\Images\000592D1.dat c:\program files\FunWebProducts\ScreenSaver\Images\0005A83E.dat c:\program files\FunWebProducts\ScreenSaver\Images\000ABB02.dat c:\program files\FunWebProducts\ScreenSaver\Images\00263B5A.urr c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\0004A92D c:\program files\MyWebSearch\bar\Cache\000D1741.bin c:\program files\MyWebSearch\bar\Cache\000D2192.bin c:\program files\MyWebSearch\bar\Cache\000D2F3E.bin c:\program files\MyWebSearch\bar\Cache\000D413F.bin c:\program files\MyWebSearch\bar\Cache\004251C8 c:\program files\MyWebSearch\bar\Cache\00BB9339.Q c:\program files\MyWebSearch\bar\Cache\00BBC9BB c:\program files\MyWebSearch\bar\Cache\00BBE419.bin c:\program files\MyWebSearch\bar\Cache\00BBF82D.bin c:\program files\MyWebSearch\bar\Cache\00BBFB4A.bin c:\program files\MyWebSearch\bar\Cache\00BC1D68.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm c:\program files\MyWebSearch\bar\Message\COMMON\center.htm c:\program files\MyWebSearch\bar\Message\COMMON\index.htm c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\NetMonInstaller.exe c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe c:\windows\jestertb.dll c:\windows\sysguard.exe c:\windows\system32\iehelper.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 ))))))))))))))))))))))))))))))) . 2009-06-02 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-02 18:59 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-02 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-02 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-02 18:59 . 2009-06-02 18:59 -------- d-----w- c:\program files\Avira 2009-06-02 18:59 . 2009-06-02 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-05-20 07:32 . 2009-05-04 06:46 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-05-20 07:32 . 2009-05-04 06:46 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll 2009-05-20 07:32 . 2009-05-04 06:46 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-05-20 07:32 . 2009-05-04 06:46 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll 2009-05-20 07:32 . 2009-05-04 06:46 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll 2009-05-20 07:32 . 2009-05-04 06:46 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-05-20 07:29 . 2009-05-04 06:38 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-20 07:29 . 2009-05-04 06:38 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-05-15 07:13 . 2009-05-04 06:46 2302232 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll 2009-05-15 07:13 . 2009-05-04 06:46 3399960 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 14:06 . 2008-04-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-02 09:45 . 2008-01-01 11:03 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire 2009-05-28 13:54 . 2006-02-08 08:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-04 06:46 . 2008-08-04 18:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-04 06:46 . 2008-08-04 18:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-05-04 06:46 . 2008-08-04 18:14 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-05-04 06:46 . 2008-08-04 18:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-04-21 07:57 . 2008-11-11 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2009-04-21 07:29 . 2006-06-02 11:22 -------- d-----w- c:\program files\QuickTime 2009-04-06 08:10 . 2008-04-21 18:16 -------- d-----w- c:\program files\Opera 2009-03-31 17:58 . 2008-05-07 06:26 130135 ----a-w- c:\windows\War3Unin.dat 2009-03-31 16:14 . 2006-02-08 10:20 47992 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-29 12:06 . 2008-08-05 18:34 45056 ----a-w- c:\windows\NCUNINST.EXE 2009-03-06 14:44 . 2004-08-04 01:07 283648 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 12:12 1164600 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928] "w3dr.exe"="g:\program files\Warcraft III\w3dr.exe" [2008-08-03 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\User\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2008-7-29 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-04 06:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "MIDI1"= SYNCOR11.DLL [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^HDD temperature.lnk] path=c:\documents and settings\User\Start Menu\Programs\Startup\HDD temperature.lnk backup=c:\windows\pss\HDD temperature.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Valve\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "g:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:warcraft 3 "6112:UDP"= 6112:UDP:warcraft III R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4.8.2008 20:14 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4.8.2008 20:14 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.6.2009 20:59 108289] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4.8.2008 20:14 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4.8.2008 20:14 298776] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [9.8.2008 12:14 45696] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [9.8.2008 12:14 56960] S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp --> c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp [?] . Contents of the 'Scheduled Tasks' folder 2009-06-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-22 10:50] . - - - - ORPHANS REMOVED - - - - BHO-{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - c:\windows\system32\iehelper.dll HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1cfgo3rx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-02 22:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1409082233-839522115-1003\Software\Genie"!\FM Genie Scout 2009] "GameDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009\\" "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00009b73 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000062 "UniqueID"="44-FA20-063A" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:00000056 [HKEY_USERS\S-1-5-21-1757981266-1409082233-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:75,0c,f7,19,7a,71,ee,3b,2e,fe,f5,10,36,15,e7,e3,af,58,06,5e,97,44,6c, 34,87,f9,a8,7b,6f,c6,07,70,4d,1d,b5,9d,5b,e1,34,4f,43,74,8e,6d,29,f9,ac,31,\ "??"=hex:0f,9a,b8,0c,30,d5,67,24,c0,df,5d,47,8e,19,07,7c [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{96A797DD-FAA0-08D8-D4DC-DFAEA323CF60}\InProcServer32] "jacgenfnckpddlcliklb"=hex:6a,61,66,66,68,67,69,61,6d,64,63,6c,67,66,66,61,70, 65,6e,68,00,f9 "iacgkmlpcgalihcmnm"=hex:6a,61,65,66,67,68,69,67,6d,68,66,69,69,61,63,6a,67,6d, 62,64,00,f9 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\WgaTray.exe c:\program files\Multimedia Mouse Driver\MouseDrv.exe . ************************************************************************* . Completion time: 2009-06-02 22:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-02 20:38 ComboFix2.txt 2008-09-16 15:42 Pre-Run: 778.022.912 bytes free Post-Run: 731.303.936 bytes free Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6 346 --- E O F --- 2009-05-14 15:39

Profil

helen1 Poslao: 02 Jun 2009 23:16 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\documents and settings\User\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe Firefox:: FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

I NEED MONEY Poslao: 03 Jun 2009 10:57 Idi na vrh
offline I NEED MONEY Novi MyCity građanin Pridružio: 16 Avg 2008 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-01.03 - User 03.06.2009 10:45.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.512.242 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning enabled (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: VirusRanger 3.6 On-access scanning enabled (Outdated) {BED2903C-5EE3-4973-9679-828AE087DAE6} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\User\Start Menu\Programs\Startup\" . ((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))))) . 2009-06-02 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-02 18:59 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-02 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-02 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-02 18:59 . 2009-06-02 18:59 -------- d-----w- c:\program files\Avira 2009-06-02 18:59 . 2009-06-02 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 14:06 . 2008-04-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-02 09:45 . 2008-01-01 11:03 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire 2009-05-28 13:54 . 2006-02-08 08:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-04 06:46 . 2008-08-04 18:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-04 06:46 . 2008-08-04 18:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-05-04 06:46 . 2008-08-04 18:14 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-05-04 06:46 . 2008-08-04 18:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-04-21 07:57 . 2008-11-11 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2009-04-21 07:29 . 2006-06-02 11:22 -------- d-----w- c:\program files\QuickTime 2009-04-06 08:10 . 2008-04-21 18:16 -------- d-----w- c:\program files\Opera 2009-03-31 17:58 . 2008-05-07 06:26 130135 ----a-w- c:\windows\War3Unin.dat 2009-03-31 16:14 . 2006-02-08 10:20 47992 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-29 12:06 . 2008-08-05 18:34 45056 ----a-w- c:\windows\NCUNINST.EXE 2009-03-06 14:44 . 2004-08-04 01:07 283648 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-02_20.31.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-03 08:23 . 2009-06-03 08:23 16384 c:\windows\temp\Perflib_Perfdata_6e0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 12:12 1164600 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928] "w3dr.exe"="g:\program files\Warcraft III\w3dr.exe" [2008-08-03 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\User\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2008-7-29 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-04 06:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "MIDI1"= SYNCOR11.DLL [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^HDD temperature.lnk] path=c:\documents and settings\User\Start Menu\Programs\Startup\HDD temperature.lnk backup=c:\windows\pss\HDD temperature.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Valve\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "g:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:warcraft 3 "6112:UDP"= 6112:UDP:warcraft III R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4.8.2008 20:14 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4.8.2008 20:14 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.6.2009 20:59 108289] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4.8.2008 20:14 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4.8.2008 20:14 298776] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [9.8.2008 12:14 45696] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [9.8.2008 12:14 56960] S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp --> c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp [?] . Contents of the 'Scheduled Tasks' folder 2009-06-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-22 10:50] . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1cfgo3rx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-03 10:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1409082233-839522115-1003\Software\Genie"!\FM Genie Scout 2009] "GameDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009\\" "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00009b73 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000062 "UniqueID"="44-FA20-063A" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:00000056 [HKEY_USERS\S-1-5-21-1757981266-1409082233-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:75,0c,f7,19,7a,71,ee,3b,2e,fe,f5,10,36,15,e7,e3,af,58,06,5e,97,44,6c, 34,87,f9,a8,7b,6f,c6,07,70,4d,1d,b5,9d,5b,e1,34,4f,43,74,8e,6d,29,f9,ac,31,\ "??"=hex:0f,9a,b8,0c,30,d5,67,24,c0,df,5d,47,8e,19,07,7c [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{96A797DD-FAA0-08D8-D4DC-DFAEA323CF60}\InProcServer32*] "jacgenfnckpddlcliklb"=hex:6a,61,66,66,68,67,69,61,6d,64,63,6c,67,66,66,61,70, 65,6e,68,00,f9 "iacgkmlpcgalihcmnm"=hex:6a,61,65,66,67,68,69,67,6d,68,66,69,69,61,63,6a,67,6d, 62,64,00,f9 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-06-03 10:56 ComboFix-quarantined-files.txt 2009-06-03 08:56 ComboFix2.txt 2009-06-02 20:39 ComboFix3.txt 2008-09-16 15:42 Pre-Run: 716.959.744 bytes free Post-Run: 701.386.752 bytes free Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6 194 --- E O F --- 2009-05-14 15:39

Profil

helen1 Poslao: 03 Jun 2009 12:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni Hijack This, skeniraj i nadji sledecu liniju: O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 klikni u kvadratic ispred i onda klikni FIX CHECKED pa mi postavi log.

Profil

I NEED MONEY Poslao: 03 Jun 2009 21:29 Idi na vrh
offline I NEED MONEY Novi MyCity građanin Pridružio: 16 Avg 2008 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:29:05, on 3.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe G:\Program Files\Warcraft III\w3dr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\User\Desktop\New Folder\TR3.exe..exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live pomaga? za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [w3dr.exe] G:\Program Files\Warcraft III\w3dr.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8800 bytes

Profil

helen1 Poslao: 03 Jun 2009 21:53 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\documents and settings\User\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

I NEED MONEY Poslao: 03 Jun 2009 22:34 Idi na vrh
offline I NEED MONEY Novi MyCity građanin Pridružio: 16 Avg 2008 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hvala na strpljenju i onaj antivirus mi se nepojavljuje vise... ComboFix 09-06-03.01 - User 03.06.2009 22:21.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.512.246 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: VirusRanger 3.6 On-access scanning enabled (Outdated) {BED2903C-5EE3-4973-9679-828AE087DAE6} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\User\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe . ((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))))) . 2009-06-02 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-02 18:59 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-02 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-02 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-02 18:59 . 2009-06-02 18:59 -------- d-----w- c:\program files\Avira 2009-06-02 18:59 . 2009-06-02 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-03 13:12 . 2008-01-01 11:03 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire 2009-06-02 14:06 . 2008-04-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-05-28 13:54 . 2006-02-08 08:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-04 06:46 . 2008-08-04 18:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-04 06:46 . 2008-08-04 18:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-05-04 06:46 . 2008-08-04 18:14 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-05-04 06:46 . 2008-08-04 18:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-04-21 07:57 . 2008-11-11 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2009-04-21 07:29 . 2006-06-02 11:22 -------- d-----w- c:\program files\QuickTime 2009-04-06 08:10 . 2008-04-21 18:16 -------- d-----w- c:\program files\Opera 2009-03-31 17:58 . 2008-05-07 06:26 130135 ----a-w- c:\windows\War3Unin.dat 2009-03-31 16:14 . 2006-02-08 10:20 47992 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-29 12:06 . 2008-08-05 18:34 45056 ----a-w- c:\windows\NCUNINST.EXE 2009-03-06 14:44 . 2004-08-04 01:07 283648 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-02_20.31.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-03 19:12 . 2009-06-03 19:12 16384 c:\windows\temp\Perflib_Perfdata_69c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 12:12 1164600 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928] "w3dr.exe"="g:\program files\Warcraft III\w3dr.exe" [2008-08-03 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-04 06:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "MIDI1"= SYNCOR11.DLL [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^HDD temperature.lnk] path=c:\documents and settings\User\Start Menu\Programs\Startup\HDD temperature.lnk backup=c:\windows\pss\HDD temperature.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Valve\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "g:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:warcraft 3 "6112:UDP"= 6112:UDP:warcraft III R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4.8.2008 20:14 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4.8.2008 20:14 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.6.2009 20:59 108289] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4.8.2008 20:14 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4.8.2008 20:14 298776] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [9.8.2008 12:14 45696] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [9.8.2008 12:14 56960] S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp --> c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp [?] . Contents of the 'Scheduled Tasks' folder 2009-06-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-22 10:50] . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1cfgo3rx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-03 22:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\EKH1C2.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1409082233-839522115-1003\Software\Genie"!\FM Genie Scout 2009] "GameDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\User\\My Documents\\Sports Interactive\\Football Manager 2009\\" "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00009b73 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000062 "UniqueID"="44-FA20-063A" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:00000056 [HKEY_USERS\S-1-5-21-1757981266-1409082233-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:75,0c,f7,19,7a,71,ee,3b,2e,fe,f5,10,36,15,e7,e3,af,58,06,5e,97,44,6c, 34,87,f9,a8,7b,6f,c6,07,70,4d,1d,b5,9d,5b,e1,34,4f,43,74,8e,6d,29,f9,ac,31,\ "??"=hex:0f,9a,b8,0c,30,d5,67,24,c0,df,5d,47,8e,19,07,7c [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{96A797DD-FAA0-08D8-D4DC-DFAEA323CF60}\InProcServer32*] "jacgenfnckpddlcliklb"=hex:6a,61,66,66,68,67,69,61,6d,64,63,6c,67,66,66,61,70, 65,6e,68,00,f9 "iacgkmlpcgalihcmnm"=hex:6a,61,65,66,67,68,69,67,6d,68,66,69,69,61,63,6a,67,6d, 62,64,00,f9 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-06-03 22:32 ComboFix-quarantined-files.txt 2009-06-03 20:32 ComboFix2.txt 2009-06-03 08:56 ComboFix3.txt 2009-06-02 20:39 ComboFix4.txt 2008-09-16 15:42 Pre-Run: 584.302.592 bytes free Post-Run: 605.954.048 bytes free Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6 195 --- E O F --- 2009-05-14 15:39

Profil

helen1 Poslao: 03 Jun 2009 22:57 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako funkcionise masina?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem!!!

Ko je trenutno na forumu

Ukupno su 752 korisnika na forumu :: 6 registrovanih, 1 sakriven i 745 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 9k38, mean_machine, Milometer, nenad81, SlaKoj, voja64

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by