MyCity » Ambulanta -> Arhiva Ambulante » problem sa laptopom

problem sa laptopom

Napisano na dan: 11.3.2010

Strana:
1
2
3
4
5
6

problem sa laptopom

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5
6

rada km Poslao: 15 Mar 2010 17:54 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gde gresim, evo pisem redosledom kojim radim. Pritisnem F2, idem na Boot gde podesim CD/DVD, potom prelazim na stranu Exit e sada tu nemam pojma. Pise sledece : Exit Saving Changes Exit Discarding Changes Discard Changes Save Changes Posto si mi rekao da idem na opciju Save and exit, kod mene se nalazi na dnu monitora i pise da pritisnem F10, kada to uradim opet me vraca na pocetak. Gde sam pogresila ?

Profil

dr_Bora Poslao: 15 Mar 2010 18:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:Exit Saving Changes Nakon toga se kompjuter ponovo pokreće samo ovaj put sa CD-a (uz pretpostavku da si isti prethodno ubacila u drive).

Profil

rada km Poslao: 16 Mar 2010 11:34 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 16 Mar 2010 11:31 Dobar dan, uradila sam instalaciju i nadam se da nisam pogresila. Sada se laptop ucita normalno, tako da sam iskopirala log. Sada radi super jedino sto nema pristup ovom sajtu a od sinoc vasem sajtu ne mogu da pristupim ni sa drugog laptopa, jedino sa cerkinog racunara, Sad me zanima sta se to deva, jeli do sajta ili je sada i moj laptop nesto kvrcnuo. Evo loga kojki sam iskopirala: 22:38:06:921 3120 ================================================================================ 22:38:06:921 3120 SystemInfo: 22:38:06:921 3120 OS Version: 5.1.2600 ServicePack: 3.0 22:38:06:921 3120 Product type: Workstation 22:38:06:921 3120 ComputerName: KORISNIK-42C428 22:38:06:921 3120 UserName: Korisnik 22:38:06:921 3120 Windows directory: C:\WINDOWS 22:38:06:921 3120 Processor architecture: Intel x86 22:38:06:921 3120 Number of processors: 1 22:38:06:921 3120 Page size: 0x1000 22:38:06:921 3120 Boot type: Normal boot 22:38:06:921 3120 ================================================================================ 22:38:06:921 3120 UnloadDriverW: NtUnloadDriver error 2 22:38:06:921 3120 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 22:38:06:968 3120 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 22:38:06:968 3120 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 22:38:06:968 3120 wfopen_ex: Trying to KLMD file open 22:38:06:968 3120 wfopen_ex: File opened ok (Flags 2) 22:38:06:968 3120 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 22:38:06:968 3120 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 22:38:06:968 3120 wfopen_ex: Trying to KLMD file open 22:38:06:968 3120 wfopen_ex: File opened ok (Flags 2) 22:38:06:968 3120 Initialize success 22:38:06:968 3120 22:38:06:968 3120 Scanning Services ... 22:38:07:531 3120 GetAdvancedServicesInfo: Raw services enum returned 339 services 22:38:07:531 3120 22:38:07:531 3120 Scanning Kernel memory ... 22:38:07:531 3120 Devices to scan: 5 22:38:07:531 3120 22:38:07:531 3120 Driver Name: Disk 22:38:07:531 3120 IRP_MJ_CREATE : F764ABB0 22:38:07:531 3120 IRP_MJ_CREATE_NAMED_PIPE : 804F354A 22:38:07:531 3120 IRP_MJ_CLOSE : F764ABB0 22:38:07:531 3120 IRP_MJ_READ : F7644D1F 22:38:07:531 3120 IRP_MJ_WRITE : F7644D1F 22:38:07:531 3120 IRP_MJ_QUERY_INFORMATION : 804F354A 22:38:07:531 3120 IRP_MJ_SET_INFORMATION : 804F354A 22:38:07:531 3120 IRP_MJ_QUERY_EA : 804F354A 22:38:07:531 3120 IRP_MJ_SET_EA : 804F354A 22:38:07:531 3120 IRP_MJ_FLUSH_BUFFERS : F76452E2 22:38:07:531 3120 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F354A 22:38:07:531 3120 IRP_MJ_SET_VOLUME_INFORMATION : 804F354A 22:38:07:531 3120 IRP_MJ_DIRECTORY_CONTROL : 804F354A 22:38:07:531 3120 IRP_MJ_FILE_SYSTEM_CONTROL : 804F354A 22:38:07:531 3120 IRP_MJ_DEVICE_CONTROL : F76453BB 22:38:07:531 3120 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7648F28 22:38:07:531 3120 IRP_MJ_SHUTDOWN : F76452E2 22:38:07:531 3120 IRP_MJ_LOCK_CONTROL : 804F354A 22:38:07:531 3120 IRP_MJ_CLEANUP : 804F354A 22:38:07:531 3120 IRP_MJ_CREATE_MAILSLOT : 804F354A 22:38:07:531 3120 IRP_MJ_QUERY_SECURITY : 804F354A 22:38:07:531 3120 IRP_MJ_SET_SECURITY : 804F354A 22:38:07:531 3120 IRP_MJ_POWER : F7646C82 22:38:07:531 3120 IRP_MJ_SYSTEM_CONTROL : F764B99E 22:38:07:531 3120 IRP_MJ_DEVICE_CHANGE : 804F354A 22:38:07:531 3120 IRP_MJ_QUERY_QUOTA : 804F354A 22:38:07:531 3120 IRP_MJ_SET_QUOTA : 804F354A 22:38:07:546 3120 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 22:38:07:546 3120 22:38:07:546 3120 Driver Name: USBSTOR 22:38:07:546 3120 IRP_MJ_CREATE : EEF12218 22:38:07:546 3120 IRP_MJ_CREATE_NAMED_PIPE : 804F354A 22:38:07:546 3120 IRP_MJ_CLOSE : EEF12218 22:38:07:546 3120 IRP_MJ_READ : EEF1223C 22:38:07:546 3120 IRP_MJ_WRITE : EEF1223C 22:38:07:546 3120 IRP_MJ_QUERY_INFORMATION : 804F354A 22:38:07:546 3120 IRP_MJ_SET_INFORMATION : 804F354A 22:38:07:546 3120 IRP_MJ_QUERY_EA : 804F354A 22:38:07:546 3120 IRP_MJ_SET_EA : 804F354A 22:38:07:546 3120 IRP_MJ_FLUSH_BUFFERS : 804F354A 22:38:07:546 3120 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F354A 22:38:07:546 3120 IRP_MJ_SET_VOLUME_INFORMATION : 804F354A 22:38:07:546 3120 IRP_MJ_DIRECTORY_CONTROL : 804F354A 22:38:07:546 3120 IRP_MJ_FILE_SYSTEM_CONTROL : 804F354A 22:38:07:546 3120 IRP_MJ_DEVICE_CONTROL : EEF12180 22:38:07:546 3120 IRP_MJ_INTERNAL_DEVICE_CONTROL : EEF0D9E6 22:38:07:546 3120 IRP_MJ_SHUTDOWN : 804F354A 22:38:07:546 3120 IRP_MJ_LOCK_CONTROL : 804F354A 22:38:07:546 3120 IRP_MJ_CLEANUP : 804F354A 22:38:07:546 3120 IRP_MJ_CREATE_MAILSLOT : 804F354A 22:38:07:546 3120 IRP_MJ_QUERY_SECURITY : 804F354A 22:38:07:546 3120 IRP_MJ_SET_SECURITY : 804F354A 22:38:07:546 3120 IRP_MJ_POWER : EEF115F0 22:38:07:546 3120 IRP_MJ_SYSTEM_CONTROL : EEF0FA6E 22:38:07:546 3120 IRP_MJ_DEVICE_CHANGE : 804F354A 22:38:07:546 3120 IRP_MJ_QUERY_QUOTA : 804F354A 22:38:07:546 3120 IRP_MJ_SET_QUOTA : 804F354A 22:38:07:562 3120 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 22:38:07:562 3120 22:38:07:562 3120 Driver Name: Disk 22:38:07:562 3120 IRP_MJ_CREATE : F764ABB0 22:38:07:562 3120 IRP_MJ_CREATE_NAMED_PIPE : 804F354A 22:38:07:562 3120 IRP_MJ_CLOSE : F764ABB0 22:38:07:562 3120 IRP_MJ_READ : F7644D1F 22:38:07:562 3120 IRP_MJ_WRITE : F7644D1F 22:38:07:562 3120 IRP_MJ_QUERY_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_SET_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_QUERY_EA : 804F354A 22:38:07:562 3120 IRP_MJ_SET_EA : 804F354A 22:38:07:562 3120 IRP_MJ_FLUSH_BUFFERS : F76452E2 22:38:07:562 3120 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_SET_VOLUME_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_DIRECTORY_CONTROL : 804F354A 22:38:07:562 3120 IRP_MJ_FILE_SYSTEM_CONTROL : 804F354A 22:38:07:562 3120 IRP_MJ_DEVICE_CONTROL : F76453BB 22:38:07:562 3120 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7648F28 22:38:07:562 3120 IRP_MJ_SHUTDOWN : F76452E2 22:38:07:562 3120 IRP_MJ_LOCK_CONTROL : 804F354A 22:38:07:562 3120 IRP_MJ_CLEANUP : 804F354A 22:38:07:562 3120 IRP_MJ_CREATE_MAILSLOT : 804F354A 22:38:07:562 3120 IRP_MJ_QUERY_SECURITY : 804F354A 22:38:07:562 3120 IRP_MJ_SET_SECURITY : 804F354A 22:38:07:562 3120 IRP_MJ_POWER : F7646C82 22:38:07:562 3120 IRP_MJ_SYSTEM_CONTROL : F764B99E 22:38:07:562 3120 IRP_MJ_DEVICE_CHANGE : 804F354A 22:38:07:562 3120 IRP_MJ_QUERY_QUOTA : 804F354A 22:38:07:562 3120 IRP_MJ_SET_QUOTA : 804F354A 22:38:07:562 3120 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 22:38:07:562 3120 22:38:07:562 3120 Driver Name: Disk 22:38:07:562 3120 IRP_MJ_CREATE : F764ABB0 22:38:07:562 3120 IRP_MJ_CREATE_NAMED_PIPE : 804F354A 22:38:07:562 3120 IRP_MJ_CLOSE : F764ABB0 22:38:07:562 3120 IRP_MJ_READ : F7644D1F 22:38:07:562 3120 IRP_MJ_WRITE : F7644D1F 22:38:07:562 3120 IRP_MJ_QUERY_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_SET_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_QUERY_EA : 804F354A 22:38:07:562 3120 IRP_MJ_SET_EA : 804F354A 22:38:07:562 3120 IRP_MJ_FLUSH_BUFFERS : F76452E2 22:38:07:562 3120 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_SET_VOLUME_INFORMATION : 804F354A 22:38:07:562 3120 IRP_MJ_DIRECTORY_CONTROL : 804F354A 22:38:07:562 3120 IRP_MJ_FILE_SYSTEM_CONTROL : 804F354A 22:38:07:562 3120 IRP_MJ_DEVICE_CONTROL : F76453BB 22:38:07:562 3120 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7648F28 22:38:07:562 3120 IRP_MJ_SHUTDOWN : F76452E2 22:38:07:562 3120 IRP_MJ_LOCK_CONTROL : 804F354A 22:38:07:562 3120 IRP_MJ_CLEANUP : 804F354A 22:38:07:562 3120 IRP_MJ_CREATE_MAILSLOT : 804F354A 22:38:07:562 3120 IRP_MJ_QUERY_SECURITY : 804F354A 22:38:07:562 3120 IRP_MJ_SET_SECURITY : 804F354A 22:38:07:562 3120 IRP_MJ_POWER : F7646C82 22:38:07:562 3120 IRP_MJ_SYSTEM_CONTROL : F764B99E 22:38:07:562 3120 IRP_MJ_DEVICE_CHANGE : 804F354A 22:38:07:562 3120 IRP_MJ_QUERY_QUOTA : 804F354A 22:38:07:562 3120 IRP_MJ_SET_QUOTA : 804F354A 22:38:07:562 3120 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 22:38:07:562 3120 22:38:07:562 3120 Driver Name: atapi 22:38:07:562 3120 IRP_MJ_CREATE : 854B9CA1 22:38:07:562 3120 IRP_MJ_CREATE_NAMED_PIPE : 854B9CA1 22:38:07:562 3120 IRP_MJ_CLOSE : 854B9CA1 22:38:07:562 3120 IRP_MJ_READ : 854B9CA1 22:38:07:562 3120 IRP_MJ_WRITE : 854B9CA1 22:38:07:562 3120 IRP_MJ_QUERY_INFORMATION : 854B9CA1 22:38:07:562 3120 IRP_MJ_SET_INFORMATION : 854B9CA1 22:38:07:562 3120 IRP_MJ_QUERY_EA : 854B9CA1 22:38:07:562 3120 IRP_MJ_SET_EA : 854B9CA1 22:38:07:562 3120 IRP_MJ_FLUSH_BUFFERS : 854B9CA1 22:38:07:562 3120 IRP_MJ_QUERY_VOLUME_INFORMATION : 854B9CA1 22:38:07:562 3120 IRP_MJ_SET_VOLUME_INFORMATION : 854B9CA1 22:38:07:562 3120 IRP_MJ_DIRECTORY_CONTROL : 854B9CA1 22:38:07:562 3120 IRP_MJ_FILE_SYSTEM_CONTROL : 854B9CA1 22:38:07:562 3120 IRP_MJ_DEVICE_CONTROL : 854B9CA1 22:38:07:562 3120 IRP_MJ_INTERNAL_DEVICE_CONTROL : 854B9CA1 22:38:07:562 3120 IRP_MJ_SHUTDOWN : 854B9CA1 22:38:07:562 3120 IRP_MJ_LOCK_CONTROL : 854B9CA1 22:38:07:562 3120 IRP_MJ_CLEANUP : 854B9CA1 22:38:07:562 3120 IRP_MJ_CREATE_MAILSLOT : 854B9CA1 22:38:07:562 3120 IRP_MJ_QUERY_SECURITY : 854B9CA1 22:38:07:562 3120 IRP_MJ_SET_SECURITY : 854B9CA1 22:38:07:562 3120 IRP_MJ_POWER : 854B9CA1 22:38:07:562 3120 IRP_MJ_SYSTEM_CONTROL : 854B9CA1 22:38:07:562 3120 IRP_MJ_DEVICE_CHANGE : 854B9CA1 22:38:07:562 3120 IRP_MJ_QUERY_QUOTA : 854B9CA1 22:38:07:562 3120 IRP_MJ_SET_QUOTA : 854B9CA1 22:38:07:562 3120 Driver "atapi" infected by TDSS rootkit! 22:38:07:562 3120 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1 22:38:07:562 3120 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 22:38:07:562 3120 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 22:38:07:562 3120 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3 22:38:07:812 3120 vfvi6 22:38:07:921 3120 !dsvbh1 22:38:09:812 3120 dsvbh2 22:38:09:812 3120 fdfb2 22:38:09:812 3120 Backup copy found, using it.. 22:38:09:843 3120 will be cured on next reboot 22:38:09:843 3120 Reboot required for cure complete.. 22:38:09:890 3120 Cure on reboot scheduled successfully 22:38:09:890 3120 22:38:09:890 3120 Completed 22:38:09:890 3120 22:38:09:890 3120 Results: 22:38:09:890 3120 Memory objects infected / cured / cured on reboot: 1 / 0 / 0 22:38:09:890 3120 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 22:38:09:890 3120 File objects infected / cured / cured on reboot: 1 / 0 / 1 22:38:09:890 3120 22:38:09:890 3120 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 22:38:09:890 3120 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 22:38:09:890 3120 UnloadDriverW: NtUnloadDriver error 1 22:38:09:890 3120 KLMD_Unload: UnloadDriverW(klmd21) error 1 22:38:09:890 3120 KLMD(ARK) unloaded successfully Dopuna: 16 Mar 2010 11:34 Greske pri pisanju nemojte da mi zamerite jer sada kucam sa drugog racunara. Evo slikala sam i desktop da vidis sta se pojavilo : I molim te ne zaboravi da mi kazes u vezi sajta sta se desava. Hvala puno

Profil

dr_Bora Poslao: 16 Mar 2010 16:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vezano za tu sliku... Samo klikni na taj taster (Restore desktop ili sl.). Za pristup sajtu ćemo videti kad uklonimo ostatak malware-a. Hajde sada isprati uputstvo za ComboFix i postavi taj log koji dobiješ na kraju.

Profil

rada km Poslao: 16 Mar 2010 18:08 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 16 Mar 2010 17:51 Evo pokusala sam i nema sanse da pokrenem ComboFix, opet kao ranije samo na sekund ucita i nista. Dopuna: 16 Mar 2010 18:08 Stvarno ne znam sta se desava. Ja sam se javljala i ranije i ovaj racunar sam sredila uz vasu pomoc upravo sa ComboFixom. Nije mi prvi put da radim sa tim programom, pa samo jos jedno pitanje da nije mozda do linka, ima li neki drugi sa koga mogu da preuzmem program ?

Profil

dr_Bora Poslao: 16 Mar 2010 19:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Skini ga opet sa istog linka. 2. Obavezno isključi antivirus na kompjuteru na kome pokrećeš ComboFix. 3. Pre pokretanja preimenuj file ComboFix.exe u npr. abc.exe. 4. Ako ni to ne radi, postavi sveže logove programa Gmer.

Profil

rada km Poslao: 16 Mar 2010 20:31 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 16 Mar 2010 20:30 Uradila sam skeniranje i evo loga. Nego sada imam problem sa mojim laptopom izgleda da sam ga inficirala sa fleshom, pa ne mogu da pokrenem nijedan antivirus program niti vas sajt i mnoge druge. mycity.rs/must-login.png Dopuna: 16 Mar 2010 20:31 Nisam dobro prikacila evo opet ComboFix 10-03-15.06 - Korisnik 03/16/2010 23:37:57.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.536 [GMT 4.5:30] Running from: c:\documents and settings\Korisnik\Desktop\abc.exe.exe AV: ESET Smart Security 3.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Korisnik\Application Data\Desktopicon c:\documents and settings\Korisnik\Application Data\Desktopicon\config.ini c:\documents and settings\Korisnik\monse.exe c:\recycler\S-1-5-21-1743518100-7151312968-920697202-5560 c:\recycler\S-1-5-21-6412655726-1302594617-870558978-2750 c:\recycler\S-1-5-21-8393757886-7607593593-611484914-7745 c:\recycler\S-1-5-21-9639594311-4398809420-282521161-5805 c:\recycler\S-1-5-21-9855854247-5952670479-824639178-8986 c:\windows\msa.exe c:\windows\system32\sshnas21.dll c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job D:\AUTORUN.INF . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_AVPsys -------\Service_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 ))))))))))))))))))))))))))))))) . 2010-03-15 22:32 . 2010-03-15 22:32 -------- d-----w- c:\program files\MSXML 4.0 2010-03-15 20:28 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-03-15 20:28 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-03-15 20:28 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-03-15 20:09 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-03-15 19:23 . 2010-03-15 19:29 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-03-15 19:12 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-03-15 18:59 . 2008-04-14 08:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2010-03-15 18:59 . 2008-04-14 08:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2010-03-15 18:59 . 2008-04-14 08:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll 2010-03-15 18:59 . 2008-04-14 08:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll 2010-03-15 18:59 . 2008-04-14 08:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll 2010-03-15 18:59 . 2008-04-14 08:00 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll 2010-03-15 18:59 . 2008-04-14 08:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll 2010-03-15 18:59 . 2008-04-14 08:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll 2010-03-15 18:59 . 2008-04-14 08:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll 2010-03-15 18:59 . 2008-04-14 08:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll 2010-03-15 18:59 . 2008-04-14 08:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll 2010-03-15 18:59 . 2008-04-14 08:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll 2010-03-15 18:57 . 2008-04-14 08:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys 2010-03-15 18:56 . 2001-08-17 21:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll 2010-03-15 18:55 . 2010-01-05 10:00 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-03-15 18:55 . 2010-01-05 10:00 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-03-15 18:55 . 2010-01-05 10:00 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-03-15 18:55 . 2010-01-05 10:00 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2010-03-15 18:55 . 2010-01-05 10:00 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2010-03-15 18:55 . 2009-12-31 15:33 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-03-15 18:55 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2010-03-15 18:55 . 2010-01-05 10:00 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-03-15 18:55 . 2010-03-16 15:52 -------- d--h--w- c:\windows\$hf_mig$ 2010-03-15 18:54 . 2008-04-14 08:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-03-15 18:52 . 2008-04-14 08:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2010-03-15 18:49 . 2010-03-15 18:49 -------- d-----w- c:\program files\Windows Media Connect 2 2010-03-15 18:33 . 2008-04-14 08:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-03-15 18:33 . 2008-04-14 08:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-03-15 18:33 . 2008-04-14 08:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-03-15 18:33 . 2008-04-14 08:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-03-12 14:29 . 2010-03-12 14:29 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Opera 2010-03-12 14:28 . 2010-03-12 14:28 -------- d-----w- c:\program files\Opera 2010-03-11 21:56 . 2010-03-11 21:56 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Flock 2010-03-11 21:56 . 2010-03-11 21:56 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Flock 2010-03-11 21:55 . 2010-03-15 20:36 -------- d-----w- c:\program files\Flock 2010-03-11 17:23 . 2010-03-11 20:23 192512 --sh--r- c:\windows\system32\wmiexec.exe 2010-03-11 12:53 . 2010-03-11 12:53 102912 ----a-w- c:\documents and settings\Korisnik\monisd.exe 2010-03-10 23:23 . 2010-03-11 12:53 102912 --sh--r- c:\documents and settings\Korisnik\Application Data\uapss.exe 2010-03-10 23:21 . 2010-03-10 23:21 102912 ----a-w- c:\documents and settings\Korisnik\tonim.exe 2010-03-10 10:15 . 2010-03-10 10:15 202240 --sh--r- c:\documents and settings\Korisnik\Application Data\nrsh.exe 2010-03-10 10:15 . 2010-03-10 10:15 202240 ----a-w- c:\documents and settings\Korisnik\nos.exe 2010-03-09 08:34 . 2010-03-09 08:34 -------- d-----w- c:\program files\MSECache 2010-03-07 18:44 . 2010-03-07 18:44 439816 ----a-w- c:\documents and settings\Korisnik\Application Data\Real\Update\setup3.10\setup.exe 2010-03-06 20:57 . 2010-03-06 20:57 158208 ----a-w- c:\windows\Eguhaa.exe 2010-03-02 22:48 . 2010-03-04 12:18 150528 --sh--r- c:\documents and settings\Korisnik\Application Data\kvmm.exe 2010-03-02 22:17 . 2010-03-02 22:17 163840 --sh--r- c:\documents and settings\Korisnik\Application Data\aagx.exe 2010-03-01 19:10 . 2010-03-01 19:12 -------- d-----w- c:\program files\Folderico 2010-02-17 06:11 . 2010-03-04 08:12 -------- d-----r- C:\Win . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-15 19:08 . 2008-05-23 08:32 95368 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-15 19:02 . 2009-02-11 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-15 18:50 . 2008-05-23 07:37 22720 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-05 15:38 . 2008-11-04 13:37 -------- d-----w- c:\program files\Common Files\Akamai 2010-02-24 14:16 . 2008-12-05 22:09 3638 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{F6126902-2779-4FE4-8C56-FAF5C7CA9258}\_4ae13d6c.exe 2010-02-24 14:16 . 2008-12-05 22:09 3638 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{F6126902-2779-4FE4-8C56-FAF5C7CA9258}\_294823.exe 2010-02-24 14:16 . 2008-12-05 22:09 3638 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{F6126902-2779-4FE4-8C56-FAF5C7CA9258}\_18be6784.exe 2010-02-09 20:02 . 2008-10-14 12:26 -------- d-----w- c:\program files\Google 2010-01-16 15:43 . 2010-01-16 15:43 -------- d-----w- c:\program files\Microsoft 2010-01-05 10:00 . 2008-04-23 00:16 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2008-07-12 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2008-07-12 19:09 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2008-04-14 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ------- Sigcheck ------- [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-26 126976] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\Korisnik\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-09-20 13:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-03-16 16:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-02-26 19:48 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnStatusMX] 2007-07-13 16:39 1077248 ----a-w- c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-05-10 08:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-22 12:30 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-11-01 22:03 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-10-20 21:11 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\WINDOWS\\system32\\wmiexec.exe"= "c:\\Program Files\\Opera\\opera.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1631:TCP"= 1631:TCP:Akamai NetSession Interface "2488:TCP"= 2488:TCP:Akamai NetSession Interface "2515:TCP"= 2515:TCP:Akamai NetSession Interface "1067:TCP"= 1067:TCP:Akamai NetSession Interface "1068:TCP"= 1068:TCP:Akamai NetSession Interface "1059:TCP"= 1059:TCP:Akamai NetSession Interface "1056:TCP"= 1056:TCP:Akamai NetSession Interface "1060:TCP"= 1060:TCP:Akamai NetSession Interface "1349:TCP"= 1349:TCP:Akamai NetSession Interface "3927:TCP"= 3927:TCP:Akamai NetSession Interface "1057:TCP"= 1057:TCP:Akamai NetSession Interface "1061:TCP"= 1061:TCP:Akamai NetSession Interface "2098:TCP"= 2098:TCP:Akamai NetSession Interface "2224:TCP"= 2224:TCP:Akamai NetSession Interface "1081:TCP"= 1081:TCP:Akamai NetSession Interface "1528:TCP"= 1528:TCP:Akamai NetSession Interface "1072:TCP"= 1072:TCP:Akamai NetSession Interface "1065:TCP"= 1065:TCP:Akamai NetSession Interface "1062:TCP"= 1062:TCP:Akamai NetSession Interface "1381:TCP"= 1381:TCP:Akamai NetSession Interface "1281:TCP"= 1281:TCP:Akamai NetSession Interface "1814:TCP"= 1814:TCP:Akamai NetSession Interface "2271:TCP"= 2271:TCP:Akamai NetSession Interface "1063:TCP"= 1063:TCP:Akamai NetSession Interface "1390:TCP"= 1390:TCP:Akamai NetSession Interface "1753:TCP"= 1753:TCP:Akamai NetSession Interface "1078:TCP"= 1078:TCP:Akamai NetSession Interface "1341:TCP"= 1341:TCP:Akamai NetSession Interface "2650:TCP"= 2650:TCP:Akamai NetSession Interface "1092:TCP"= 1092:TCP:Akamai NetSession Interface "2394:TCP"= 2394:TCP:Akamai NetSession Interface "2983:TCP"= 2983:TCP:Akamai NetSession Interface "2996:TCP"= 2996:TCP:Akamai NetSession Interface "4026:TCP"= 4026:TCP:Akamai NetSession Interface "1245:TCP"= 1245:TCP:Akamai NetSession Interface "1366:TCP"= 1366:TCP:Akamai NetSession Interface "1979:TCP"= 1979:TCP:Akamai NetSession Interface "1066:TCP"= 1066:TCP:Akamai NetSession Interface "1070:TCP"= 1070:TCP:Akamai NetSession Interface "2535:TCP"= 2535:TCP:Akamai NetSession Interface "1074:TCP"= 1074:TCP:Akamai NetSession Interface "1879:TCP"= 1879:TCP:Akamai NetSession Interface "2254:TCP"= 2254:TCP:Akamai NetSession Interface "3629:TCP"= 3629:TCP:Akamai NetSession Interface "3741:TCP"= 3741:TCP:Akamai NetSession Interface "2389:TCP"= 2389:TCP:Akamai NetSession Interface "2487:TCP"= 2487:TCP:Akamai NetSession Interface "4142:TCP"= 4142:TCP:Akamai NetSession Interface "1306:TCP"= 1306:TCP:Akamai NetSession Interface "1379:TCP"= 1379:TCP:Akamai NetSession Interface "1040:TCP"= 1040:TCP:Akamai NetSession Interface "1295:TCP"= 1295:TCP:Akamai NetSession Interface "1409:TCP"= 1409:TCP:Akamai NetSession Interface "2756:TCP"= 2756:TCP:Akamai NetSession Interface "1865:TCP"= 1865:TCP:Akamai NetSession Interface "3094:TCP"= 3094:TCP:Akamai NetSession Interface "1042:TCP"= 1042:TCP:Akamai NetSession Interface "1155:TCP"= 1155:TCP:Akamai NetSession Interface "1485:TCP"= 1485:TCP:Akamai NetSession Interface "1236:TCP"= 1236:TCP:Akamai NetSession Interface "1297:TCP"= 1297:TCP:Akamai NetSession Interface "2311:TCP"= 2311:TCP:Akamai NetSession Interface R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/7/2007 12:33 AM 660768] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 4:30 AM 316992] S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 12:30 PM 14336] S2 gupdate1c98c746bf42a4;Google Update Service (gupdate1c98c746bf42a4);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 10:40 PM 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-03-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 18:07] 2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:10] 2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\09tymwoj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-Sys32 - (no file) ActiveSetup-{92GOM5C0-6FCB-13HJ-LKX5-81CTYK99850309} - c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\igfxsrvo.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-03-16 23:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1244) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(1712) c:\windows\system32\WININET.dll c:\windows\system32\IEFRAME.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll c:\windows\system32\mshtml.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\btncopy.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\AirLive\Bluetooth Software\bin\btwdins.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************ . Completion time: 2010-03-16 23:47:57 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-16 19:17 Pre-Run: 23,675,002,880 bytes free Post-Run: 26,110,619,648 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - F4D7BEBEC952EE42A2F124520E5AFAD9

Profil

dr_Bora Poslao: 16 Mar 2010 20:55 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:Nego sada imam problem sa mojim laptopom izgleda da sam ga inficirala sa fleshom, pa ne mogu da pokrenem nijedan antivirus program niti vas sajt i mnoge druge. Rešićemo. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\wmiexec.exe c:\documents and settings\Korisnik\monisd.exe c:\documents and settings\Korisnik\Application Data\uapss.exe c:\documents and settings\Korisnik\tonim.exe c:\documents and settings\Korisnik\Application Data\nrsh.exe c:\documents and settings\Korisnik\nos.exe c:\windows\Eguhaa.exe c:\documents and settings\Korisnik\Application Data\kvmm.exe c:\documents and settings\Korisnik\Application Data\aagx.exe Folder:: C:\Win DirLook:: c:\program files\Folderico` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Ovime smo možda i gotovi ovde (moram da pregledam i idući log). Taj inficirani flash za sada ne koristi. Imaš li na njemu DDS, Gmer i ComboFix (da znam kako ćemo dalje)?

Profil

rada km Poslao: 16 Mar 2010 21:40 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga i sada se javljam sa muzevljevog laptopa ComboFix 10-03-16.01 - Korisnik 03/17/2010 0:59.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.395 [GMT 4.5:30] Running from: c:\documents and settings\Korisnik\Desktop\abc.exe.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: ESET Smart Security 3.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Created a new restore point FILE :: "c:\documents and settings\Korisnik\Application Data\aagx.exe" "c:\documents and settings\Korisnik\Application Data\kvmm.exe" "c:\documents and settings\Korisnik\Application Data\nrsh.exe" "c:\documents and settings\Korisnik\Application Data\uapss.exe" "c:\documents and settings\Korisnik\monisd.exe" "c:\documents and settings\Korisnik\nos.exe" "c:\documents and settings\Korisnik\tonim.exe" "c:\windows\Eguhaa.exe" "c:\windows\system32\wmiexec.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Korisnik\Application Data\aagx.exe c:\documents and settings\Korisnik\Application Data\kvmm.exe c:\documents and settings\Korisnik\Application Data\nrsh.exe c:\documents and settings\Korisnik\Application Data\uapss.exe c:\documents and settings\Korisnik\monisd.exe c:\documents and settings\Korisnik\nos.exe c:\documents and settings\Korisnik\tonim.exe C:\Win c:\windows\Eguhaa.exe c:\windows\system32\wmiexec.exe . ((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 ))))))))))))))))))))))))))))))) . 2010-03-15 22:32 . 2010-03-15 22:32 -------- d-----w- c:\program files\MSXML 4.0 2010-03-15 20:28 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-03-15 20:28 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-03-15 20:28 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-03-15 20:09 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-03-15 19:23 . 2010-03-15 19:29 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-03-15 19:12 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-03-15 18:59 . 2008-04-14 08:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2010-03-15 18:59 . 2008-04-14 08:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2010-03-15 18:59 . 2008-04-14 08:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll 2010-03-15 18:59 . 2008-04-14 08:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll 2010-03-15 18:59 . 2008-04-14 08:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll 2010-03-15 18:59 . 2008-04-14 08:00 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll 2010-03-15 18:59 . 2008-04-14 08:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll 2010-03-15 18:59 . 2008-04-14 08:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll 2010-03-15 18:59 . 2008-04-14 08:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll 2010-03-15 18:59 . 2008-04-14 08:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll 2010-03-15 18:59 . 2008-04-14 08:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll 2010-03-15 18:59 . 2008-04-14 08:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll 2010-03-15 18:57 . 2008-04-14 08:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys 2010-03-15 18:56 . 2001-08-17 21:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll 2010-03-15 18:55 . 2010-01-05 10:00 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-03-15 18:55 . 2010-01-05 10:00 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-03-15 18:55 . 2010-01-05 10:00 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-03-15 18:55 . 2010-01-05 10:00 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2010-03-15 18:55 . 2010-01-05 10:00 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2010-03-15 18:55 . 2009-12-31 15:33 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-03-15 18:55 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2010-03-15 18:55 . 2010-01-05 10:00 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-03-15 18:55 . 2010-03-16 15:52 -------- d--h--w- c:\windows\$hf_mig$ 2010-03-15 18:54 . 2008-04-14 08:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-03-15 18:52 . 2008-04-14 08:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2010-03-15 18:49 . 2010-03-15 18:49 -------- d-----w- c:\program files\Windows Media Connect 2 2010-03-15 18:33 . 2008-04-14 08:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-03-15 18:33 . 2008-04-14 08:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-03-15 18:33 . 2008-04-14 08:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-03-15 18:33 . 2008-04-14 08:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-03-12 14:29 . 2010-03-12 14:29 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Opera 2010-03-12 14:28 . 2010-03-12 14:28 -------- d-----w- c:\program files\Opera 2010-03-11 21:56 . 2010-03-11 21:56 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Flock 2010-03-11 21:56 . 2010-03-11 21:56 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Flock 2010-03-11 21:55 . 2010-03-15 20:36 -------- d-----w- c:\program files\Flock 2010-03-09 08:34 . 2010-03-09 08:34 -------- d-----w- c:\program files\MSECache 2010-03-07 18:44 . 2010-03-07 18:44 439816 ----a-w- c:\documents and settings\Korisnik\Application Data\Real\Update\setup3.10\setup.exe 2010-03-01 19:10 . 2010-03-01 19:12 -------- d-----w- c:\program files\Folderico . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-16 20:03 . 2009-02-11 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-15 19:08 . 2008-05-23 08:32 95368 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-15 18:50 . 2008-05-23 07:37 22720 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-05 15:38 . 2008-11-04 13:37 -------- d-----w- c:\program files\Common Files\Akamai 2010-02-24 14:16 . 2008-12-05 22:09 3638 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{F6126902-2779-4FE4-8C56-FAF5C7CA9258}\_4ae13d6c.exe 2010-02-24 14:16 . 2008-12-05 22:09 3638 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{F6126902-2779-4FE4-8C56-FAF5C7CA9258}\_294823.exe 2010-02-24 14:16 . 2008-12-05 22:09 3638 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{F6126902-2779-4FE4-8C56-FAF5C7CA9258}\_18be6784.exe 2010-02-09 20:02 . 2008-10-14 12:26 -------- d-----w- c:\program files\Google 2010-01-16 15:43 . 2010-01-16 15:43 -------- d-----w- c:\program files\Microsoft 2010-01-05 10:00 . 2008-04-23 00:16 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2008-07-12 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2008-07-12 19:09 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2008-04-14 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\program files\Folderico ---- 2010-03-01 19:12 . 2010-03-01 19:14 200 ----a-w- c:\program files\Folderico\lib.ini 2010-03-01 19:10 . 2010-03-01 19:10 46333 ----a-w- c:\program files\Folderico\uninst.exe 2010-03-01 19:10 . 2010-03-01 19:10 29 ----a-w- c:\program files\Folderico\folderico.ini 2007-01-04 01:44 . 2007-01-04 01:44 6836 ----a-w- c:\program files\Folderico\info.txt 2007-01-04 01:40 . 2007-01-04 01:40 5110 ----a-w- c:\program files\Folderico\history.txt 2007-01-04 01:34 . 2007-01-04 01:34 14330 ----a-w- c:\program files\Folderico\langs\Espanol.ini 2007-01-04 01:33 . 2007-01-04 01:33 12392 ----a-w- c:\program files\Folderico\langs\russian.ini 2007-01-04 01:33 . 2007-01-04 01:33 8146 ----a-w- c:\program files\Folderico\langs\Template_to_translate.txt 2007-01-04 01:30 . 2007-01-04 01:30 210432 ----a-w- c:\program files\Folderico\folderico372.dll 2007-01-04 00:50 . 2007-01-04 00:50 437 ----a-w- c:\program files\Folderico\Samples\WindowsXP.ini 2006-12-28 18:55 . 2006-12-28 18:55 560 ----a-w- c:\program files\Folderico\Samples\Crystall Clear.ini 2006-12-28 18:31 . 2006-12-28 18:31 369152 ----a-w- c:\program files\Folderico\Folderico.exe 2006-12-22 21:16 . 2006-12-22 21:16 338 ----a-w- c:\program files\Folderico\Samples\ACR_blue.ini 2006-12-22 21:12 . 2006-12-22 21:12 189 ----a-w- c:\program files\Folderico\Samples\Vista.ini 2006-12-22 21:10 . 2006-12-22 21:10 259 ----a-w- c:\program files\Folderico\Samples\FlyakiteOSX.ini 2006-12-01 22:23 . 2006-12-01 22:23 1518 ----a-w- c:\program files\Folderico\langs\Espanol.ico 2006-09-16 20:48 . 2006-09-16 20:48 10846 ----a-w- c:\program files\Folderico\langs\Turkish.ini 2006-08-12 14:59 . 2006-08-12 14:59 1142 ----a-w- c:\program files\Folderico\langs\Turkish.ico 2006-08-12 14:45 . 2006-08-12 14:45 1518 ----a-w- c:\program files\Folderico\langs\TChinese.ico 2006-08-12 14:45 . 2006-08-12 14:45 1518 ----a-w- c:\program files\Folderico\langs\SChinese.ico 2006-08-12 14:45 . 2006-08-12 14:45 1518 ----a-w- c:\program files\Folderico\langs\german.ico 2006-08-12 14:44 . 2006-08-12 14:44 1518 ----a-w- c:\program files\Folderico\langs\dutch.ico 2006-08-12 14:43 . 2006-08-12 14:43 1518 ----a-w- c:\program files\Folderico\langs\italian.ico 2006-08-12 14:43 . 2006-08-12 14:43 1518 ----a-w- c:\program files\Folderico\langs\frenchT.ico 2006-08-12 14:43 . 2006-08-12 14:43 1518 ----a-w- c:\program files\Folderico\langs\English.ico 2006-08-12 14:42 . 2006-08-12 14:42 1518 ----a-w- c:\program files\Folderico\langs\arabic.ico 2006-08-12 14:40 . 2006-08-12 14:40 1518 ----a-w- c:\program files\Folderico\langs\bosnian.ico 2006-08-12 14:39 . 2006-08-12 14:39 1518 ----a-w- c:\program files\Folderico\langs\russian.ico 2006-08-12 14:38 . 2006-08-12 14:38 1518 ----a-w- c:\program files\Folderico\langs\Ukrainian.ico 2006-08-12 14:36 . 2006-08-12 14:36 1518 ----a-w- c:\program files\Folderico\langs\armenian.ico 2006-08-11 19:37 . 2006-08-11 19:37 5078 ----a-w- c:\program files\Folderico\langs\bosnian.ini 2006-08-04 21:47 . 2006-08-04 21:47 4398 ----a-w- c:\program files\Folderico\langs\Ukrainian.ini 2006-08-04 21:47 . 2006-08-04 21:47 2384 ----a-w- c:\program files\Folderico\langs\TChinese.ini 2006-08-04 21:47 . 2006-08-04 21:47 2384 ----a-w- c:\program files\Folderico\langs\SChinese.ini 2006-08-04 21:46 . 2006-08-04 21:46 5380 ----a-w- c:\program files\Folderico\langs\italian.ini 2006-08-04 21:46 . 2006-08-04 21:46 5512 ----a-w- c:\program files\Folderico\langs\german.ini 2006-08-04 21:46 . 2006-08-04 21:46 4530 ----a-w- c:\program files\Folderico\langs\frenchT.ini 2006-08-04 21:45 . 2006-08-04 21:45 5020 ----a-w- c:\program files\Folderico\langs\dutch.ini 2006-08-04 21:45 . 2006-08-04 21:45 7250 ----a-w- c:\program files\Folderico\langs\Armenian.ini 2006-07-28 22:34 . 2006-07-28 22:34 3142 ----a-w- c:\program files\Folderico\langs\arabic.ini 2006-07-26 21:36 . 2006-07-26 21:36 63 ----a-w- c:\program files\Folderico\Samples\FlyakiteOSX.txt 2006-07-05 04:32 . 2006-07-05 04:32 76 ----a-w- c:\program files\Folderico\Samples\WindowsXP.txt 2006-07-05 04:32 . 2006-07-05 04:32 76 ----a-w- c:\program files\Folderico\Samples\Vista.txt 2006-07-04 06:28 . 2006-07-04 06:28 506016 ----a-w- c:\program files\Folderico\Samples\Crystall Clear.icl 2006-07-03 03:40 . 2006-07-03 03:40 4286 ----a-w- c:\program files\Folderico\toolbar\Next-OS\change.ico 2006-07-03 03:40 . 2006-07-03 03:40 4286 ----a-w- c:\program files\Folderico\toolbar\Next-OS\lang.ico 2006-07-03 03:39 . 2006-07-03 03:39 4286 ----a-w- c:\program files\Folderico\toolbar\Next-OS\folder.ico 2006-07-03 03:38 . 2006-07-03 03:38 4286 ----a-w- c:\program files\Folderico\toolbar\Next-OS\about.ico 2006-07-03 03:38 . 2006-07-03 03:38 4286 ----a-w- c:\program files\Folderico\toolbar\Next-OS\tools.ico 2006-07-03 03:38 . 2006-07-03 03:38 4286 ----a-w- c:\program files\Folderico\toolbar\Next-OS\options.ico 2006-07-03 03:30 . 2006-07-03 03:30 4286 ----a-w- c:\program files\Folderico\toolbar\Pak1\change.ico 2006-07-03 03:30 . 2006-07-03 03:30 4286 ----a-w- c:\program files\Folderico\toolbar\Pak1\tools.ico 2006-07-03 03:28 . 2006-07-03 03:28 4286 ----a-w- c:\program files\Folderico\toolbar\Pak1\options.ico 2006-07-03 03:28 . 2006-07-03 03:28 4286 ----a-w- c:\program files\Folderico\toolbar\Pak1\lang.ico 2006-07-03 03:26 . 2006-07-03 03:26 4286 ----a-w- c:\program files\Folderico\toolbar\Pak1\about.ico 2006-07-03 03:26 . 2006-07-03 03:26 4286 ----a-w- c:\program files\Folderico\toolbar\Pak1\folder.ico 2006-07-03 03:15 . 2006-07-03 03:15 766 ----a-w- c:\program files\Folderico\toolbar\xp\tools.ico 2006-07-03 03:14 . 2006-07-03 03:14 4286 ----a-w- c:\program files\Folderico\toolbar\xp\lang.ico 2006-07-03 03:11 . 2006-07-03 03:11 4286 ----a-w- c:\program files\Folderico\toolbar\xp\change.ico 2006-07-03 03:09 . 2006-07-03 03:09 4286 ----a-w- c:\program files\Folderico\toolbar\xp\options.ico 2006-07-03 03:09 . 2006-07-03 03:09 2238 ----a-w- c:\program files\Folderico\toolbar\xp\about.ico 2006-07-03 03:08 . 2006-07-03 03:08 3262 ----a-w- c:\program files\Folderico\toolbar\xp\folder.ico 2006-07-03 01:17 . 2006-07-03 01:17 244 ----a-w- c:\program files\Folderico\Samples\Crystall Clear.txt 2006-06-26 01:51 . 2006-06-26 01:51 1499200 ----a-w- c:\program files\Folderico\Samples\vista.icl 2006-06-12 16:19 . 2006-06-12 16:19 459280 ----a-w- c:\program files\Folderico\Samples\ACR_blue.icl 2006-06-12 09:42 . 2006-06-12 09:42 412976 ----a-w- c:\program files\Folderico\Samples\FlyakiteOSX.icl 2006-06-12 09:29 . 2006-06-12 09:29 478832 ----a-w- c:\program files\Folderico\Samples\WindowsXP.icl 2006-03-14 20:18 . 2006-03-14 20:18 2212 ----a-w- c:\program files\Folderico\License.txt ------- Sigcheck ------- [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-03-16_19.14.30 ))))))))))))))))))))))))))))))))))))))))) . - 2001-08-23 12:00 . 2010-03-16 18:58 60778 c:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2010-03-16 19:18 60778 c:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2010-03-16 19:18 400532 c:\windows\system32\perfh009.dat - 2001-08-23 12:00 . 2010-03-16 18:58 400532 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-26 126976] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\Korisnik\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-09-20 13:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-03-16 16:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-02-26 19:48 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnStatusMX] 2007-07-13 16:39 1077248 ----a-w- c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-05-10 08:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-22 12:30 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-11-01 22:03 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-10-20 21:11 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Program Files\\Opera\\opera.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1631:TCP"= 1631:TCP:Akamai NetSession Interface "2488:TCP"= 2488:TCP:Akamai NetSession Interface "2515:TCP"= 2515:TCP:Akamai NetSession Interface "1067:TCP"= 1067:TCP:Akamai NetSession Interface "1068:TCP"= 1068:TCP:Akamai NetSession Interface "1059:TCP"= 1059:TCP:Akamai NetSession Interface "1056:TCP"= 1056:TCP:Akamai NetSession Interface "1060:TCP"= 1060:TCP:Akamai NetSession Interface "1349:TCP"= 1349:TCP:Akamai NetSession Interface "3927:TCP"= 3927:TCP:Akamai NetSession Interface "1057:TCP"= 1057:TCP:Akamai NetSession Interface "1061:TCP"= 1061:TCP:Akamai NetSession Interface "2098:TCP"= 2098:TCP:Akamai NetSession Interface "2224:TCP"= 2224:TCP:Akamai NetSession Interface "1081:TCP"= 1081:TCP:Akamai NetSession Interface "1528:TCP"= 1528:TCP:Akamai NetSession Interface "1072:TCP"= 1072:TCP:Akamai NetSession Interface "1065:TCP"= 1065:TCP:Akamai NetSession Interface "1062:TCP"= 1062:TCP:Akamai NetSession Interface "1381:TCP"= 1381:TCP:Akamai NetSession Interface "1281:TCP"= 1281:TCP:Akamai NetSession Interface "1814:TCP"= 1814:TCP:Akamai NetSession Interface "2271:TCP"= 2271:TCP:Akamai NetSession Interface "1063:TCP"= 1063:TCP:Akamai NetSession Interface "1390:TCP"= 1390:TCP:Akamai NetSession Interface "1753:TCP"= 1753:TCP:Akamai NetSession Interface "1078:TCP"= 1078:TCP:Akamai NetSession Interface "1341:TCP"= 1341:TCP:Akamai NetSession Interface "2650:TCP"= 2650:TCP:Akamai NetSession Interface "1092:TCP"= 1092:TCP:Akamai NetSession Interface "2394:TCP"= 2394:TCP:Akamai NetSession Interface "2983:TCP"= 2983:TCP:Akamai NetSession Interface "2996:TCP"= 2996:TCP:Akamai NetSession Interface "4026:TCP"= 4026:TCP:Akamai NetSession Interface "1245:TCP"= 1245:TCP:Akamai NetSession Interface "1366:TCP"= 1366:TCP:Akamai NetSession Interface "1979:TCP"= 1979:TCP:Akamai NetSession Interface "1066:TCP"= 1066:TCP:Akamai NetSession Interface "1070:TCP"= 1070:TCP:Akamai NetSession Interface "2535:TCP"= 2535:TCP:Akamai NetSession Interface "1074:TCP"= 1074:TCP:Akamai NetSession Interface "1879:TCP"= 1879:TCP:Akamai NetSession Interface "2254:TCP"= 2254:TCP:Akamai NetSession Interface "3629:TCP"= 3629:TCP:Akamai NetSession Interface "3741:TCP"= 3741:TCP:Akamai NetSession Interface "2389:TCP"= 2389:TCP:Akamai NetSession Interface "2487:TCP"= 2487:TCP:Akamai NetSession Interface "4142:TCP"= 4142:TCP:Akamai NetSession Interface "1306:TCP"= 1306:TCP:Akamai NetSession Interface "1379:TCP"= 1379:TCP:Akamai NetSession Interface "1040:TCP"= 1040:TCP:Akamai NetSession Interface "1295:TCP"= 1295:TCP:Akamai NetSession Interface "1409:TCP"= 1409:TCP:Akamai NetSession Interface "2756:TCP"= 2756:TCP:Akamai NetSession Interface "1865:TCP"= 1865:TCP:Akamai NetSession Interface "3094:TCP"= 3094:TCP:Akamai NetSession Interface "1042:TCP"= 1042:TCP:Akamai NetSession Interface "1155:TCP"= 1155:TCP:Akamai NetSession Interface "1485:TCP"= 1485:TCP:Akamai NetSession Interface "1236:TCP"= 1236:TCP:Akamai NetSession Interface "1297:TCP"= 1297:TCP:Akamai NetSession Interface "2311:TCP"= 2311:TCP:Akamai NetSession Interface R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/7/2007 12:33 AM 660768] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 4:30 AM 316992] S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 12:30 PM 14336] S2 gupdate1c98c746bf42a4;Google Update Service (gupdate1c98c746bf42a4);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 10:40 PM 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-03-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 18:07] 2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:10] 2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\09tymwoj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-03-17 01:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1244) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Completion time: 2010-03-17 01:04:40 ComboFix-quarantined-files.txt 2010-03-16 20:34 ComboFix2.txt 2010-03-16 19:17 Pre-Run: 26,085,613,568 bytes free Post-Run: 26,065,129,472 bytes free

Profil

dr_Bora Poslao: 16 Mar 2010 22:20 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ovaj kompjuter je čist. Nisi mi odgovorila: Citat:Taj inficirani flash za sada ne koristi. Imaš li na njemu DDS, Gmer i ComboFix (da znam kako ćemo dalje)? Ako imaš ComboFix na njemu, pokreni ga na drugom kompjuteru i postavi mi log. Nakon tog postupka bi trebalo da možeš (bar na kratko) pristupiti MC-u. Ako nemaš, reci. Inficirani flash ne priključuj u čiste kompjutere.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem sa laptopom

Ko je trenutno na forumu

Ukupno su 1118 korisnika na forumu :: 38 registrovanih, 4 sakrivenih i 1076 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: antonije64, Areal84, babaroga, Bobrock1, bokisha253, delrey, dushan, Georgius, Griffon vulture, hooraay, Karla, Koridor 11, Kriglord, krkalon, Krvava Devetka, kybonacci, Lieutenant, Lošmi, mercedesamg, Mercury, Milos ZA, milutin134, nebkv, Oscar, pein, procesor, raptorsi, ruger357, Srky Boy, Srle993, stegonosa, Tores, Trpe Grozni, Vladko, VP6919, Webb, wolf431, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by