MyCity » Ambulanta -> Arhiva Ambulante » upomoc

upomoc

Napisano na dan: 15.1.2009

upomoc

Sledeća strana

Pagination

Odgovori

sanjar66 Poslao: 15 Jan 2009 02:47 Idi na vrh
offline sanjar66 Novi MyCity građanin Pridružio: 15 Jan 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:28:17, on 15-Jan-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe D:\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\Explorer.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nemanja\Desktop\New Folder (2)\tr3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = windiwsfsearch.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?linkid=63939 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: 912525 helper - {0354731f-950c-4a53-bc2b-132b5ee6b0fa} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKLM\..\Policies\Explorer\Run: [none2] C:\WINDOWS\lsass.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3839350265 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: sscSched - Unknown owner - C:\WINDOWS\system32\sscsched.exe (file missing) -- End of file - 10108 bytes Dopuna: 15 Jan 2009 2:47 potrebna mi je vasa pomoc sve su ovo za mene spanska sela kad ukljucim kompjuter pojavljuje se obavestenje da nemoze da nadje csrcs.exe

Profil

diarno Poslao: 15 Jan 2009 17:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Uradi sledece : * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

sanjar66 Poslao: 15 Jan 2009 17:58 Idi na vrh
offline sanjar66 Novi MyCity građanin Pridružio: 15 Jan 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-13.04 - Nemanja 2009-01-15 17:35:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1279.740 [GMT 1:00] Running from: c:\documents and settings\Nemanja\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus On-access scanning enabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1.exe c:\documents and settings\Nemanja\Application Data\.# c:\recycler\ADAPT_Installer.exe c:\windows\system32\2.bat c:\windows\system32\AutoRun.inf c:\windows\system32\msupdte.exe D:\hl.exe . ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-15 15:27 . 2009-01-15 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty 2009-01-15 14:36 . 2009-01-15 14:36 <DIR> d-------- c:\windows\Ranch Rush 2009-01-15 14:36 . 2009-01-15 14:36 <DIR> d-------- c:\windows\Farm Mania 2009-01-15 14:35 . 2009-01-15 14:35 <DIR> d-------- c:\windows\Sunshine Acres 2009-01-15 01:04 . 2009-01-15 01:04 268 --ah----- C:\sqmdata03.sqm 2009-01-15 01:04 . 2009-01-15 01:04 244 --ah----- C:\sqmnoopt03.sqm 2009-01-14 23:44 . 2009-01-14 23:44 <DIR> d-------- C:\My Games 2009-01-14 23:44 . 2009-01-15 15:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-01-14 23:09 . 2009-01-14 23:09 <DIR> d-------- c:\program files\bfgclient 2009-01-14 23:08 . 2009-01-14 23:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-01-14 17:52 . 2009-01-14 17:52 <DIR> d-------- c:\program files\Electronic Arts 2009-01-14 14:53 . 2009-01-14 14:53 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Novaleaf Software Co. Ltd 2009-01-10 17:33 . 2009-01-10 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Awem 2009-01-10 17:28 . 2009-01-10 17:32 <DIR> d-------- c:\program files\Games 2009-01-10 17:23 . 2009-01-10 17:24 <DIR> d-------- c:\documents and settings\Nemanja\uspy 2009-01-10 01:02 . 2009-01-10 01:03 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Fabulous Finds 2009-01-10 00:24 . 2009-01-10 00:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DivoGames 2009-01-09 17:45 . 2009-01-09 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\cerasus.media 2009-01-09 01:59 . 2009-01-09 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Friends Games 2009-01-09 00:52 . 2009-01-09 00:53 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\RegTool 2009-01-09 00:27 . 2009-01-09 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-01-08 23:50 . 2009-01-08 23:50 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Playrix Entertainment 2009-01-08 19:22 . 2009-01-08 19:37 <DIR> d-------- c:\program files\GameHouse 2009-01-08 15:15 . 2009-01-08 15:15 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Flood Light Games 2009-01-08 15:15 . 2009-01-08 15:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Flood Light Games 2009-01-08 13:14 . 2009-01-08 13:14 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\TMInc 2009-01-08 10:45 . 2009-01-08 10:45 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Sahmon Games 2009-01-05 16:00 . 2009-01-05 16:00 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Mushroom Age 2009-01-03 23:03 . 2009-01-03 23:03 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\eGames 2009-01-03 23:03 . 2009-01-03 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\eGames 2009-01-03 04:36 . 2009-01-03 04:36 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\blg 2009-01-03 04:36 . 2009-01-03 04:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\blg 2009-01-02 11:23 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-01-02 11:23 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-01-02 11:23 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-02 11:23 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-01-01 15:59 . 2009-01-01 15:59 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\GOL_byHasbro 2008-12-30 15:07 . 2008-12-30 15:07 268 --ah----- C:\sqmdata02.sqm 2008-12-30 15:07 . 2008-12-30 15:07 244 --ah----- C:\sqmnoopt02.sqm 2008-12-28 15:27 . 2008-12-28 15:27 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Ludia 2008-12-28 15:27 . 2008-12-28 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ludia 2008-12-23 22:33 . 2008-12-23 22:33 <DIR> d-------- c:\program files\Counter-Strike 1.6 2008-12-22 15:28 . 2008-12-22 15:28 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Cat's Eye Games 2008-12-22 15:25 . 2008-12-22 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\AdventureChronicles1 2008-12-21 16:01 . 2008-12-21 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayPond 2008-12-20 10:44 . 2008-12-20 10:44 <DIR> d-------- c:\program files\directx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-15 16:39 458,784 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-01-15 16:39 2,648 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-01-15 16:39 16,004 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-15 16:39 1,910,304 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-15 14:05 --------- d-----w c:\documents and settings\Nemanja\Application Data\uTorrent 2009-01-14 22:30 --------- d---a-w c:\documents and settings\All Users\Application Data\Temp 2009-01-14 22:21 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2 2009-01-14 01:12 --------- d-----w c:\documents and settings\Nemanja\Application Data\Gamelab 2009-01-12 16:20 --------- d-----w c:\program files\Google 2009-01-09 16:45 --------- d-----w c:\documents and settings\Nemanja\Application Data\cerasus.media 2009-01-08 23:28 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-08 23:09 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium 2009-01-08 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2009-01-08 18:21 --------- d-----w c:\documents and settings\Nemanja\Application Data\GameHouse 2008-12-29 22:08 --------- d-----w c:\documents and settings\Nemanja\Application Data\Playfirst 2008-12-26 17:10 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-12-25 22:03 --------- d-----w c:\documents and settings\Nemanja\Application Data\Artogon 2008-12-25 21:25 --------- d-----w c:\documents and settings\Nemanja\Application Data\Friday's games 2008-12-23 18:17 --------- d-----w c:\program files\Common Files\Adobe 2008-12-16 18:44 --------- d-----w c:\documents and settings\Nemanja\Application Data\Home Sweet Home Christmas 2008-12-12 16:28 --------- d-----w c:\documents and settings\Nemanja\Application Data\My Games 2008-12-12 07:35 --------- d-----w c:\documents and settings\Nemanja\Application Data\Meridian93 2008-12-11 21:44 --------- d-----w c:\documents and settings\Nemanja\Application Data\SpinTop Games 2008-12-11 21:43 --------- d-----w c:\documents and settings\Nemanja\Application Data\Ashtons. Family Resort 2008-12-11 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Ashtons. Family Resort 2008-12-10 22:37 --------- d-----w c:\documents and settings\Nemanja\Application Data\iWin 2008-12-10 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\iWin 2008-12-10 07:57 --------- d-----w c:\documents and settings\Nemanja\Application Data\Games 2008-12-10 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\iWin Games 2008-12-09 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2008-12-09 20:28 --------- d-----w c:\documents and settings\Nemanja\Application Data\MysteryStudio 2008-12-06 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze 2008-12-05 22:21 --------- d-----w c:\documents and settings\Nemanja\Application Data\Shape games 2008-12-04 22:34 --------- d-----w c:\documents and settings\Nemanja\Application Data\World-LooM 2008-12-03 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\NeptunesAdve 2008-12-02 14:58 --------- d-----w c:\program files\BFG 2008-11-30 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\Questtracers 2008-11-30 00:13 --------- d-----w c:\documents and settings\Nemanja\Application Data\Big Fish Games 2008-11-28 23:40 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games 2008-11-21 22:45 96,976 ----a-w c:\windows\system32\drivers\klin.dat 2008-11-20 18:19 --------- d-----w c:\documents and settings\All Users\Application Data\Phenomedia 2008-11-19 20:53 95,481,962 ----a-w c:\windows\system32\xa118203.exe 2008-11-19 20:53 95,481,962 ----a-w c:\windows\system32\xa108296.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa8047171.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa8046609.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7904656.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7869921.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7844140.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7822093.exe 2008-11-19 12:43 38,887,530 ----a-w c:\windows\system32\xa17850296.exe 2008-11-19 12:43 38,887,530 ----a-w c:\windows\system32\xa17847406.exe 2008-11-19 12:43 176,128 ----a-w c:\windows\system32\xwr85157.dll 2008-11-19 12:43 176,128 ----a-w c:\windows\system32\wr85157.dll 2008-11-18 23:53 --------- d-----w c:\documents and settings\All Users\Application Data\VirtualFarm 2008-11-15 18:58 --------- d-----w c:\program files\Common Files\SWF Studio 2008-10-31 16:40 2,729 ----a-w C:\mcyqt.exe 2008-10-31 16:40 2,715 ----a-w C:\iufepbfn.exe 2008-10-31 15:32 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-10-17 15:49 29,480 ----a-w c:\windows\system32\msxml3a.dll 2008-10-12 18:17 87,608 ----a-w c:\documents and settings\Nemanja\Application Data\ezpinst.exe 2008-10-12 18:17 47,360 ----a-w c:\documents and settings\Nemanja\Application Data\pcouffin.sys 2008-10-12 18:06 8 --sh--r c:\documents and settings\All Users\Application Data\E8A12053F2.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 111856] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 111856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "Sony Ericsson PC Suite"="d:\sony ericsson pc suite\SEPCSuite.exe" [2008-02-20 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-01 4112384] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-01 81920] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 111856] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "nwiz"="nwiz.exe" [2004-07-01 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-13 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-03 415072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\uTorrent.exe"= "d:\\Counter-Strike Source\\HL2.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "d:\\pecanje igrica\\Pro Bass Fishing 2003\\ProBass.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 15:50:32 61424] S1 ethlmkeg;ethlmkeg;c:\windows\system32\drivers\ethlmkeg.sys [2008-10-31 135168] S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?] S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2004-07-26 55936] S4 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2004-07-26 45312] S4 sscSched;sscSched;c:\windows\system32\sscsched.exe --> c:\windows\system32\sscsched.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005f9780-99b7-11dd-a672-00016cd1d01e}] \Shell\Auto\command - setup.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c2844c-a74a-11dd-a69e-00016cd1d01e}] \Shell\AutoRun\command - F:\yjzybc.exe \Shell\explore\Command - F:\yjzybc.exe \Shell\open\Command - F:\yjzybc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d55633-a4db-11dd-a699-00016cd1d01e}] \Shell\AutoRun\command - yjzybc.exe \Shell\explore\Command - yjzybc.exe \Shell\open\Command - yjzybc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c4e8f29-9865-11dd-b869-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c30cf8-a45f-11dd-a696-00016cd1d01e}] \Shell\AutoRun\command - F:\yjzybc.exe \Shell\explore\Command - F:\yjzybc.exe \Shell\open\Command - F:\yjzybc.exe . Contents of the 'Scheduled Tasks' folder 2009-01-15 c:\windows\Tasks\RegTool Scan.job - c:\program files\RegTool\RegTool.exe [] 2009-01-15 c:\windows\Tasks\RegTool Scan.job - c:\program files\RegTool [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-RegTool - c:\program files\RegTool\RegTool.exe HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe HKLM-Explorer_Run-none2 - c:\windows\lsass.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = uDefault_Search_URL = mStart Page = hxxp://home.sweetim.com mSearch Bar = mSearchMigratedDefaultURL = IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Nemanja\Application Data\Mozilla\Firefox\Profiles\f6tooetw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-15 17:40:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3776) c:\windows\system32\ieframe.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\program files\Mozilla Firefox\firefox.exe c:\windows\system32\imapi.exe . ************************************************************************ . Completion time: 2009-01-15 17:44:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-15 16:44:25 Pre-Run: 3,474,526,208 bytes free Post-Run: 3,592,761,344 bytes free 295 Dopuna: 15 Jan 2009 17:53 nadam se da sam sve uradila kako treba unapred zahvalna Dopuna: 15 Jan 2009 17:58 super hvala vam resila sam problem

Profil

diarno Poslao: 15 Jan 2009 19:53 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sacekaj da pregledam log.... Veceras ces dobiti dalje instrukcije; Dopuna: 15 Jan 2009 19:53 Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\sscsched.exe c:\windows\system32\drivers\ethlmkeg.sys C:\mcyqt.exe C:\iufepbfn.exe c:\windows\system32\wr85157.dll c:\windows\system32\xwr85157.dll Filelook:: c:\windows\system32\xa118203.exe Driver:: ethlmkeg sscSched Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c2844c-a74a-11dd-a69e-00016cd1d01e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d55633-a4db-11dd-a699-00016cd1d01e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c30cf8-a45f-11dd-a696-00016cd1d01e}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

sanjar66 Poslao: 16 Jan 2009 00:27 Idi na vrh
offline sanjar66 Novi MyCity građanin Pridružio: 15 Jan 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-13.04 - Nemanja 2009-01-16 0:13:48.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1279.724 [GMT 1:00] Running from: c:\documents and settings\Nemanja\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Nemanja\Desktop\CFScript.txt AV: Kaspersky Anti-Virus On-access scanning enabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\iufepbfn.exe C:\mcyqt.exe c:\windows\system32\drivers\ethlmkeg.sys c:\windows\system32\sscsched.exe c:\windows\system32\wr85157.dll c:\windows\system32\xwr85157.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\iufepbfn.exe C:\mcyqt.exe c:\windows\system32\drivers\ethlmkeg.sys c:\windows\system32\wr85157.dll c:\windows\system32\xwr85157.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSCSCHED -------\Service_ethlmkeg -------\Service_sscSched ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-15 15:27 . 2009-01-15 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty 2009-01-15 14:36 . 2009-01-15 14:36 <DIR> d-------- c:\windows\Ranch Rush 2009-01-15 14:36 . 2009-01-15 14:36 <DIR> d-------- c:\windows\Farm Mania 2009-01-15 14:35 . 2009-01-15 14:35 <DIR> d-------- c:\windows\Sunshine Acres 2009-01-15 01:04 . 2009-01-15 01:04 268 --ah----- C:\sqmdata03.sqm 2009-01-15 01:04 . 2009-01-15 01:04 244 --ah----- C:\sqmnoopt03.sqm 2009-01-14 23:44 . 2009-01-14 23:44 <DIR> d-------- C:\My Games 2009-01-14 23:44 . 2009-01-15 15:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-01-14 23:09 . 2009-01-14 23:09 <DIR> d-------- c:\program files\bfgclient 2009-01-14 23:08 . 2009-01-14 23:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-01-14 17:52 . 2009-01-14 17:52 <DIR> d-------- c:\program files\Electronic Arts 2009-01-14 14:53 . 2009-01-14 14:53 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Novaleaf Software Co. Ltd 2009-01-10 17:33 . 2009-01-10 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Awem 2009-01-10 17:28 . 2009-01-10 17:32 <DIR> d-------- c:\program files\Games 2009-01-10 17:23 . 2009-01-10 17:24 <DIR> d-------- c:\documents and settings\Nemanja\uspy 2009-01-10 01:02 . 2009-01-10 01:03 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Fabulous Finds 2009-01-10 00:24 . 2009-01-10 00:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DivoGames 2009-01-09 17:45 . 2009-01-09 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\cerasus.media 2009-01-09 01:59 . 2009-01-09 01:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Friends Games 2009-01-09 00:52 . 2009-01-09 00:53 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\RegTool 2009-01-09 00:27 . 2009-01-09 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-01-08 23:50 . 2009-01-08 23:50 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Playrix Entertainment 2009-01-08 19:22 . 2009-01-08 19:37 <DIR> d-------- c:\program files\GameHouse 2009-01-08 15:15 . 2009-01-08 15:15 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Flood Light Games 2009-01-08 15:15 . 2009-01-08 15:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Flood Light Games 2009-01-08 13:14 . 2009-01-08 13:14 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\TMInc 2009-01-08 10:45 . 2009-01-08 10:45 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Sahmon Games 2009-01-05 16:00 . 2009-01-05 16:00 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Mushroom Age 2009-01-03 23:03 . 2009-01-03 23:03 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\eGames 2009-01-03 23:03 . 2009-01-03 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\eGames 2009-01-03 04:36 . 2009-01-03 04:36 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\blg 2009-01-03 04:36 . 2009-01-03 04:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\blg 2009-01-02 11:23 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-01-02 11:23 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-01-02 11:23 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-02 11:23 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-01-01 15:59 . 2009-01-01 15:59 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\GOL_byHasbro 2008-12-30 15:07 . 2008-12-30 15:07 268 --ah----- C:\sqmdata02.sqm 2008-12-30 15:07 . 2008-12-30 15:07 244 --ah----- C:\sqmnoopt02.sqm 2008-12-28 15:27 . 2008-12-28 15:27 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Ludia 2008-12-28 15:27 . 2008-12-28 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ludia 2008-12-23 22:33 . 2008-12-23 22:33 <DIR> d-------- c:\program files\Counter-Strike 1.6 2008-12-22 15:28 . 2008-12-22 15:28 <DIR> d-------- c:\documents and settings\Nemanja\Application Data\Cat's Eye Games 2008-12-22 15:25 . 2008-12-22 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\AdventureChronicles1 2008-12-21 16:01 . 2008-12-21 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayPond 2008-12-20 10:44 . 2008-12-20 10:44 <DIR> d-------- c:\program files\directx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 23:17 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-15 23:16 458,784 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-01-15 23:16 2,648 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-01-15 23:16 16,004 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-15 23:16 1,910,304 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-15 14:05 --------- d-----w c:\documents and settings\Nemanja\Application Data\uTorrent 2009-01-14 22:30 --------- d---a-w c:\documents and settings\All Users\Application Data\Temp 2009-01-14 22:21 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2 2009-01-14 01:12 --------- d-----w c:\documents and settings\Nemanja\Application Data\Gamelab 2009-01-12 16:20 --------- d-----w c:\program files\Google 2009-01-09 16:45 --------- d-----w c:\documents and settings\Nemanja\Application Data\cerasus.media 2009-01-08 23:28 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-08 23:09 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium 2009-01-08 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2009-01-08 18:21 --------- d-----w c:\documents and settings\Nemanja\Application Data\GameHouse 2008-12-29 22:08 --------- d-----w c:\documents and settings\Nemanja\Application Data\Playfirst 2008-12-26 17:10 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-12-25 22:03 --------- d-----w c:\documents and settings\Nemanja\Application Data\Artogon 2008-12-25 21:25 --------- d-----w c:\documents and settings\Nemanja\Application Data\Friday's games 2008-12-23 18:17 --------- d-----w c:\program files\Common Files\Adobe 2008-12-16 18:44 --------- d-----w c:\documents and settings\Nemanja\Application Data\Home Sweet Home Christmas 2008-12-12 16:28 --------- d-----w c:\documents and settings\Nemanja\Application Data\My Games 2008-12-12 07:35 --------- d-----w c:\documents and settings\Nemanja\Application Data\Meridian93 2008-12-11 21:44 --------- d-----w c:\documents and settings\Nemanja\Application Data\SpinTop Games 2008-12-11 21:43 --------- d-----w c:\documents and settings\Nemanja\Application Data\Ashtons. Family Resort 2008-12-11 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Ashtons. Family Resort 2008-12-10 22:37 --------- d-----w c:\documents and settings\Nemanja\Application Data\iWin 2008-12-10 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\iWin 2008-12-10 07:57 --------- d-----w c:\documents and settings\Nemanja\Application Data\Games 2008-12-10 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\iWin Games 2008-12-09 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2008-12-09 20:28 --------- d-----w c:\documents and settings\Nemanja\Application Data\MysteryStudio 2008-12-06 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze 2008-12-05 22:21 --------- d-----w c:\documents and settings\Nemanja\Application Data\Shape games 2008-12-04 22:34 --------- d-----w c:\documents and settings\Nemanja\Application Data\World-LooM 2008-12-03 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\NeptunesAdve 2008-12-02 14:58 --------- d-----w c:\program files\BFG 2008-11-30 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\Questtracers 2008-11-30 00:13 --------- d-----w c:\documents and settings\Nemanja\Application Data\Big Fish Games 2008-11-28 23:40 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games 2008-11-21 22:45 96,976 ----a-w c:\windows\system32\drivers\klin.dat 2008-11-20 18:19 --------- d-----w c:\documents and settings\All Users\Application Data\Phenomedia 2008-11-19 20:53 95,481,962 ----a-w c:\windows\system32\xa118203.exe 2008-11-19 20:53 95,481,962 ----a-w c:\windows\system32\xa108296.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa8047171.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa8046609.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7904656.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7869921.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7844140.exe 2008-11-19 20:49 95,481,962 ----a-w c:\windows\system32\xa7822093.exe 2008-11-19 12:43 38,887,530 ----a-w c:\windows\system32\xa17850296.exe 2008-11-19 12:43 38,887,530 ----a-w c:\windows\system32\xa17847406.exe 2008-11-18 23:53 --------- d-----w c:\documents and settings\All Users\Application Data\VirtualFarm 2008-11-15 18:58 --------- d-----w c:\program files\Common Files\SWF Studio 2008-10-31 15:32 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-10-17 15:49 29,480 ----a-w c:\windows\system32\msxml3a.dll 2008-10-12 18:17 87,608 ----a-w c:\documents and settings\Nemanja\Application Data\ezpinst.exe 2008-10-12 18:17 47,360 ----a-w c:\documents and settings\Nemanja\Application Data\pcouffin.sys 2008-10-12 18:06 8 --sh--r c:\documents and settings\All Users\Application Data\E8A12053F2.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\xa118203.exe -- Not a PE file. MD5: a47205dc0be244bddfad543e21998ce8 ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 111856] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 111856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "Sony Ericsson PC Suite"="d:\sony ericsson pc suite\SEPCSuite.exe" [2008-02-20 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-01 4112384] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-01 81920] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 111856] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "nwiz"="nwiz.exe" [2004-07-01 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-13 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-03 415072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\uTorrent.exe"= "d:\\Counter-Strike Source\\HL2.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "d:\\pecanje igrica\\Pro Bass Fishing 2003\\ProBass.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 15:50:32 61424] S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?] S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2004-07-26 55936] S4 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2004-07-26 45312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005f9780-99b7-11dd-a672-00016cd1d01e}] \Shell\Auto\command - setup.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c4e8f29-9865-11dd-b869-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder 2009-01-15 c:\windows\Tasks\RegTool Scan.job - c:\program files\RegTool\RegTool.exe [] 2009-01-15 c:\windows\Tasks\RegTool Scan.job - c:\program files\RegTool [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = uDefault_Search_URL = mStart Page = hxxp://home.sweetim.com mSearch Bar = mSearchMigratedDefaultURL = IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Nemanja\Application Data\Mozilla\Firefox\Profiles\f6tooetw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-16 00:18:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . ************************************************************************ . Completion time: 2009-01-16 0:20:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-15 23:20:41 ComboFix2.txt 2009-01-15 16:44:39 Pre-Run: 3,558,572,032 bytes free Post-Run: 3,548,684,288 bytes free 278

Profil

diarno Poslao: 16 Jan 2009 13:28 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zamolio bih te da uradis sledece : Spakuj u jedan ZIP ceo folder c:\QooBox\Quarantine i uploaduj mi taj ZIP preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

sanjar66 Poslao: 16 Jan 2009 16:00 Idi na vrh
offline sanjar66 Novi MyCity građanin Pridružio: 15 Jan 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslala sam.Nadam se da je dobro.

Profil

diarno Poslao: 16 Jan 2009 16:20 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro je. Ovo je sada OK.. Tako da nam ostaje samo da deinstaliramo Combofix : Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore PozZz

Profil

sanjar66 Poslao: 16 Jan 2009 17:43 Idi na vrh
offline sanjar66 Novi MyCity građanin Pridružio: 15 Jan 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala ti puno si nam pomogao.PoZZZ

Profil

MyCity » Ambulanta -> Arhiva Ambulante » upomoc

Ko je trenutno na forumu

Ukupno su 1259 korisnika na forumu :: 60 registrovanih, 6 sakrivenih i 1193 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, _Petar, A.R.Chafee.Jr., Aleksandar Tomić, aramis s, Atomski čoban, bokisha253, brundo65, BSD, Bubimir, cer, cinoeye, delrey, DPera, Excalibur13, flash12, Frunze, gmlale, HrcAk47, ivica976, JOntra, jukeboxer, Klecaviks, kokodakalo, Koridor, Kubovac, kunktator, ljuba, LUDI, Marko Marković, mercedesamg, Ne doznajem se u oružje, Nemanja.M, nemkea71, novator, nuke92, oldtimer, ozzy, pacika, pein, robert1979, rovac, sasa87, Shinobi, Sirius, SR-3m, Srki94, stegonosa, Toper, vladaa012, vladulns, vobo, voja64, wizzardone, Wrangler, yufighter, zeo, zixmix, zlaya011, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by