MyCity » Ambulanta -> Arhiva Ambulante » Blokira mi racunar !!!

Blokira mi racunar !!!

Napisano na dan: 22.9.2009

Strana:
1
2

Blokira mi racunar !!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Frosina19 Poslao: 22 Sep 2009 02:24 Idi na vrh
offline Frosina19 Novi MyCity građanin Pridružio: 22 Sep 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: DDS (Ver_09-07-30.01) - NTFSx86 Run by Frose at 1:57:56.25 on Tue 09/22/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.764 [GMT 2:00] AV: Symantec AntiVirus Corporate Edition On-access scanning enabled (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AutorunRemover\AutorunRemover.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Frose\Desktop\dds.scr ============== Pseudo HJT Report =============== mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [SoundMan] SOUNDMAN.EXE mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5 TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\frose\applic~1\mozilla\firefox\profiles\akogi327.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis FF - prefs.js: keyword.URL - ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-16 179856] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-19 603904] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-16 15504] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050412.023\naveng.sys [2009-9-21 73728] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050412.023\navex15.sys [2009-9-21 631040] S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-16 38496] S2 gstdygz;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608] =============== Created Last 30 ================ 2009-09-21 16:42 123,200 a------- c:\windows\system32\drivers\SYMEVENT.SYS 2009-09-21 16:42 91,856 a------- c:\windows\system32\S32EVNT1.DLL 2009-09-21 16:17 <DIR> --d----- c:\program files\Trend Micro 2009-09-20 17:30 25 a------- c:\windows\cdplayer.ini 2009-09-20 17:26 <DIR> --d----- c:\program files\common files\xing shared 2009-09-20 17:24 <DIR> --d----- c:\program files\common files\Real 2009-09-20 17:17 476,696 a------- C:\RealPlayer11GOLD.exe 2009-09-19 23:21 603,904 a------- c:\windows\system32\TUProgSt.exe 2009-09-19 23:21 27,904 a------- c:\windows\system32\uxtuneup.dll 2009-09-19 23:21 360,192 a------- c:\windows\system32\TuneUpDefragService.exe 2009-09-19 23:21 <DIR> --d----- c:\docume~1\frose\applic~1\TuneUp Software 2009-09-19 23:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software 2009-09-19 23:20 <DIR> --d----- c:\program files\TuneUp Utilities 2009 2009-09-19 13:03 1,240 a------- c:\windows\system32\nyovgbmmlh.pdf 2009-09-18 18:32 <DIR> --d----- c:\program files\uTorrent 2009-09-18 18:32 <DIR> --d----- c:\docume~1\frose\applic~1\uTorrent 2009-09-18 00:43 0 a------- c:\windows\system32\a 2009-09-16 18:34 42,496 a------- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-16 18:34 61,440 a------- c:\windows\system32\vuins32.dll 2009-09-16 18:34 <DIR> --d----- c:\windows\vnDrvBas 2009-09-16 18:01 <DIR> --d----- c:\windows\pss 2009-09-16 17:52 0 a------- c:\windows\vpc32.INI 2009-09-16 17:29 <DIR> --d----- c:\docume~1\frose\applic~1\Malwarebytes 2009-09-16 17:29 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-09-16 17:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 17:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-16 17:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-09-16 17:25 <DIR> --d----- c:\program files\Symantec 2009-09-16 17:25 <DIR> --d----- c:\program files\Symantec AntiVirus 2009-09-16 17:25 <DIR> --d----- c:\program files\common files\Symantec Shared 2009-09-16 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec 2009-09-16 16:54 <DIR> --d----- c:\windows\system32\appmgmt 2009-09-16 01:00 1,067 a------- c:\windows\system32\aajkzhshkk.pdf 2009-09-12 17:32 <DIR> --d----- c:\program files\AutorunRemover 2009-08-29 14:50 <DIR> --d----- c:\docume~1\frose\applic~1\BSplayer PRO 2009-08-29 13:51 <DIR> --d----- c:\docume~1\frose\applic~1\Samsung 2009-08-29 13:49 174,592 a------- c:\windows\system32\framedyn.dll 2009-08-29 13:49 137,884 a------- c:\windows\system32\drivers\sscdmdm.sys 2009-08-29 13:49 80,272 a------- c:\windows\system32\drivers\sscdbus.sys 2009-08-29 13:49 11,877 a------- c:\windows\system32\drivers\sscdcmnt.sys 2009-08-29 13:49 11,877 a------- c:\windows\system32\drivers\sscdcm.sys 2009-08-29 13:49 11,188 a------- c:\windows\system32\drivers\sscdwhnt.sys 2009-08-29 13:49 11,188 a------- c:\windows\system32\drivers\sscdwh.sys 2009-08-29 13:49 10,864 a------- c:\windows\system32\drivers\sscdmdfl.sys 2009-08-29 13:48 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers 2009-08-29 13:47 766 a------- c:\windows\system32\Uninstall.ico 2009-08-29 13:47 5,632 a------- c:\windows\system32\drivers\StarOpen.sys 2009-08-29 13:46 <DIR> --d----- c:\program files\Samsung 2009-08-28 15:39 20 a------- c:\windows\mafosav.INI 2009-08-25 19:19 1,067 a------- c:\windows\system32\tfayjyylkp.pdf 2009-08-25 19:18 1,067 a------- c:\windows\system32\aklkrbzqyb.pdf 2009-08-25 19:18 1,067 a------- c:\windows\system32\dfcjheilla.pdf 2009-08-25 19:18 1,067 a------- c:\windows\system32\qyjftbmvvo.pdf 2009-08-25 18:22 1,067 a------- c:\windows\system32\jzapopmyrl.pdf ==================== Find3M ==================== 2009-09-17 10:27 186,496 a---h--- c:\windows\system32\mlfcache.dat 2009-09-12 17:20 100 a------- c:\docume~1\alluse~1\applic~1\{0xffcc220x45aaff}.dat 2009-07-22 17:00 407,129 a------- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe 2009-07-20 00:59 4,096 a------- c:\windows\d3dx.dat 2009-06-17 12:34 56 ---shr-- c:\windows\system32\61A5AFCF43.sys 2009-06-17 12:34 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-04-14 06:41 164,746 a--shr-- c:\windows\system32\ntayhw.dll 2009-05-13 16:41 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-05-13 16:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-05-13 16:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051320090514\index.dat 2009-05-13 16:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 1:58:33.10 =============== mycity.rs/must-login.png

Profil

magna86 Poslao: 22 Sep 2009 04:35 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdravi i dobrodosao na MyCity Forum Ponovo procitaj temu Kako otvoriti temu u Ambulanti i po uputstvu odradi skeniranje sa Gmer-om

Profil

Frosina19 Poslao: 22 Sep 2009 17:23 Idi na vrh
offline Frosina19 Novi MyCity građanin Pridružio: 22 Sep 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Kompjuterot mi koce mnogu a po nekolku saati rabota (2-3) celosono se blokira, go restartiram i pak se isto. Ne mi dozvoluva nitu Update na antivirusot. Problemot mi se javi po formatiranje. mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

magna86 Poslao: 22 Sep 2009 17:42 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odradi sledece: Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Frosina19 Poslao: 22 Sep 2009 18:16 Idi na vrh
offline Frosina19 Novi MyCity građanin Pridružio: 22 Sep 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png ComboFix 09-09-21.04 - Frose 09/22/2009 17:55.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.216 [GMT 2:00] Running from: c:\documents and settings\Frose\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition On-access scanning disabled (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\a c:\windows\system32\mpxa.exe . ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-22 15:27 . 2009-09-22 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3 2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\Alawar Games 2009-09-22 11:55 . 2009-09-22 11:55 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Mozilla 2009-09-21 14:42 . 2005-04-01 18:36 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-09-21 14:42 . 2005-04-01 18:36 123200 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-09-21 14:17 . 2009-09-21 14:17 -------- d-----w- c:\program files\Trend Micro 2009-09-20 15:29 . 2009-09-20 15:29 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Real 2009-09-20 15:26 . 2009-09-20 15:26 -------- d-----w- c:\program files\Common Files\xing shared 2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\program files\Real 2009-09-20 15:24 . 2009-09-20 15:27 -------- d-----w- c:\program files\Common Files\Real 2009-09-20 15:21 . 2009-09-20 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-09-20 15:17 . 2009-09-20 15:17 476696 ----a-w- C:\RealPlayer11GOLD.exe 2009-09-19 21:21 . 2009-09-19 21:21 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-09-19 21:21 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll 2009-09-19 21:21 . 2009-09-19 21:21 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-19 21:21 . 2009-09-19 21:21 -------- d-----w- c:\documents and settings\Frose\Application Data\TuneUp Software 2009-09-19 21:20 . 2009-09-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-19 21:20 . 2009-09-19 21:21 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-09-18 16:32 . 2009-09-18 16:32 -------- d-----w- c:\program files\uTorrent 2009-09-18 16:32 . 2009-09-22 16:04 -------- d-----w- c:\documents and settings\Frose\Application Data\uTorrent 2009-09-18 13:04 . 2009-09-18 13:04 0 ----a-w- c:\windows\nsreg.dat 2009-09-18 13:04 . 2009-09-18 13:04 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Mozilla 2009-09-17 13:41 . 2009-09-17 13:41 -------- d-----w- c:\documents and settings\Menki\Contacts 2009-09-17 13:36 . 2009-09-17 13:36 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Symantec 2009-09-17 08:27 . 2009-09-22 14:00 -------- d-----w- c:\documents and settings\Frose\Application Data\skypePM 2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Help 2009-09-16 16:34 . 2005-03-18 08:39 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-16 16:34 . 2004-09-17 09:37 61440 ----a-w- c:\windows\system32\vuins32.dll 2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\windows\vnDrvBas 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Frose\Application Data\Malwarebytes 2009-09-16 15:29 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-16 15:29 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-16 15:28 . 2009-09-16 15:28 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Symantec 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Symantec 2009-09-16 15:25 . 2009-09-22 15:50 -------- d-----w- c:\program files\Symantec AntiVirus 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-12 15:32 . 2009-09-12 15:33 -------- d-----w- c:\program files\AutorunRemover 2009-08-29 12:50 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Frose\Application Data\BSplayer PRO 2009-08-29 11:51 . 2009-08-29 11:51 -------- d-----w- c:\documents and settings\Frose\Application Data\Samsung 2009-08-29 11:49 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll 2009-08-29 11:49 . 2005-12-22 10:24 137884 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2009-08-29 11:49 . 2005-12-22 10:24 10864 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2009-08-29 11:49 . 2005-12-22 10:24 80272 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2009-08-29 11:48 . 2009-08-29 11:48 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers 2009-08-29 11:47 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Samsung . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 16:03 . 2009-06-16 14:24 -------- d-----w- c:\documents and settings\Frose\Application Data\Skype 2009-09-22 13:04 . 2009-05-23 20:33 -------- d-----w- c:\documents and settings\Menki\Application Data\Skype 2009-09-22 00:30 . 2009-05-23 20:34 -------- d-----w- c:\documents and settings\Menki\Application Data\skypePM 2009-09-20 15:30 . 2009-05-23 20:33 -------- d-----w- c:\program files\Google 2009-09-17 17:32 . 2009-06-06 22:12 -------- d-----w- c:\documents and settings\Frose\Application Data\mIRC 2009-09-17 08:27 . 2009-06-13 17:17 186496 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-16 17:29 . 2009-07-19 23:09 -------- d-----w- c:\program files\Wonderland Adventures Demo 2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\program files\Lavasoft 2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-16 14:56 . 2009-07-19 23:02 -------- d-----w- c:\program files\Super Mario Blue Twilight DX 2009-09-16 14:56 . 2009-07-19 23:42 -------- d-----w- c:\program files\Telltale Games 2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever Toolbar 2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever 2009-09-16 14:55 . 2009-07-19 22:56 -------- d-----w- c:\program files\Jets'n'Guns GOLD Demo 2009-09-12 15:20 . 2009-07-19 22:59 100 ----a-w- c:\documents and settings\All Users\Application Data\{0xffcc220x45aaff}.dat 2009-09-12 15:17 . 2009-07-19 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-29 11:46 . 2009-05-13 14:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-29 11:44 . 2009-06-01 21:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-05 15:28 . 2009-08-05 15:17 -------- d-----w- c:\documents and settings\Menki\Application Data\BSplayer PRO 2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\documents and settings\Menki\Application Data\Corel 2009-08-05 15:17 . 2009-08-05 15:17 -------- d-----w- c:\program files\Webteh 2009-07-30 18:06 . 2009-07-30 18:06 -------- d-----w- c:\program files\Ubisoft 2009-07-30 18:05 . 2009-07-30 18:05 -------- d-----w- c:\documents and settings\Frose\Application Data\InstallShield 2009-07-22 15:00 . 2009-07-22 15:00 407129 ----a-w- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe 2009-07-19 22:59 . 2009-07-19 22:59 4096 ----a-w- c:\windows\d3dx.dat 2009-06-17 10:34 . 2009-06-17 10:34 56 --sh--r- c:\windows\system32\61A5AFCF43.sys 2009-06-17 10:34 . 2009-06-17 10:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 04:41 . 2008-04-14 04:41 164746 --sha-r- c:\windows\system32\ntayhw.dll . ------- Sigcheck ------- [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2008-04-14 04:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-18 288560] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-09-12 1257472] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-5-13 606208] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3495:TCP"= 3495:TCP:czvaehed R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2009 5:29 PM 179856] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/19/2009 11:21 PM 603904] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2009 5:29 PM 15504] S2 gstdygz;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 6:42 AM 14336] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608] --- Other Services/Drivers In Memory --- NewlyCreated - FXRIQPOG Deregistered - fxriqpog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp gstdygz . Contents of the 'Scheduled Tasks' folder 2009-09-22 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5 TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6 FF - ProfilePath - c:\documents and settings\Frose\Application Data\Mozilla\Firefox\Profiles\akogi327.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis FF - prefs.js: keyword.URL - . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\program files\Trend Micro\remover\HijackThis.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-22 18:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gstdygz] "ServiceDll"="c:\windows\system32\ntayhw.dll" . Completion time: 2009-09-22 18:09 ComboFix-quarantined-files.txt 2009-09-22 16:08 Pre-Run: 17,430,695,936 bytes free Post-Run: 17,818,750,976 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 219

Profil

magna86 Poslao: 22 Sep 2009 19:20 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronadji sledece fajlove: c:\windows\system32\nyovgbmmlh.pdf c:\windows\system32\aklkrbzqyb.pdf Upload-uj ih preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Javi kad odradis upload tih fajlova. ................................................................. Otvoriti Notepad i iskopirati sledeci tekst: `NetSvcs:: gstdygz Driver:: gstdygz File:: c:\windows\system32\ntayhw.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Frosina19 Poslao: 22 Sep 2009 19:58 Idi na vrh
offline Frosina19 Novi MyCity građanin Pridružio: 22 Sep 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 22 Sep 2009 19:56 mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 22 Sep 2009 19:58 ComboFix 09-09-22.01 - Frose 09/22/2009 19:38.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.793 [GMT 2:00] Running from: c:\documents and settings\Frose\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Frose\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition On-access scanning enabled (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} FILE :: "c:\windows\system32\ntayhw.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ntayhw.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GSTDYGZ -------\Service_gstdygz ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\wbem\snmp 2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\xircom 2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\program files\microsoft frontpage 2009-09-22 15:27 . 2009-09-22 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3 2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\Alawar Games 2009-09-22 11:55 . 2009-09-22 11:55 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Mozilla 2009-09-21 14:42 . 2005-04-01 18:36 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-09-21 14:42 . 2005-04-01 18:36 123200 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-09-21 14:17 . 2009-09-21 14:17 -------- d-----w- c:\program files\Trend Micro 2009-09-20 15:29 . 2009-09-20 15:29 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Real 2009-09-20 15:26 . 2009-09-20 15:26 -------- d-----w- c:\program files\Common Files\xing shared 2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\program files\Real 2009-09-20 15:24 . 2009-09-20 15:27 -------- d-----w- c:\program files\Common Files\Real 2009-09-20 15:21 . 2009-09-20 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-09-20 15:17 . 2009-09-20 15:17 476696 ----a-w- C:\RealPlayer11GOLD.exe 2009-09-19 21:21 . 2009-09-19 21:21 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-09-19 21:21 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll 2009-09-19 21:21 . 2009-09-19 21:21 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-19 21:21 . 2009-09-19 21:21 -------- d-----w- c:\documents and settings\Frose\Application Data\TuneUp Software 2009-09-19 21:20 . 2009-09-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-19 21:20 . 2009-09-19 21:21 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-09-18 16:32 . 2009-09-18 16:32 -------- d-----w- c:\program files\uTorrent 2009-09-18 16:32 . 2009-09-22 17:43 -------- d-----w- c:\documents and settings\Frose\Application Data\uTorrent 2009-09-18 13:04 . 2009-09-18 13:04 0 ----a-w- c:\windows\nsreg.dat 2009-09-18 13:04 . 2009-09-18 13:04 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Mozilla 2009-09-17 13:41 . 2009-09-17 13:41 -------- d-----w- c:\documents and settings\Menki\Contacts 2009-09-17 13:36 . 2009-09-17 13:36 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Symantec 2009-09-17 08:27 . 2009-09-22 14:00 -------- d-----w- c:\documents and settings\Frose\Application Data\skypePM 2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Help 2009-09-16 16:34 . 2005-03-18 08:39 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-16 16:34 . 2004-09-17 09:37 61440 ----a-w- c:\windows\system32\vuins32.dll 2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\windows\vnDrvBas 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Frose\Application Data\Malwarebytes 2009-09-16 15:29 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-16 15:29 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-16 15:28 . 2009-09-16 15:28 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Symantec 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Symantec 2009-09-16 15:25 . 2009-09-22 17:45 -------- d-----w- c:\program files\Symantec AntiVirus 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-12 15:32 . 2009-09-12 15:33 -------- d-----w- c:\program files\AutorunRemover 2009-08-29 12:50 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Frose\Application Data\BSplayer PRO 2009-08-29 11:51 . 2009-08-29 11:51 -------- d-----w- c:\documents and settings\Frose\Application Data\Samsung 2009-08-29 11:49 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll 2009-08-29 11:49 . 2005-12-22 10:24 137884 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2009-08-29 11:49 . 2005-12-22 10:24 10864 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2009-08-29 11:49 . 2005-12-22 10:24 80272 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2009-08-29 11:48 . 2009-08-29 11:48 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers 2009-08-29 11:47 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Samsung . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 17:30 . 2009-06-16 14:24 -------- d-----w- c:\documents and settings\Frose\Application Data\Skype 2009-09-22 17:24 . 2009-07-19 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-22 13:04 . 2009-05-23 20:33 -------- d-----w- c:\documents and settings\Menki\Application Data\Skype 2009-09-22 00:30 . 2009-05-23 20:34 -------- d-----w- c:\documents and settings\Menki\Application Data\skypePM 2009-09-20 15:30 . 2009-05-23 20:33 -------- d-----w- c:\program files\Google 2009-09-17 17:32 . 2009-06-06 22:12 -------- d-----w- c:\documents and settings\Frose\Application Data\mIRC 2009-09-17 08:27 . 2009-06-13 17:17 186496 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-16 17:29 . 2009-07-19 23:09 -------- d-----w- c:\program files\Wonderland Adventures Demo 2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\program files\Lavasoft 2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-16 14:56 . 2009-07-19 23:02 -------- d-----w- c:\program files\Super Mario Blue Twilight DX 2009-09-16 14:56 . 2009-07-19 23:42 -------- d-----w- c:\program files\Telltale Games 2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever Toolbar 2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever 2009-09-16 14:55 . 2009-07-19 22:56 -------- d-----w- c:\program files\Jets'n'Guns GOLD Demo 2009-09-12 15:20 . 2009-07-19 22:59 100 ----a-w- c:\documents and settings\All Users\Application Data\{0xffcc220x45aaff}.dat 2009-08-29 11:46 . 2009-05-13 14:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-29 11:44 . 2009-06-01 21:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-05 15:28 . 2009-08-05 15:17 -------- d-----w- c:\documents and settings\Menki\Application Data\BSplayer PRO 2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\documents and settings\Menki\Application Data\Corel 2009-08-05 15:17 . 2009-08-05 15:17 -------- d-----w- c:\program files\Webteh 2009-07-30 18:06 . 2009-07-30 18:06 -------- d-----w- c:\program files\Ubisoft 2009-07-30 18:05 . 2009-07-30 18:05 -------- d-----w- c:\documents and settings\Frose\Application Data\InstallShield 2009-07-22 15:00 . 2009-07-22 15:00 407129 ----a-w- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe 2009-07-19 22:59 . 2009-07-19 22:59 4096 ----a-w- c:\windows\d3dx.dat 2009-06-17 10:34 . 2009-06-17 10:34 56 --sh--r- c:\windows\system32\61A5AFCF43.sys 2009-06-17 10:34 . 2009-06-17 10:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-18 288560] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-09-12 1257472] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-5-13 606208] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3495:TCP"= 3495:TCP:czvaehed R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2009 5:29 PM 179856] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/19/2009 11:21 PM 603904] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2009 5:29 PM 15504] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-09-22 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5 TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6 FF - ProfilePath - c:\documents and settings\Frose\Application Data\Mozilla\Firefox\Profiles\akogi327.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis FF - prefs.js: keyword.URL - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-22 19:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2296) c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wscntfy.exe c:\program files\Symantec AntiVirus\DoScan.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2009-09-22 19:49 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-22 17:49 ComboFix2.txt 2009-09-22 16:09 Pre-Run: 17,869,799,424 bytes free Post-Run: 17,794,174,976 bytes free 198 mycity.rs/must-login.png

Profil

magna86 Poslao: 22 Sep 2009 21:20 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Te file-ove si trebao upload-ovati preko ovog linka: http://www.mycity.rs/ambulanta-upload.php No da mi privedemo ovo kraju... Privremeno iskljuci svoj AntiVirus! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3495:TCP"=- File:: c:\windows\system32\nyovgbmmlh.pdf c:\windows\system32\aajkzhshkk.pdf c:\windows\system32\tfayjyylkp.pdf c:\windows\system32\aklkrbzqyb.pdf c:\windows\system32\dfcjheilla.pdf c:\windows\system32\qyjftbmvvo.pdf c:\windows\system32\jzapopmyrl.pdf` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Frosina19 Poslao: 22 Sep 2009 21:34 Idi na vrh
offline Frosina19 Novi MyCity građanin Pridružio: 22 Sep 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 22 Sep 2009 21:33 Fajlovie se uploadirani pravilno. Dopuna: 22 Sep 2009 21:34 ComboFix 09-09-22.01 - Frose 09/22/2009 21:24.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.724 [GMT 2:00] Running from: c:\documents and settings\Frose\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Frose\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition On-access scanning disabled (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} FILE :: "c:\windows\system32\aajkzhshkk.pdf" "c:\windows\system32\aklkrbzqyb.pdf" "c:\windows\system32\dfcjheilla.pdf" "c:\windows\system32\jzapopmyrl.pdf" "c:\windows\system32\nyovgbmmlh.pdf" "c:\windows\system32\qyjftbmvvo.pdf" "c:\windows\system32\tfayjyylkp.pdf" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\aajkzhshkk.pdf c:\windows\system32\aklkrbzqyb.pdf c:\windows\system32\dfcjheilla.pdf c:\windows\system32\jzapopmyrl.pdf c:\windows\system32\nyovgbmmlh.pdf c:\windows\system32\qyjftbmvvo.pdf c:\windows\system32\tfayjyylkp.pdf . ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\wbem\snmp 2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\xircom 2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\program files\microsoft frontpage 2009-09-22 15:27 . 2009-09-22 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3 2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\Alawar Games 2009-09-22 11:55 . 2009-09-22 11:55 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Mozilla 2009-09-21 14:42 . 2005-04-01 18:36 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-09-21 14:42 . 2005-04-01 18:36 123200 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-09-21 14:17 . 2009-09-21 14:17 -------- d-----w- c:\program files\Trend Micro 2009-09-20 15:29 . 2009-09-20 15:29 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Real 2009-09-20 15:26 . 2009-09-20 15:26 -------- d-----w- c:\program files\Common Files\xing shared 2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\program files\Real 2009-09-20 15:24 . 2009-09-20 15:27 -------- d-----w- c:\program files\Common Files\Real 2009-09-20 15:21 . 2009-09-20 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-09-20 15:17 . 2009-09-20 15:17 476696 ----a-w- C:\RealPlayer11GOLD.exe 2009-09-19 21:21 . 2009-09-19 21:21 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-09-19 21:21 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll 2009-09-19 21:21 . 2009-09-19 21:21 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-19 21:21 . 2009-09-19 21:21 -------- d-----w- c:\documents and settings\Frose\Application Data\TuneUp Software 2009-09-19 21:20 . 2009-09-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-09-19 21:20 . 2009-09-19 21:21 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-09-18 16:32 . 2009-09-18 16:32 -------- d-----w- c:\program files\uTorrent 2009-09-18 16:32 . 2009-09-22 19:26 -------- d-----w- c:\documents and settings\Frose\Application Data\uTorrent 2009-09-18 13:04 . 2009-09-18 13:04 0 ----a-w- c:\windows\nsreg.dat 2009-09-18 13:04 . 2009-09-18 13:04 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Mozilla 2009-09-17 13:41 . 2009-09-17 13:41 -------- d-----w- c:\documents and settings\Menki\Contacts 2009-09-17 13:36 . 2009-09-17 13:36 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Symantec 2009-09-17 08:27 . 2009-09-22 17:47 -------- d-----w- c:\documents and settings\Frose\Application Data\skypePM 2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Help 2009-09-16 16:34 . 2005-03-18 08:39 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-16 16:34 . 2004-09-17 09:37 61440 ----a-w- c:\windows\system32\vuins32.dll 2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\windows\vnDrvBas 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Frose\Application Data\Malwarebytes 2009-09-16 15:29 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-16 15:29 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-16 15:28 . 2009-09-16 15:28 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Symantec 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Symantec 2009-09-16 15:25 . 2009-09-22 19:19 -------- d-----w- c:\program files\Symantec AntiVirus 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-12 15:32 . 2009-09-12 15:33 -------- d-----w- c:\program files\AutorunRemover 2009-08-29 12:50 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Frose\Application Data\BSplayer PRO 2009-08-29 11:51 . 2009-08-29 11:51 -------- d-----w- c:\documents and settings\Frose\Application Data\Samsung 2009-08-29 11:49 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll 2009-08-29 11:49 . 2005-12-22 10:24 137884 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2009-08-29 11:49 . 2005-12-22 10:24 10864 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2009-08-29 11:49 . 2005-12-22 10:24 80272 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2009-08-29 11:48 . 2009-08-29 11:48 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers 2009-08-29 11:47 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Samsung . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 18:46 . 2009-06-16 14:24 -------- d-----w- c:\documents and settings\Frose\Application Data\Skype 2009-09-22 17:24 . 2009-07-19 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-22 13:04 . 2009-05-23 20:33 -------- d-----w- c:\documents and settings\Menki\Application Data\Skype 2009-09-22 00:30 . 2009-05-23 20:34 -------- d-----w- c:\documents and settings\Menki\Application Data\skypePM 2009-09-20 15:30 . 2009-05-23 20:33 -------- d-----w- c:\program files\Google 2009-09-17 17:32 . 2009-06-06 22:12 -------- d-----w- c:\documents and settings\Frose\Application Data\mIRC 2009-09-17 08:27 . 2009-06-13 17:17 186496 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-16 17:29 . 2009-07-19 23:09 -------- d-----w- c:\program files\Wonderland Adventures Demo 2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\program files\Lavasoft 2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-16 14:56 . 2009-07-19 23:02 -------- d-----w- c:\program files\Super Mario Blue Twilight DX 2009-09-16 14:56 . 2009-07-19 23:42 -------- d-----w- c:\program files\Telltale Games 2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever Toolbar 2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever 2009-09-16 14:55 . 2009-07-19 22:56 -------- d-----w- c:\program files\Jets'n'Guns GOLD Demo 2009-09-12 15:20 . 2009-07-19 22:59 100 ----a-w- c:\documents and settings\All Users\Application Data\{0xffcc220x45aaff}.dat 2009-08-29 11:46 . 2009-05-13 14:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-29 11:44 . 2009-06-01 21:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-05 15:28 . 2009-08-05 15:17 -------- d-----w- c:\documents and settings\Menki\Application Data\BSplayer PRO 2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\documents and settings\Menki\Application Data\Corel 2009-08-05 15:17 . 2009-08-05 15:17 -------- d-----w- c:\program files\Webteh 2009-07-30 18:06 . 2009-07-30 18:06 -------- d-----w- c:\program files\Ubisoft 2009-07-30 18:05 . 2009-07-30 18:05 -------- d-----w- c:\documents and settings\Frose\Application Data\InstallShield 2009-07-22 15:00 . 2009-07-22 15:00 407129 ----a-w- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe 2009-07-19 22:59 . 2009-07-19 22:59 4096 ----a-w- c:\windows\d3dx.dat 2009-06-17 10:34 . 2009-06-17 10:34 56 --sh--r- c:\windows\system32\61A5AFCF43.sys 2009-06-17 10:34 . 2009-06-17 10:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-18 288560] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-09-12 1257472] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-5-13 606208] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2009 5:29 PM 179856] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/19/2009 11:21 PM 603904] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2009 5:29 PM 15504] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-09-22 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5 TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6 FF - ProfilePath - c:\documents and settings\Frose\Application Data\Mozilla\Firefox\Profiles\akogi327.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis FF - prefs.js: keyword.URL - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-22 21:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-09-22 21:28 ComboFix-quarantined-files.txt 2009-09-22 19:28 ComboFix2.txt 2009-09-22 17:49 ComboFix3.txt 2009-09-22 16:09 Pre-Run: 17,578,737,664 bytes free Post-Run: 17,570,926,592 bytes free 188 mycity.rs/must-login.png

Profil

magna86 Poslao: 22 Sep 2009 21:46 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok,reci mi kakvo je sad stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Blokira mi racunar !!!

Ko je trenutno na forumu

Ukupno su 1151 korisnika na forumu :: 48 registrovanih, 7 sakrivenih i 1096 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, bojan_t, bojankrstc, bokisha253, BraneS, darcaud, Denaya, doktor1964, DonRumataEstorski, draganl, GORDI, Griffon vulture, HrcAk47, ikan, Jakov01, JOntra, kikisp, Koridor, Kriglord, Kubovac, kunktator, kybonacci, LastTsar, ljuba, M1los, mercedesamg, MikeHammer, Milometer, milutin134, minmatar34957, Misirac, mocnijogurt, nenad81, Parker, perko91, Polemarchoi, Regrut Boskica, Simon simonović, Srky Boy, theNedjeljko, Tvrtko I, vukovi, Webb, zlatkoa987, zziko, Žrnov, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by