MyCity » Ambulanta -> Arhiva Ambulante » Neznam kako da se rešim virusa!!!

Neznam kako da se rešim virusa!!!

Napisano na dan: 10.7.2009

Strana:
1
2

Neznam kako da se rešim virusa!!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Predox Poslao: 10 Jul 2009 22:26 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako možete da mi pomognete,neznam kako da se rešim virusa,imao sam slobodnog prostora preko 10GB.Odjednom mi izbaci upozorenje da slobodnog prostora nema ništa...brisao sam neke igrice kako bi stvorio slobodan prostor ali opez za manje od 2-3 sata piše da prostora nema nista...Pokušavao sam da nađem virus sa antivirusom ali mi nije uspijevalo i opet tako se ponavlja... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:28, on 10.7.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\vsnpstd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbappHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Korisnik\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60207 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60207 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - C:\DOCUME~1\Korisnik\Desktop\SONNER~1\toolbar.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stb0.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ?????? Google Update (gupdate1c9c1b8b9412aae) (gupdate1c9c1b8b9412aae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O24 - Desktop Component 0: (no name) - img.neogen.ro/common/foto/star_off1.gif -- End of file - 9799 bytes

Profil

dr_Bora Poslao: 11 Jul 2009 00:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

Predox Poslao: 11 Jul 2009 11:28 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: uradio sam to valjda...Bio sam sinoć stavio da skenira pa sam čekao do 4 sata i nije bilo skeniralo pa sam prekinu pa jutros ponovo to sve uradio... mycity.rs/must-login.png mycity.rs/must-login.png

Profil

dr_Bora Poslao: 11 Jul 2009 11:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Predox Poslao: 11 Jul 2009 12:13 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-09.08 - Korisnik 11.07.2009 11:47.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.201 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm13.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm130.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm1F7.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm332.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm38F.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm429.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm77.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm97.tmp c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\stb06759.tmp c:\program files\Internet Saving Optimizer c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe c:\program files\Media Access Startup c:\program files\Media Access Startup\1.3.0.790\Data\config.md c:\program files\Media Access Startup\1.3.0.790\FF\chrome.manifest c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul c:\program files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js c:\program files\Media Access Startup\1.3.0.790\FF\install.rdf c:\program files\Media Access Startup\1.3.0.790\HPCommon.dll c:\program files\Media Access Startup\1.3.0.790\HPIEAddOn.dll c:\program files\Media Access Startup\1.3.0.790\hppx.exe c:\program files\Media Access Startup\1.3.0.790\MAHelper.exe c:\program files\Media Access Startup\1.3.0.790\unins000.dat c:\program files\Media Access Startup\1.3.0.790\unins000.exe c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll c:\windows\clofghls.dll c:\windows\Installer\1002e27.msp c:\windows\Installer\100e4e4.msp c:\windows\Installer\100fe19.msp c:\windows\Installer\105f4da.msp c:\windows\Installer\108c000.msp c:\windows\Installer\109fc1a.msp c:\windows\Installer\10a2caf.msp c:\windows\Installer\10ca61b.msp c:\windows\Installer\10dd10f.msp c:\windows\Installer\1115265.msp c:\windows\Installer\1128b24.msp c:\windows\Installer\118087a.msp c:\windows\Installer\118c9b6.msp c:\windows\Installer\1192e7b.msp c:\windows\Installer\11b229a.msp c:\windows\Installer\11eb612.msp c:\windows\Installer\1233ddc.msp c:\windows\Installer\124c547.msp c:\windows\Installer\132e500.msp c:\windows\Installer\134a08b.msp c:\windows\Installer\13c5245.msp c:\windows\Installer\145161b.msp c:\windows\Installer\150a025.msp c:\windows\Installer\16d8e0.msp c:\windows\Installer\174225b.msp c:\windows\Installer\1744a94.msp c:\windows\Installer\1808939.msp c:\windows\Installer\18aaad9.msp c:\windows\Installer\1901c0a.msp c:\windows\Installer\1ac9170.msp c:\windows\Installer\1b0cb49.msp c:\windows\Installer\1b36f02.msp c:\windows\Installer\1b87a73.msp c:\windows\Installer\1bb63d0.msp c:\windows\Installer\1c1e6c.msp c:\windows\Installer\1cdc793.msp c:\windows\Installer\1e7b053.msp c:\windows\Installer\1ee3eac.msp c:\windows\Installer\204a191.msp c:\windows\Installer\22cd81f.msp c:\windows\Installer\23168b.msp c:\windows\Installer\2480ff5.msp c:\windows\Installer\27ad3.msp c:\windows\Installer\29001.msp c:\windows\Installer\29944a7.msp c:\windows\Installer\2cdbf1a.msp c:\windows\Installer\2e18d6a.msp c:\windows\Installer\2ed25.msp c:\windows\Installer\308db.msp c:\windows\Installer\30a1ad3.msp c:\windows\Installer\30d601a.msp c:\windows\Installer\3187b.msp c:\windows\Installer\31fb901.msp c:\windows\Installer\31fbe.msp c:\windows\Installer\3278e.msp c:\windows\Installer\32e0c8b.msp c:\windows\Installer\336447d.msp c:\windows\Installer\34b33.msp c:\windows\Installer\34e95e4.msp c:\windows\Installer\351b08.msp c:\windows\Installer\353711d.msp c:\windows\Installer\37010.msp c:\windows\Installer\3819649.msp c:\windows\Installer\381b03a.msp c:\windows\Installer\38965.msp c:\windows\Installer\38ca596.msp c:\windows\Installer\3ac99b3.msp c:\windows\Installer\3d533.msp c:\windows\Installer\3d7c3.msp c:\windows\Installer\3fbb6.msp c:\windows\Installer\3ff7f23.msp c:\windows\Installer\425c4.msp c:\windows\Installer\437d5.msp c:\windows\Installer\44c174a.msp c:\windows\Installer\471b2.msp c:\windows\Installer\488e57.msp c:\windows\Installer\48c5e.msp c:\windows\Installer\4e367.msp c:\windows\Installer\52daf.msp c:\windows\Installer\55a451.msp c:\windows\Installer\55a55a.msp c:\windows\Installer\571eb.msp c:\windows\Installer\5fae2.msp c:\windows\Installer\67a82.msp c:\windows\Installer\682de.msp c:\windows\Installer\6830ca.msp c:\windows\Installer\699607.msp c:\windows\Installer\6fcc9b.msp c:\windows\Installer\73474a.msp c:\windows\Installer\73bf78.msp c:\windows\Installer\73d16.msp c:\windows\Installer\75b608.msp c:\windows\Installer\760fa.msp c:\windows\Installer\7f13fb.msp c:\windows\Installer\800938.msp c:\windows\Installer\830cc4.msp c:\windows\Installer\83130d.msp c:\windows\Installer\87a6de.msp c:\windows\Installer\8e5bd9.msp c:\windows\Installer\9307e4.msp c:\windows\Installer\94337.msp c:\windows\Installer\9d9bb7.msp c:\windows\Installer\9e2f7b.msp c:\windows\Installer\a2087.msp c:\windows\Installer\a5e905.msp c:\windows\Installer\a72619.msp c:\windows\Installer\a7cd75.msp c:\windows\Installer\a89e52.msp c:\windows\Installer\aab839.msp c:\windows\Installer\ac7fab.msp c:\windows\Installer\b0331d.msp c:\windows\Installer\b07e30.msp c:\windows\Installer\b08b6f.msp c:\windows\Installer\b26465.msp c:\windows\Installer\b5340f.msp c:\windows\Installer\b89a6c.msp c:\windows\Installer\b9f837.msp c:\windows\Installer\bef61b.msp c:\windows\Installer\c01b81.msp c:\windows\Installer\c334b7.msp c:\windows\Installer\cea5ea.msp c:\windows\Installer\cff696.msp c:\windows\Installer\d33e5e.msp c:\windows\Installer\d3c2c1.msp c:\windows\Installer\d549ce.msp c:\windows\Installer\d5e5df.msp c:\windows\Installer\d9adc4.msp c:\windows\Installer\d9ceca.msp c:\windows\Installer\db2fe0.msp c:\windows\Installer\dbf65d.msp c:\windows\Installer\dd3286.msp c:\windows\Installer\dd6b88.msp c:\windows\Installer\e03343.msp c:\windows\Installer\e7751c.msp c:\windows\Installer\efd084.msp c:\windows\Installer\f1218d.msp c:\windows\Installer\f35b22.msp c:\windows\Installer\f76c45.msp c:\windows\Installer\fc839d.msp c:\windows\Installer\fce16d.msp . ((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 ))))))))))))))))))))))))))))))) . 2009-07-10 07:34 . 2009-07-10 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2E399 2009-07-09 13:30 . 2009-07-09 20:34 -------- d-----w- c:\windows\SxsCaPendDel 2009-07-08 21:23 . 2009-07-08 21:23 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer 2009-07-08 21:23 . 2009-07-08 21:23 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup 2009-07-08 21:22 . 2009-07-08 21:22 -------- d-----w- c:\program files\System Search Dispatcher 2009-07-08 21:22 . 2009-07-08 21:22 -------- d-----w- c:\program files\DoubleD 2009-07-08 21:21 . 2009-07-08 21:21 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\DoubleD 2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\18280 2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_E8C2EED12CBD54698B3A54.exe 2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6B7D9734814072B95063C9.exe 2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6FEFF9B68218417F98F549.exe 2009-07-01 17:41 . 2009-07-01 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\2D1DA 2009-07-01 17:38 . 2009-07-01 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\2A247 2009-06-23 05:03 . 2009-06-29 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-06-22 19:49 . 2009-06-22 19:49 -------- d-----w- c:\program files\Messenger Plus! Live . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-11 09:52 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DNA 2009-07-11 09:32 . 2008-05-16 14:20 -------- d-----w- c:\program files\DNA 2009-07-11 07:30 . 2008-11-21 08:14 -------- d-----w- c:\program files\Garena 2009-07-10 12:26 . 2008-05-04 15:06 -------- d-----w- c:\program files\Warcraft III 2009-07-10 07:11 . 2007-11-19 22:02 -------- d-----w- c:\program files\Real 2009-07-10 07:10 . 2007-10-29 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-09 13:28 . 2007-11-19 22:28 -------- d-----w- c:\program files\Java 2009-07-09 13:27 . 2007-11-21 21:15 -------- d-----w- c:\program files\DVDVideoSoft 2009-07-07 14:10 . 2009-04-25 16:23 -------- d-----w- c:\program files\Readon Technology 2009-07-06 12:40 . 2007-12-27 21:50 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BearShare 2009-06-06 22:26 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BitTorrent 2009-06-02 20:13 . 2009-06-02 20:11 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DC++ 2009-06-01 07:36 . 2009-06-01 07:36 390664 ----a-w- c:\documents and settings\Korisnik\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\program files\Avira 2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-04-25 16:23 . 2009-04-25 16:23 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{FD9C7AC3-B9C5-477D-A8C5-ECA0E29FD4D6}\_FDDFB6697B385D94A70E51.exe 2008-06-13 16:26 . 2008-06-13 16:04 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebcastTuner"="0 (0x0)" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-18 342848] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920] "AttuneClientEngine"="c:\progra~1\Aveo\Attune\bin\attune_ce.exe" [2000-07-24 356728] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.5.2009 10:56 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.3.2009 21:31 55152] S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp --> c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp [?] . Contents of the 'Scheduled Tasks' folder 2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05] 2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} mStart Page = hxxp://home.sweetim.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {03376FE4-C880-430D-9B93-7A555395C305} = 79.143.168.2 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-11 11:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run WebcastTuner = 63 scanning hidden files ... ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:65,2f,af,e6,6e,9a,a5,77,00,2d,08,be,90,df,bc,01,ec,64,72,a5,dd,43,1c, 54,85,49,ef,99,a9,07,91,5e,3c,4a,77,bb,d7,34,e4,bf,36,f3,47,67,91,50,c5,c3,\ "??"=hex:aa,ed,a4,c8,3a,0a,22,f4,49,6f,48,97,46,75,28,94 . Completion time: 2009-07-11 12:00 ComboFix-quarantined-files.txt 2009-07-11 09:59 Pre-Run: 9.450.684.416 bytes free Post-Run: 9.556.537.344 bytes free 313 --- E O F --- 2008-12-24 10:27

Profil

dr_Bora Poslao: 11 Jul 2009 12:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Control Panel > Add/Remove Programs i deinstaliraj (ukoliko je moguće) program: Attune (u pitanju je adware). ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: Folder:: c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup c:\program files\System Search Dispatcher c:\program files\DoubleD c:\documents and settings\Korisnik\Local Settings\Application Data\DoubleD c:\progra~1\Aveo DirLook:: c:\documents and settings\All Users\Application Data\2E399 c:\documents and settings\All Users\Application Data\18280 DDS:: uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AttuneClientEngine"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Predox Poslao: 11 Jul 2009 12:52 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-09.08 - Korisnik 11.07.2009 12:37.6.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.149 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Korisnik\Local Settings\Application Data\DoubleD c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090708-232342.566.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-073914.125.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-092440.187.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-104730.500.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-110152.031.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-110557.718.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-133429.703.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-141426.093.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-163048.296.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-163055.500.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-175409.078.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-224635.359.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-091343.312.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-105329.562.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-122921.453.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-142823.296.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-201345.890.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-225730.953.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-225732.703.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090711-014356.812.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090711-092938.484.log c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-232308.457.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-232341.972.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-073913.968.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-092439.484.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-104729.875.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-110151.937.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-110557.671.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-133428.546.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-141425.984.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-163048.140.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-163055.468.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-175408.906.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-224635.265.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-091343.031.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-105329.437.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-122921.328.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-142823.171.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-201345.359.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-225730.859.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-225732.687.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-014356.453.log c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-092938.343.log c:\program files\DoubleD c:\program files\System Search Dispatcher c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe . ((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 ))))))))))))))))))))))))))))))) . 2009-07-10 07:34 . 2009-07-10 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2E399 2009-07-09 13:30 . 2009-07-09 20:34 -------- d-----w- c:\windows\SxsCaPendDel 2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\18280 2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_E8C2EED12CBD54698B3A54.exe 2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6B7D9734814072B95063C9.exe 2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6FEFF9B68218417F98F549.exe 2009-07-01 17:41 . 2009-07-01 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\2D1DA 2009-07-01 17:38 . 2009-07-01 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\2A247 2009-06-23 05:03 . 2009-06-29 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-06-22 19:49 . 2009-06-22 19:49 -------- d-----w- c:\program files\Messenger Plus! Live . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-11 10:42 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DNA 2009-07-11 09:32 . 2008-05-16 14:20 -------- d-----w- c:\program files\DNA 2009-07-11 07:30 . 2008-11-21 08:14 -------- d-----w- c:\program files\Garena 2009-07-10 12:26 . 2008-05-04 15:06 -------- d-----w- c:\program files\Warcraft III 2009-07-10 07:11 . 2007-11-19 22:02 -------- d-----w- c:\program files\Real 2009-07-10 07:10 . 2007-10-29 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-09 13:28 . 2007-11-19 22:28 -------- d-----w- c:\program files\Java 2009-07-09 13:27 . 2007-11-21 21:15 -------- d-----w- c:\program files\DVDVideoSoft 2009-07-07 14:10 . 2009-04-25 16:23 -------- d-----w- c:\program files\Readon Technology 2009-07-06 12:40 . 2007-12-27 21:50 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BearShare 2009-06-06 22:26 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BitTorrent 2009-06-02 20:13 . 2009-06-02 20:11 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DC++ 2009-06-01 07:36 . 2009-06-01 07:36 390664 ----a-w- c:\documents and settings\Korisnik\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\program files\Avira 2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-04-25 16:23 . 2009-04-25 16:23 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{FD9C7AC3-B9C5-477D-A8C5-ECA0E29FD4D6}\_FDDFB6697B385D94A70E51.exe 2008-06-13 16:26 . 2008-06-13 16:04 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Application Data\18280 ---- 2009-07-08 13:50 . 2009-04-12 19:31 4983 ----a-w- c:\documents and settings\All Users\Application Data\18280\{8293E30E-0437-4024-82E1-7ABE89235138}.swf ---- Directory of c:\documents and settings\All Users\Application Data\2E399 ---- 2009-07-10 07:34 . 2009-04-12 19:31 4983 ----a-w- c:\documents and settings\All Users\Application Data\2E399\{AE506CA6-7284-4173-93C8-842A0A5364A3}.swf ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebcastTuner"="0 (0x0)" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-18 342848] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.5.2009 10:56 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.3.2009 21:31 55152] S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp --> c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp [?] . Contents of the 'Scheduled Tasks' folder 2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05] 2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} mStart Page = hxxp://home.sweetim.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {03376FE4-C880-430D-9B93-7A555395C305} = 79.143.168.2 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-11 12:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run WebcastTuner = 63 scanning hidden files ... ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:65,2f,af,e6,6e,9a,a5,77,00,2d,08,be,90,df,bc,01,ec,64,72,a5,dd,43,1c, 54,85,49,ef,99,a9,07,91,5e,3c,4a,77,bb,d7,34,e4,bf,36,f3,47,67,91,50,c5,c3,\ "??"=hex:aa,ed,a4,c8,3a,0a,22,f4,49,6f,48,97,46,75,28,94 . Completion time: 2009-07-11 12:48 ComboFix-quarantined-files.txt 2009-07-11 10:46 ComboFix2.txt 2009-07-11 10:00 Pre-Run: 9.550.876.672 bytes free Post-Run: 9.520.951.296 bytes free 188 --- E O F --- 2008-12-24 10:27

Profil

dr_Bora Poslao: 11 Jul 2009 13:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini na Desktop (desni klik pa Save as...): https://www.mycity.rs/must-login.png Dvoklikni na taj file i kada se pojavi upit, klikni Yes. Kakvo je sada stanje?

Profil

Predox Poslao: 11 Jul 2009 13:17 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obavio sam sve to...Šta sada treba da radim?

Profil

dr_Bora Poslao: 11 Jul 2009 14:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Treba da mi odgovoriš na ovo: Citat:Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Neznam kako da se rešim virusa!!!

Ko je trenutno na forumu

Ukupno su 1082 korisnika na forumu :: 2 registrovanih, 0 sakrivenih i 1080 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bigfoot, darkojbn

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by