MyCity » Ambulanta -> Arhiva Ambulante » neko mi je uhakovao facebook + usporen rad racunara

neko mi je uhakovao facebook + usporen rad racunara

Napisano na dan: 5.9.2012

Strana:
1
2

neko mi je uhakovao facebook + usporen rad racunara

Sledeća strana

Pagination

Odgovori

Strana:
1
2

kravman89 Poslao: 05 Sep 2012 15:02 Idi na vrh
offline kravman89 Građanin Pridružio: 29 Sep 2010 Poruke: 138	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Dakle, svim mojim prijateljima se poslao neki link ka sendspaceu..ne znam sta se dogadja.. uglavnom, evo logova, pa vidite, da, i nisam siguran za GMER da li je do kraja odradio posao, jer je prekinuo skeniranje sa informacijom, da je neko "ceprkao" po sistemskim fajlovima ROOTKIT..? DDS (Ver_09-07-30.01) - NTFSx86 Run by Stefan at 12:56:24.89 on Wed 09/05/2012 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1154 [GMT 2:00] AV: Kaspersky Anti-Virus On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\MPK\MPK.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MCShield\mcshieldrtm.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ROCCAT\Kone Mouse\osd.exe C:\WINDOWS\system32\rserver30\RServer3.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\rserver30\FamItrfc.Exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\plugin-container.exe E:\PROGRAMI\GDBack_FAT_NTFS_balkandownload.org\App\GetDataBack\ZA NE DAJ BOZE\dds.scr ============== Pseudo HJT Report =============== uStart Page = mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\MPK.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Kone] "c:\program files\roccat\kone mouse\KoneHID.EXE" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Bonus.SSR.FR11] "c:\program files\abbyy finereader 11\Bonus.ScreenshotReader.exe" /autorun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Windows Media DHCP] c:\windows\system32\wmpdr64.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: klogon - c:\windows\system32\klogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\stefan\applic~1\mozilla\firefox\profiles\hof9oxrw.default\ FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll ============= SERVICES / DRIVERS =============== R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2012-6-19 21624] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-6-20 565552] R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2010-4-21 46280] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296] R2 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\nero\nero mediahome 4\NMMediaServerService.exe [2010-10-29 517416] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-14 1262400] R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2010-4-21 1242480] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2012-3-6 38656] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2012-3-8 13056] R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2010-4-21 3328] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-14 250056] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-7-4 25088] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-14 114144] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2012-09-04 17:34 <DIR> --d----- C:\wamp 2012-09-03 21:14 262,144 ---sh--- c:\windows\system32\wmpdr64.exe 2012-09-01 19:32 <DIR> --d----- c:\program files\GRETECH 2012-08-25 04:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe 2012-08-24 23:19 <DIR> --d----- c:\docume~1\stefan\applic~1\ABBYY 2012-08-24 23:08 <DIR> --d----- c:\program files\ABBYY FineReader 11 2012-08-24 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ABBYY 2012-08-24 23:01 <DIR> --d----- c:\documents and settings\all users\Microsoft 2012-08-24 23:00 <DIR> --d----- c:\temp\ABBYY FineReader 11 2012-08-24 23:00 <DIR> --d----- C:\Temp 2012-08-24 22:59 <DIR> --d----- c:\program files\Microsoft Visual Studio 8 2012-08-24 22:57 <DIR> --d----- c:\program files\Microsoft Analysis Services 2012-08-24 22:56 <DIR> --d----- c:\windows\SHELLNEW 2012-08-17 22:03 587 a------- c:\windows\system32\runkgb.lnk 2012-08-17 22:03 <DIR> --dsh--- c:\windows\system32\MPK 2012-08-17 22:03 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\MPK 2012-08-15 21:16 10,264 a------- c:\windows\system32\nvinfo.pb 2012-08-14 19:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2012-08-14 19:56 65,536 a------- c:\windows\system32\OpenCL.dll 2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb1.bin 2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb0.bin 2012-08-14 19:56 1 a------- c:\windows\system32\nvdrssel.bin 2012-08-14 19:56 0 a------- c:\windows\system32\nvdrswr.lk 2012-08-14 19:56 883,008 a------- c:\windows\system32\nvgenco32.dll 2012-08-14 19:56 6,012,928 a------- c:\windows\system32\nvcuda.dll 2012-08-14 19:56 2,807,708 a------- c:\windows\system32\nvdata.data 2012-08-14 19:56 2,530,624 a------- c:\windows\system32\nvcuvid.dll 2012-08-14 19:56 2,445,120 a------- c:\windows\system32\nvcuvenc.dll 2012-08-14 19:56 1,000,768 a------- c:\windows\system32\nvdispco32.dll 2012-08-14 19:56 17,543,168 a------- c:\windows\system32\nvcompiler.dll 2012-08-14 19:55 <DIR> --d----- c:\program files\NVIDIA Corporation 2012-08-14 19:55 <DIR> --d----- C:\NVIDIA 2012-08-14 15:36 426,184 a------- c:\windows\system32\FlashPlayerApp.exe 2012-08-14 15:36 70,344 a------- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 15:32 <DIR> --d----- c:\program files\Mozilla Maintenance Service 2012-08-11 23:12 <DIR> --d--r-- c:\program files\Skype 2012-08-11 17:06 1,703,936 a------- c:\windows\system32\gdiplus.dll 2012-08-11 17:06 991,232 a------- c:\windows\system32\imageviewer2.ocx 2012-08-11 17:06 608,448 a------- c:\windows\system32\comctl32.ocx 2012-08-11 17:06 224,016 a------- c:\windows\system32\tabctl32.ocx 2012-08-11 17:06 200,704 a------- c:\windows\system32\threed32.ocx 2012-08-11 17:06 164,144 a------- c:\windows\system32\comct232.ocx 2012-08-11 17:06 151,552 a------- c:\windows\system32\ccrpfd6.ocx 2012-08-11 17:06 110,592 a------- c:\windows\system32\ccrpbds6.dll 2012-08-11 17:06 106,496 a------- c:\windows\system32\mbprgbar.ocx 2012-08-11 17:06 <DIR> --d----- c:\program files\PIXresizer 2012-08-09 00:34 <DIR> --d----- c:\documents and settings\stefan\VSWebCache 2012-08-08 22:15 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-08-08 22:14 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-08-08 22:13 <DIR> --d----- c:\windows\system32\RsFx 2012-08-08 22:08 <DIR> --d----- c:\program files\Microsoft SQL Server 2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft Synchronization Services 2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition 2012-08-08 22:00 <DIR> --d----- c:\program files\Microsoft ASP.NET 2012-08-08 22:00 <DIR> --d----- c:\program files\IIS 2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft F# 2012-08-08 21:51 <DIR> --d----- c:\program files\HTML Help Workshop 2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Visual Studio 10.0 2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Help Viewer 2012-08-08 21:51 <DIR> --d----- c:\program files\common files\Merge Modules 2012-08-08 21:42 165 a------- c:\windows\system32\spupdsvc.inf ==================== Find3M ==================== 2006-06-24 00:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe ============= FINISH: 12:56:57.20 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 05 Sep 2012 20:12 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, kravman89 Korak 1. Preuzmi program OTM na Desktop. Dvoklikom pokreni OTM.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:reg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe," :files C:\WINDOWS\system32\MPK c:\windows\system32\runkgb.lnk c:\documents and settings\all users\application data\MPK :commands [emptytemp] [purity] [emptyflash]` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. Korak 2. Preuzmi program CatchMe. Dvoklikom pokreni catchme.exe i klikni na tab Script. U (beli) prozor programa iskopiraj sledeći tekst: `C:\WINDOWS\system32\wmpdr64.exe` Klikni na dugme Run. Kada se pojavi poruka sa obaveštenjem, klikni na dugme OK. Po završetku procesa, na Desktopu će se nalaziti datoteka catchme.zip. Tu datoteku je neophodno postaviti (uploadovati) na forum preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php Korak 3. Kada završiš prethodna dva koraka, postavi mi svež DDS izveštaj. TwinHeadedEagle (AMFTim)

Profil

kravman89 Poslao: 05 Sep 2012 22:50 Idi na vrh
offline kravman89 Građanin Pridružio: 29 Sep 2010 Poruke: 138	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 05 Sep 2012 22:49 za catchme izbacuje error : script command not found... Dopuna: 05 Sep 2012 22:50 mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 06 Sep 2012 10:35 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1. Da probamo jos jednom. Preuzmi program CatchMe. Dvoklikom pokreni catchme.exe i klikni na tab Script. U (beli) prozor programa iskopiraj sledeći tekst: `files: C:\WINDOWS\system32\wmpdr64.exe` Klikni na dugme Run. Kada se pojavi poruka sa obaveštenjem, klikni na dugme OK. Po završetku procesa, na Desktopu će se nalaziti datoteka catchme.zip. Tu datoteku je neophodno postaviti (uploadovati) na forum preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php Drugi nacin je sledeci, ukoliko prvi ne radi: Potrebno je da ukljucis prikaz skrivenih fajlova, na ovaj nacin: Klikni Start taster (u levom donjem uglu). Izaberi My Computer. Selektuj Tools meni i klikni na Folder Options. Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders. Skini kvačicu sa Hide file extensions for known types. Skini kvačicu sa Hide protected operating system files (recommended). Klikni YES. Klikni OK. Uploaduj mi fajl preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php Klikneš na Choose File, pronađeš fajl i klikneš sa Upload. `C:\WINDOWS\system32\wmpdr64.exe` Korak 2. Zaboravio si da ispratiš treći korak u prethodnoj poruci? TwinHeadedEagle (AMFTim)

Profil

kravman89 Poslao: 06 Sep 2012 10:58 Idi na vrh
offline kravman89 Građanin Pridružio: 29 Sep 2010 Poruke: 138	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Sep 2012 10:50 ok, sad cu ovo da uradim, mada sam pokusavao da iskopiram komandu, i izbacuje mi error..nisam ti kacio svez dds, jer sam zaribao sa ovim catchme Evo za par minuta kacim sta sam uradio. Hvala ti. Dopuna: 06 Sep 2012 10:57 Uploadovao sam preko one forme (greska je bila sto nisam stavio files:: ranije, sada je sve bez problema proslo) posto ne znam koji dds, kacim oba... mycity.rs/must-login.png Dopuna: 06 Sep 2012 10:58 zaboravio sam drugi...evo drugog (attach) mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 06 Sep 2012 12:37 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1. Ponovo pokreni OTM.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Media DHCP"=- :files C:\WINDOWS\system32\wmpdr64.exe :commands [emptytemp]` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. Korak 2. Ponovo pokreni DDS i postavi svez izvestaj. Korak 3. Kakvo je sada stanje?

Profil

kravman89 Poslao: 06 Sep 2012 16:57 Idi na vrh
offline kravman89 Građanin Pridružio: 29 Sep 2010 Poruke: 138	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Sep 2012 16:54 mycity.rs/must-login.png DDS (Ver_09-07-30.01) - NTFSx86 Run by Stefan at 16:50:46.65 on Thu 09/06/2012 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1315 [GMT 2:00] AV: Kaspersky Anti-Virus On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MCShield\mcshieldrtm.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\ROCCAT\Kone Mouse\osd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rserver30\RServer3.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\rserver30\FamItrfc.Exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rserver30\FamItrf2.Exe E:\PROGRAMI\GDBack_FAT_NTFS_balkandownload.org\App\GetDataBack\ZA NE DAJ BOZE\dds.scr ============== Pseudo HJT Report =============== uStart Page = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Kone] "c:\program files\roccat\kone mouse\KoneHID.EXE" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Bonus.SSR.FR11] "c:\program files\abbyy finereader 11\Bonus.ScreenshotReader.exe" /autorun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [Windows Media DHCP] c:\windows\system32\wmpdr64.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: klogon - c:\windows\system32\klogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\stefan\applic~1\mozilla\firefox\profiles\hof9oxrw.default\ FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll ============= SERVICES / DRIVERS =============== R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2012-6-19 21624] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-6-20 565552] R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2010-4-21 46280] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-9-23 641832] R2 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\nero\nero mediahome 4\NMMediaServerService.exe [2010-10-29 517416] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-14 1262400] R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2010-4-21 1242480] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2012-3-6 38656] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2012-3-8 13056] R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2010-4-21 3328] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-14 250056] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-7-4 25088] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-14 114144] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2012-09-05 22:23 <DIR> --d----- C:\_OTM 2012-09-04 17:34 <DIR> --d----- C:\wamp 2012-09-01 19:32 <DIR> --d----- c:\program files\GRETECH 2012-08-25 04:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe 2012-08-24 23:19 <DIR> --d----- c:\docume~1\stefan\applic~1\ABBYY 2012-08-24 23:08 <DIR> --d----- c:\program files\ABBYY FineReader 11 2012-08-24 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ABBYY 2012-08-24 23:01 <DIR> --d----- c:\documents and settings\all users\Microsoft 2012-08-24 23:00 <DIR> --d----- c:\temp\ABBYY FineReader 11 2012-08-24 23:00 <DIR> --d----- C:\Temp 2012-08-24 22:59 <DIR> --d----- c:\program files\Microsoft Visual Studio 8 2012-08-24 22:57 <DIR> --d----- c:\program files\Microsoft Analysis Services 2012-08-24 22:56 <DIR> --d----- c:\windows\SHELLNEW 2012-08-15 21:16 10,264 a------- c:\windows\system32\nvinfo.pb 2012-08-14 19:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2012-08-14 19:56 65,536 a------- c:\windows\system32\OpenCL.dll 2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb1.bin 2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb0.bin 2012-08-14 19:56 1 a------- c:\windows\system32\nvdrssel.bin 2012-08-14 19:56 0 a------- c:\windows\system32\nvdrswr.lk 2012-08-14 19:56 883,008 a------- c:\windows\system32\nvgenco32.dll 2012-08-14 19:56 6,012,928 a------- c:\windows\system32\nvcuda.dll 2012-08-14 19:56 2,807,708 a------- c:\windows\system32\nvdata.data 2012-08-14 19:56 2,530,624 a------- c:\windows\system32\nvcuvid.dll 2012-08-14 19:56 2,445,120 a------- c:\windows\system32\nvcuvenc.dll 2012-08-14 19:56 1,000,768 a------- c:\windows\system32\nvdispco32.dll 2012-08-14 19:56 17,543,168 a------- c:\windows\system32\nvcompiler.dll 2012-08-14 19:55 <DIR> --d----- c:\program files\NVIDIA Corporation 2012-08-14 19:55 <DIR> --d----- C:\NVIDIA 2012-08-14 15:36 426,184 a------- c:\windows\system32\FlashPlayerApp.exe 2012-08-14 15:36 70,344 a------- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 15:32 <DIR> --d----- c:\program files\Mozilla Maintenance Service 2012-08-11 23:12 <DIR> --d--r-- c:\program files\Skype 2012-08-11 17:06 1,703,936 a------- c:\windows\system32\gdiplus.dll 2012-08-11 17:06 991,232 a------- c:\windows\system32\imageviewer2.ocx 2012-08-11 17:06 608,448 a------- c:\windows\system32\comctl32.ocx 2012-08-11 17:06 224,016 a------- c:\windows\system32\tabctl32.ocx 2012-08-11 17:06 200,704 a------- c:\windows\system32\threed32.ocx 2012-08-11 17:06 164,144 a------- c:\windows\system32\comct232.ocx 2012-08-11 17:06 151,552 a------- c:\windows\system32\ccrpfd6.ocx 2012-08-11 17:06 110,592 a------- c:\windows\system32\ccrpbds6.dll 2012-08-11 17:06 106,496 a------- c:\windows\system32\mbprgbar.ocx 2012-08-11 17:06 <DIR> --d----- c:\program files\PIXresizer 2012-08-09 00:34 <DIR> --d----- c:\documents and settings\stefan\VSWebCache 2012-08-08 22:15 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-08-08 22:14 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-08-08 22:13 <DIR> --d----- c:\windows\system32\RsFx 2012-08-08 22:08 <DIR> --d----- c:\program files\Microsoft SQL Server 2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft Synchronization Services 2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition 2012-08-08 22:00 <DIR> --d----- c:\program files\Microsoft ASP.NET 2012-08-08 22:00 <DIR> --d----- c:\program files\IIS 2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft F# 2012-08-08 21:51 <DIR> --d----- c:\program files\HTML Help Workshop 2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Visual Studio 10.0 2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Help Viewer 2012-08-08 21:51 <DIR> --d----- c:\program files\common files\Merge Modules 2012-08-08 21:42 165 a------- c:\windows\system32\spupdsvc.inf ==================== Find3M ==================== 2006-06-24 00:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe ============= FINISH: 16:51:11.00 =============== mycity.rs/must-login.png Dopuna: 06 Sep 2012 16:57 komp radi brze,. ne trokira pri ucitavanju stranica... hvala.r

Profil

TwinHeadedEagle Poslao: 06 Sep 2012 19:18 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:provjeriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obilježeni tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Profil

kravman89 Poslao: 08 Sep 2012 18:19 Idi na vrh
offline kravman89 Građanin Pridružio: 29 Sep 2010 Poruke: 138	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png ComboFix 12-09-08.02 - Stefan 09/08/2012 16:52:15.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1070 [GMT 2:00] Running from: c:\documents and settings\Stefan\My Documents\Downloads\ComboFix.exe AV: Kaspersky Anti-Virus Disabled/Outdated {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TheBflix c:\documents and settings\All Users\Application Data\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx c:\documents and settings\All Users\Application Data\TheBflix\background.html c:\documents and settings\All Users\Application Data\TheBflix\bhoclass.dll c:\documents and settings\All Users\Application Data\TheBflix\content.js c:\documents and settings\All Users\Application Data\TheBflix\data\content.js c:\documents and settings\All Users\Application Data\TheBflix\data\jsondb.js c:\documents and settings\All Users\Application Data\TheBflix\settings.ini c:\windows\pkunzip.pif c:\windows\pkzip.pif . . ((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 ))))))))))))))))))))))))))))))) . . 2012-09-05 20:23 . 2012-09-05 20:23 -------- d-----w- C:\_OTM 2012-09-04 15:34 . 2012-09-04 15:36 -------- d-----w- C:\wamp 2012-09-01 17:33 . 2012-09-01 17:33 -------- d-----w- c:\documents and settings\Stefan\Application Data\GRETECH 2012-09-01 17:32 . 2012-09-01 17:32 -------- d-----w- c:\program files\GRETECH 2012-08-31 04:19 . 2012-08-31 04:19 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-25 02:58 . 2012-08-25 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe 2012-08-24 21:19 . 2012-08-24 21:19 -------- d-----w- c:\documents and settings\Stefan\Application Data\ABBYY 2012-08-24 21:08 . 2012-08-24 21:18 -------- d-----w- c:\program files\ABBYY FineReader 11 2012-08-24 21:08 . 2012-08-24 21:08 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\ABBYY 2012-08-24 21:08 . 2012-08-24 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY 2012-08-24 21:01 . 2012-08-24 21:01 -------- d-----w- c:\documents and settings\All Users\Microsoft 2012-08-24 21:00 . 2012-08-24 21:00 -------- d-----w- C:\Temp 2012-08-24 20:59 . 2012-08-24 20:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-08-24 20:57 . 2012-08-24 20:57 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-08-24 20:56 . 2012-08-24 21:02 -------- d-----w- c:\windows\SHELLNEW 2012-08-24 20:56 . 2012-08-24 20:56 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\Microsoft Help 2012-08-24 20:56 . 2012-08-24 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2012-08-24 20:55 . 2012-08-24 20:55 -------- d-----r- C:\MSOCache 2012-08-18 05:05 . 2012-08-18 05:05 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\Identities 2012-08-16 16:03 . 2012-08-16 16:04 -------- d-----w- c:\documents and settings\Administrator 2012-08-14 17:58 . 2012-08-14 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2012-08-14 17:57 . 2012-08-14 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA 2012-08-14 17:57 . 2012-08-14 17:57 -------- d-----w- c:\documents and settings\UpdatusUser 2012-08-14 17:56 . 2012-05-15 10:18 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-08-14 17:56 . 2012-09-03 11:30 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-08-14 17:56 . 2012-09-03 11:30 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-08-14 17:56 . 2012-09-02 19:49 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-08-14 17:56 . 2012-05-15 10:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-08-14 17:56 . 2012-05-15 10:18 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-14 17:56 . 2012-05-15 10:18 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-14 17:56 . 2012-05-15 10:18 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-14 17:56 . 2012-05-15 10:18 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-08-14 17:56 . 2012-05-15 10:18 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-14 17:55 . 2012-08-15 19:17 -------- d-----w- c:\program files\NVIDIA Corporation 2012-08-14 17:55 . 2012-08-14 17:55 -------- d-----w- C:\NVIDIA 2012-08-14 13:36 . 2012-08-14 13:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 13:36 . 2012-08-14 13:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-14 13:32 . 2012-08-14 13:32 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\Mozilla 2012-08-14 13:32 . 2012-08-31 05:44 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-08-11 21:12 . 2012-09-06 08:52 -------- d-----w- c:\documents and settings\Stefan\Application Data\Skype 2012-08-11 21:12 . 2012-08-11 21:13 -------- d-----r- c:\program files\Skype 2012-08-11 21:12 . 2012-08-11 21:12 -------- d-----w- c:\program files\Common Files\Skype 2012-08-11 21:12 . 2012-08-31 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2012-08-11 15:06 . 2012-08-11 15:06 -------- d-----w- c:\program files\PIXresizer 2012-08-11 15:06 . 2007-04-14 23:05 991232 ----a-w- c:\windows\system32\imageviewer2.ocx 2012-08-11 15:06 . 2004-03-08 22:00 224016 ----a-w- c:\windows\system32\tabctl32.ocx 2012-08-11 15:06 . 2002-08-29 18:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll 2012-08-11 15:06 . 2000-07-09 17:15 106496 ----a-w- c:\windows\system32\mbprgbar.ocx 2012-08-11 15:06 . 2000-05-21 23:00 608448 ----a-w- c:\windows\system32\comctl32.ocx 2012-08-11 15:06 . 2000-05-01 22:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll 2012-08-11 15:06 . 1999-09-16 08:04 151552 ----a-w- c:\windows\system32\ccrpfd6.ocx 2012-08-11 15:06 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\comct232.ocx 2012-08-11 15:06 . 1996-01-11 23:00 200704 ----a-w- c:\windows\system32\threed32.ocx . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 19:31 . 2012-08-08 19:59 2018272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-08-08 19:59 . 2012-08-08 19:59 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll 2012-08-31 04:19 . 2012-08-14 13:31 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "Kone"="c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE" [2011-02-18 1666560] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Stefan^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Stefan\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 18:43 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4] 2010-10-29 14:59 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-05-10 22:03 1626112 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\Pes Serbia Patch 2012 - PES 2012.exe"= "c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"= "c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\Pes Serbia Patch 2012 - PES 2012 - Yair.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\wamp\\bin\\apache\\apache2.2.22\\bin\\httpd.exe"= . R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [6/19/2012 12:35 PM 21624] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 1:23 PM 11352] R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [4/21/2010 7:02 AM 46280] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [9/23/2011 6:37 PM 641832] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [8/14/2012 7:57 PM 1262400] R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [4/21/2010 7:02 AM 1242480] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/6/2012 7:28 PM 38656] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 6:34 PM 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472] R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [3/8/2012 5:00 PM 13056] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/14/2012 3:36 PM 250056] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/4/2012 10:31 PM 25088] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 5:51 PM 30963576] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8/14/2012 3:32 PM 114144] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 5:08 AM 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936] . Contents of the 'Scheduled Tasks' folder . 2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 13:36] . . ------- Supplementary Scan ------- . uStart Page = IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 109.122.98.116 109.122.98.117 FF - ProfilePath - c:\documents and settings\Stefan\Application Data\Mozilla\Firefox\Profiles\hof9oxrw.default\ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Windows Media DHCP - c:\windows\system32\wmpdr64.exe MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe MSConfigStartUp-chromium - c:\documents and settings\Stefan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe MSConfigStartUp-Flashget - c:\program files\FlashGet\flashget.exe MSConfigStartUp-Gainward - c:\windows\TBPanel.exe MSConfigStartUp-Google Update - c:\documents and settings\Stefan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe MSConfigStartUp-Plex Media Server - c:\program files\Plex\Plex Media Server\Plex Media Server.exe MSConfigStartUp-Unified Remote v2 - c:\program files\Unified Remote\RemoteServer.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2012-09-08 16:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . Completion time: 2012-09-08 16:57:36 ComboFix-quarantined-files.txt 2012-09-08 14:57 . Pre-Run: 16,701,845,504 bytes free Post-Run: 16,651,214,848 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 22F0100F806D083851FEAD387242EF1F

Profil

TwinHeadedEagle Poslao: 08 Sep 2012 22:07 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Jos jedan korak pa zavrsavamo Preuzmi na Desktop i pokreni sledeci fajl: https://www.mycity.rs/must-login.png Kada se pojavi obavestenje, klikni na Yes. Posle toga je potrebno da kliknes na OK i da restartujes racunar. ========================= Stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » neko mi je uhakovao facebook + usporen rad racunara

Ko je trenutno na forumu

Ukupno su 1073 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 1026 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AleksSE, ArchaBasha, arsa, bokisha253, dankisha, darkangel, djboj, DPera, dragoljub11987, FOX, Georgius, ILGromovnik, ivan1973, Krusarac, Kubovac, Libertas, ljuba, MB120mm, mercedesamg, Metanoja, Milan A. Nikolic, mile33, Milos ZA, Mitraljeta, nemkea71, Neutral-M, pein, Ripanjac, ruger357, S-lash, Shinobi, Skywhaler, stagezin, suton, Trpe Grozni, vathra, Vlada78, vobo, vrag81, yrraf, Zoca

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by