MyCity » Ambulanta -> Arhiva Ambulante » vlada

vlada

Napisano na dan: 23.11.2008
1

vlada
Sledeća strana Pagination

Idi na vrh

Poslao: 23 Nov 2008 17:03
Idi na vrh
offline
  • Pridružio: 29 Dec 2008
  • Poruke: 42
  • Gde živiš: Kragujevac

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:08, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Documents and Settings\XxX\Desktop\program\prg.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [10728480082136744852497218833827] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [Link mogu videti samo ulogovani korisnici]\Program Files\Book of Legends\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [Link mogu videti samo ulogovani korisnici]\Program Files\Book of Legends\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\windows\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe

--
End of file - 6804 bytes



Poslao: 23 Nov 2008 17:21
Idi na vrh
offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Pozdrav...

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

- Poželjno je da pre skeniranja ComboFix-om isključiš i taj Intelinet software koji poseduješ.

--------------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 23 Nov 2008 18:17
Idi na vrh
offline
  • Pridružio: 29 Dec 2008
  • Poruke: 42
  • Gde živiš: Kragujevac

ComboFix 08-11-22.02 - XxX 2008-11-23 17:37:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.48 [GMT 1:00]
Running from: c:\documents and settings\XxX\Application Data\Opera\Opera 9.5 beta\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\00A66A0A.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\3.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0008D1E5.bin
c:\program files\MyWebSearch\bar\Cache\0008D614.bin
c:\program files\MyWebSearch\bar\Cache\009B3580
c:\program files\MyWebSearch\bar\Cache\009B4833
c:\program files\MyWebSearch\bar\Cache\009B4ED9.bin
c:\program files\MyWebSearch\bar\Cache\009B5792.bin
c:\program files\MyWebSearch\bar\Cache\009B5BD6.bin
c:\program files\MyWebSearch\bar\Cache\009B5FB5.bin
c:\program files\MyWebSearch\bar\Cache\00D5C55E.bin
c:\program files\MyWebSearch\bar\Cache\00D5CABA.bin
c:\program files\MyWebSearch\bar\Cache\00D5D1E3.bin
c:\program files\MyWebSearch\bar\Cache\014DCE70
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
c:\windows\prefs_zb.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ieupdates.exe.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-22 23:41 . 2008-11-22 23:41 0 --a------ C:\proc.id
2008-11-22 23:41 . 2008-11-22 23:41 0 --a------ C:\asdasd.asdasd
2008-11-22 23:39 . 2008-11-22 23:48 <DIR> d-------- c:\program files\Intelinet
2008-11-22 22:47 . 2008-11-22 22:47 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-22 19:12 . 2008-11-22 19:12 <DIR> d-------- c:\documents and settings\XxX\Application Data\Gogii Games
2008-11-22 19:12 . 2008-11-22 19:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii Games
2008-11-22 19:07 . 2008-11-22 19:07 <DIR> d-------- c:\documents and settings\XxX\Application Data\SpinTop
2008-11-20 18:17 . 2008-11-20 18:17 <DIR> d-------- c:\program files\Fun Web Products
2008-11-20 16:21 . 2008-11-20 16:21 <DIR> d--hs---- c:\windows\ftpcache
2008-11-20 02:01 . 2008-11-20 02:12 <DIR> d-------- c:\program files\Trymedia
2008-11-20 00:41 . 2008-11-20 00:41 <DIR> d-------- c:\program files\ReflexiveArcade
2008-11-19 21:08 . 2008-11-19 21:09 <DIR> d-------- c:\documents and settings\XxX\Application Data\FirstColony
2008-11-18 17:27 . 2008-11-18 17:27 <DIR> d-------- c:\documents and settings\XxX\Application Data\Elladive3
2008-11-18 16:55 . 2008-11-18 16:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-18 16:39 . 2008-11-18 16:50 <DIR> d-------- c:\documents and settings\XxX\Application Data\flightgear.org
2008-11-18 12:41 . 2008-11-19 14:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-17 23:38 . 2008-11-17 23:38 <DIR> d-------- c:\documents and settings\XxX\Application Data\Pirates of the Atlantic
2008-11-17 20:14 . 2008-11-17 20:14 <DIR> d-------- c:\program files\AskSearch
2008-11-17 20:14 . 2008-11-17 20:14 <DIR> d-------- c:\program files\AskBarDis
2008-11-17 19:01 . 2008-11-17 19:01 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-17 19:00 . 2008-11-17 19:01 <DIR> d-------- c:\program files\QuickTime
2008-11-17 18:59 . 2008-11-17 18:59 <DIR> d-------- c:\program files\Apple Software Update
2008-11-10 23:00 . 2008-11-10 23:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-10 21:17 . 2008-11-10 21:17 <DIR> d-------- c:\documents and settings\XxX\Application Data\MSN6
2008-11-10 21:17 . 2008-11-10 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6
2008-11-10 21:05 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-10 21:04 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-10 21:03 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-10 21:02 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-10 21:01 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-10 21:01 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-10 21:01 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-10 21:01 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-10 20:54 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-10 20:52 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-10 20:52 . 2008-05-01 15:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-10 20:48 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-10 20:47 . 2008-11-10 23:03 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-08 20:51 . 2008-11-08 20:51 <DIR> d---s---- c:\documents and settings\XxX\UserData
2008-11-07 12:18 . 2008-11-10 08:33 <DIR> d-------- c:\documents and settings\XxX\Contacts
2008-11-07 12:17 . 2008-11-07 12:17 268 --ah----- C:\sqmdata05.sqm
2008-11-07 12:17 . 2008-11-07 12:17 244 --ah----- C:\sqmnoopt05.sqm
2008-11-06 14:38 . 2004-06-10 15:31 135,168 -ra------ c:\windows\UNDPX2A.exe
2008-11-06 14:38 . 2004-06-10 15:34 53,693 -ra------ c:\windows\UNDPX2A.sys
2008-11-06 14:38 . 2004-06-10 00:42 15,429 -ra------ c:\windows\system32\drivers\Sacm2A.sys
2008-11-05 18:30 . 2008-11-05 18:30 268 --ah----- C:\sqmdata04.sqm
2008-11-05 18:30 . 2008-11-05 18:30 244 --ah----- C:\sqmnoopt04.sqm
2008-11-04 17:55 . 2008-11-04 17:55 554 --a------ c:\windows\eReg.dat
2008-11-03 23:21 . 2008-11-03 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phenomedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 19:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-19 02:32 --------- d-----w c:\documents and settings\XxX\Application Data\Skype
2008-11-17 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-17 17:19 --------- d-----w c:\program files\Common Files\EasyInfo
2008-11-11 22:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 13:44 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-11 13:44 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-11 13:44 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-11-04 18:25 --------- d-----w c:\program files\Kodak
2008-11-03 22:47 --------- d-----w c:\program files\Codemasters
2008-11-03 21:20 --------- d-----w c:\documents and settings\XxX\Application Data\BSplayer Pro
2008-11-02 12:52 --------- d-----w c:\program files\3DO
2008-10-21 09:14 164,992 ----a-w c:\windows\system32\drivers\athsgt.sys
2008-10-21 09:14 12,544 ----a-w c:\windows\system32\drivers\limsgt.sys
2008-10-17 20:20 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-09-26 18:01 45 ----a-w c:\program files\Default.PLS
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 15:48 30 ----a-w c:\program files\PDVD_MediaDisc.PlayList
2008-09-01 13:02 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-09-01 13:02 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-09-01 13:02 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-08-31 11:39 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-22 21:37 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-22 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-22 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-11 1234712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\XxX\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-07-01 225280]
PowerReg Scheduler.exe [2008-06-04 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 16:16 37376 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2001-11-15 10:08 1216512 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"WmdmPmSp"=2 (0x2)
"usnjsvc"=3 (0x3)
"seclogon"=2 (0x2)
"Messenger"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"wscsvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-25 97928]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-17 464264]
R2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys [2008-10-21 164992]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-11 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-11 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-25 76040]
R2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys [2008-10-21 12544]
S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe [2008-11-22 861464]
S3 jswmidin;jswmidin;\??\c:\docume~1\XxX\LOCALS~1\Temp\jswmidin.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{383fe9e0-3602-11dd-9d62-d33464f57776}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Intelinet - c:\program files\Intelinet\Intelinet.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
MSConfigStartUp-DSS - c:\windows\dosocxpop32.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page =
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]
IE: &Search - [Link mogu videti samo ulogovani korisnici]

O16 -: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\stg_drm.ocx - O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
[Link mogu videti samo ulogovani korisnici]\program files\Book of Legends\Images\stg_drm.ocx

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
[Link mogu videti samo ulogovani korisnici]\program files\Book of Legends\Images\armhelper.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-11-23 17:42:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-23 17:47:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-23 16:47:16

Pre-Run: 837,541,888 bytes free
Post-Run: 2,202,054,656 bytes free

316 --- E O F --- 2008-11-10 22:03:48

Poslao: 24 Nov 2008 17:35
Idi na vrh
offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Izvini na čekanju...

- Obriši sledeći folder:
c:\program files\Intelinet

- Nakon toga, preuzmi [url=https://www.mycity.rs/must-login.png fajl. Pokreni ga dvoklikom i prihvati sa Yes.


Na kraju, reci mi kakvo je sada stanje. Ima li još nekih problema?

Poslao: 24 Nov 2008 23:31
Idi na vrh
offline
  • Pridružio: 29 Dec 2008
  • Poruke: 42
  • Gde živiš: Kragujevac

jer manuelno da ga obrisem?

Poslao: 24 Nov 2008 23:34
Idi na vrh
offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Selektuj folder, i pritisni kombinaciju tastera Shift + Delete.
Naravno, potvrdi sa Yes.

Nakon toga, isprati ostatak uputstva iz prethodnog posta, i reci mi kakvo je sada stanje...

Inače, folder brišeš manuelno jer je suvišno pisati skript i pokretati ComboFix zbog jednog foldera.

Poslao: 24 Nov 2008 23:38
Idi na vrh
offline
  • Pridružio: 29 Dec 2008
  • Poruke: 42
  • Gde živiš: Kragujevac

jel da ga iskopiram kod mene pa pokrenem ili kako?

Poslao: 24 Nov 2008 23:40
Idi na vrh
offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Jesi li obrisao onaj folder?


Preuzmi fajl sa sledeće lokacije (ako već nisi preuzeo iz posta iznad):
[Link mogu videti samo ulogovani korisnici]
Pokreni ga dvoklikom i prihvati sa Yes.

Poslao: 24 Nov 2008 23:41
Idi na vrh
offline
  • Pridružio: 29 Dec 2008
  • Poruke: 42
  • Gde živiš: Kragujevac

mislim na ovaj fajl sto si mi dao?

Poslao: 24 Nov 2008 23:42
Idi na vrh
offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Znam na koji fajl misliš, odgovorio sam ti u poruci iznad. Wink

MyCity » Ambulanta -> Arhiva Ambulante » vlada

Ko je trenutno na forumu
 

Ukupno su 1334 korisnika na forumu :: 178 registrovanih, 21 sakrivenih i 1135 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 015, 100ka, 357magnum, A.R.Chafee.Jr., Abebe Bikila, acov34, Ageofloneliness, AleksandarV, ALFASPORTIVO, AndrejPetar, arezina, asdfjklc, Asparagus, awathorn, Baba_Yagi_Antena, babaroga, bakos022, bbrasnjo3, Belac91, Bobrock1, boj.an, bojank, Bole72, Boroš, Borski1977, cemix, Centauro, Cian, CikaKURE, Crazzer, cvrle312, Czrweni, dankisha, darkkran, Darko8, darkojbn, DavidA, Denaya, Dimitrise93, Dioniss, djboj, djile1, Djole3621, Djota1, Dorcolac, Dovla 1980, draganl, dragoljub11987, dukajov, Dvojac005, Electron, Folkstar, Frunze, gagidjuric, gasazem, Gerilac, gorican, gregorxix, grunff2, Haris, havoc995, hyla, Igor Antonic, IQ116, istina, Istman, ivran064, jalos, JK, jodzula, Još malo pa deda, kendzo-andzo-boni-fju, kib, kolateralnasteta, Koridor, Kuroje, kybonacci, Lj_ubo, loon123, lucko1, luka35, mack8, Magarac, Magistar78, Malahit, Manjane, mantrox, Mare_cepare, Marko987, mat, Metanoja, mica6335, Michellefromrezistance, Miki01, mikki jons, Milan A. Nikolic, milenko crazy north, Milo97, MiroslavD, mist-mist, mix1, moldway, MrNo, nebidrag, neko_drugi, nevjerna beba, nick79, Nikolaa11, niksa517, Nmr, novator, OtacMakarije, padamacki, Panter, Piicoki, Polemarchoi, Posmatrac77OKB, Povratak1912, Prečanin30, Primus17, Prometeus, radoznao, raptorsi, raskoljnikov, Ray1973, Razdroid, ruma, Rusmir, samo opusteno, samocitam, Sančo, sap, sasovsky, savaskytec, Savkec, septembar, Sevetar, shota91, sickmouse, Sićko, Slingshot, Smiljke, solic, Srky Boy, Stanlio, stegonosa, Strasni JA, tachinni, tanakadzo, tecataki, Titan, tomigun, Topaz9, trajkoni018, Tribal, TRZH92, umpah-pah, varda, vargas, vathra, Vatreni Zmaj, Velizar Laro, VJ, Vlada1389, Vlado82, vojnik švejk, Vrač, vuksa72, XBMC, Yugol33, zlaya011, zmajbre, Zoran1959, zoran77, Žrnov, Čivi, 2001, 800077