MyCity » Ambulanta -> Arhiva Ambulante » Takođe Hi - facebook virus

Takođe Hi - facebook virus

Napisano na dan: 20.8.2011

Strana:
1
2

Takođe Hi - facebook virus

Sledeća strana

Pagination

Odgovori

Strana:
1
2

wendy.mrs Poslao: 20 Avg 2011 13:07 Idi na vrh
offline wendy.mrs Građanin Pridružio: 29 Avg 2007 Poruke: 50 Gde živiš: vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Uh, ja se slabo razumem u sve ovo, ali pročitala sam uputstvo i daću sve od sebe. Normalno, kao i svi ostali, kliknula sam juče tamo gde ne treba na fejsu, otvorila YouTube , flash lplajer i pokupila virus. Meni je browser sve odgovore mojih prijatelja automatski preveo na srpski, pa nisam odmah uočila da je u stvari sve na engleskom. Možda bih se onda zapitala o čemu je tu reč. Ko zna. Za sada ne mogu jedino da pristupim facebooku i ne mogu da instaliram ni jedan antivirus program ( avast sam imala). Kada pokušam da uključim avast ili da očistim sistem, restartuje mi se komp. Mislim da se juče restartovao preko 20 puta dok sam pokušavala sve i svašta. Izbrisala sam av_ico gde se nalaze ikonice ??? ali ne vredi. Tu je opet. Muški svet oko mene me kritikuje što sam kliktala, kako nisam videla i sl. i predlaže da reinstaliram komp. ali sam to ostavila za kraj. Pa da pokušam makar još nešto pre toga. Pozdrav Imam ADSL konekciju i 64 bitni sistem i win. 7. mycity.rs/must-login.png

Profil

argus Poslao: 20 Avg 2011 14:24 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav wendy.mrs U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------ Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

wendy.mrs Poslao: 20 Avg 2011 15:19 Idi na vrh
offline wendy.mrs Građanin Pridružio: 29 Avg 2007 Poruke: 50 Gde živiš: vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-08-19.02 - Krstin 20.08.2011 14:52:27.1.1 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1014.241 [GMT 2:00] Running from: c:\users\Krstin\Desktop\ComboFix.exe SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\l1rezerv.exe c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\services32.exe c:\windows\sysdriver32.exe c:\windows\sysdriver32_.exe c:\windows\system32\drivers\etc\HSTS~1 c:\windows\Temp\1065810.exe c:\windows\Temp\77767112-loader2.exe c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.1\svchost.exe c:\windows\update.2 c:\windows\update.2\svchost.exe c:\windows\update.5.0 c:\windows\update.5.0\svchost.exe c:\windows\update.tray-15-0\svchost.exe c:\windows\update.tray-7-0\svchost.exe c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\winsetupapi.log D:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_srvbtcclient -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Service_wxpdrivers . . ((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 ))))))))))))))))))))))))))))))) . . 2011-08-20 13:00 . 2011-08-20 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-20 09:41 . 2011-08-20 09:45 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys 2011-08-20 08:32 . 2011-08-20 08:33 -------- d-----w- c:\windows\av_ico 2011-08-19 20:48 . 2011-08-20 07:59 -------- d-----w- c:\users\Krstin\AppData\Local\ElevatedDiagnostics 2011-08-19 16:10 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96318585-4060-4276-86C4-6B99FB930DF1}\mpengine.dll 2011-08-19 12:51 . 2011-08-19 12:52 -------- d--h--w- c:\windows\update.7.1 2011-08-19 09:12 . 2011-08-20 12:59 -------- d--h--w- c:\windows\update.tray-15-0 2011-08-19 09:12 . 2011-08-19 09:12 -------- d--h--w- c:\windows\update.tray-15-0-lnk 2011-08-19 09:08 . 2011-08-19 09:08 -------- d-----w- c:\windows\ufa 2011-08-19 09:05 . 2011-08-19 20:44 246272 ----a-w- c:\windows\unrar.exe 2011-08-19 09:00 . 2011-08-20 12:59 -------- d--h--w- c:\windows\update.tray-7-0 2011-08-19 09:00 . 2011-08-19 09:00 -------- d--h--w- c:\windows\update.tray-7-0-lnk 2011-08-10 18:18 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe 2011-08-10 18:17 . 2011-07-16 02:17 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-08-10 18:13 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 18:13 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 18:13 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-01 18:53 . 2011-08-01 18:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-07-29 09:42 . 2011-07-29 09:42 -------- d-----w- c:\users\Krstin\AppData\Roaming\Artweaver 2011-07-29 09:42 . 2011-07-29 09:42 -------- d-----w- c:\programdata\Artweaver 2011-07-28 10:17 . 2011-07-28 10:17 -------- d-----w- c:\users\Krstin\AppData\Local\Cyberlink 2011-07-27 18:58 . 2002-04-26 15:25 270336 ----a-w- c:\windows\eSellerateEngine.dll 2011-07-24 16:10 . 2011-07-24 16:10 -------- d-----w- c:\program files (x86)\Digital Photo Software 2011-07-24 15:49 . 2011-07-24 16:00 -------- d-----w- c:\users\Krstin\AppData\Roaming\PhotoFiltre . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-11 19:37 . 2011-05-13 18:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 04:26 . 2011-08-10 18:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-04 11:43 . 2011-07-02 08:59 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-05-13 21:00 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-07-04 11:43 . 2011-07-02 09:00 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-07-02 09:00 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-05-13 21:01 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-05-13 21:01 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2011-05-13 21:01 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-05-13 21:01 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2011-05-13 21:01 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-20 19:56 . 2011-06-20 19:56 0 ---ha-w- c:\users\Krstin\AppData\Local\BITA69A.tmp 2011-06-17 15:54 . 2011-06-17 15:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-06-17 15:53 . 2011-06-17 15:53 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-06-17 15:52 . 2011-06-17 15:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-06-17 15:52 . 2011-06-17 15:52 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-06-12 14:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-12 14:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-11 03:07 . 2011-07-13 09:32 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 17:14 . 2011-05-13 17:43 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 11:42 . 2011-06-29 11:38 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 11:38 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 11:38 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 11:38 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 11:38 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-13 39408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "RemoteControl9"="d:\powerdvd9\PDVD9Serv.exe" [2009-11-30 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-11-19 75048] "PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776] "CLMLServer"="c:\program files (x86)\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024] "PlayMovie"="c:\program files (x86)\CyberLink\PlayMovie\PMVService.exe" [2009-09-09 177384] "TVEService"="c:\program files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-09-30 226536] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\users\Krstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [N/A] OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176] R3 BlackBox;BlackBox SR2; [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/05/13 11:32];d:\powerdvd9\NavFilter\000.fcl [2009-11-30 01:41 146928] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112] S2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-19 382464] S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-30 464224] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-30 189792] . . Contents of the 'Scheduled Tasks' folder . 2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 18:09] . 2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.rs/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Krstin\AppData\Roaming\Mozilla\Firefox\Profiles\epsoeuao.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - google.rs FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p= . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-VoipBuster - c:\program files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe Wow6432Node-HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe Wow6432Node-HKLM-Run-tray_ico - (no file) Wow6432Node-HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe Wow6432Node-HKLM-Run-tray_ico1 - c:\windows\update.tray-15-0\svchost.exe Wow6432Node-HKLM-Run-tray_ico2 - (no file) Wow6432Node-HKLM-Run-tray_ico3 - (no file) Wow6432Node-HKLM-Run-tray_ico4 - (no file) Wow6432Node-HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe AddRemove-Aztec_Bricks_is1 - d:\korisnici\Public\IGRE\unins000.exe AddRemove-Opera 11.50.1009 - c:\program files (x86)\OperaNext\Opera.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\d:\powerdvd9\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Cyberlink\Shared Files\RichVideo.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Completion time: 2011-08-20 15:08:51 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-20 13:08 . Pre-Run: 9.859.817.472 bytes free Post-Run: 9.691.975.680 bytes free . - - End Of File - - 289192B8ABB931702D39DC594A35765E

Profil

argus Poslao: 20 Avg 2011 17:12 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: Folder:: c:\windows\av_ico c:\windows\update.7.1 c:\windows\update.tray-15-0 c:\windows\update.tray-15-0-lnk c:\windows\ufa c:\windows\update.tray-7-0 c:\windows\update.tray-7-0-lnk c:\program files (x86)\Common Files\Spigot c:\program files (x86)\Application Updater c:\configuration File:: c:\windows\unrar.exe c:\users\Krstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SearchSettings"=- RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

wendy.mrs Poslao: 20 Avg 2011 20:13 Idi na vrh
offline wendy.mrs Građanin Pridružio: 29 Avg 2007 Poruke: 50 Gde živiš: vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-08-19.02 - Krstin 20.08.2011 19:58:16.2.1 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1014.324 [GMT 2:00] Running from: c:\users\Krstin\Desktop\ComboFix.exe Command switches used :: c:\users\Krstin\Desktop\CFScript.txt SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Krstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\configuration c:\program files (x86)\Application Updater c:\program files (x86)\Application Updater\ApplicationUpdater.exe c:\program files (x86)\Application Updater\config.ini c:\program files (x86)\Common Files\Spigot c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\users\Krstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk c:\windows\av_ico c:\windows\av_ico\ico_avast_desktop.ico c:\windows\av_ico\ico_avast_start.ico c:\windows\av_ico\ico_defender_start.ico c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\unrar.exe c:\windows\update.7.1 c:\windows\update.7.1\svchostdriver.exe c:\windows\update.tray-15-0-lnk c:\windows\update.tray-15-0-lnk\svchost.exe c:\windows\update.tray-15-0 c:\windows\update.tray-7-0-lnk c:\windows\update.tray-7-0-lnk\svchost.exe c:\windows\update.tray-7-0 . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Application Updater -------\Service_ddservice -------\Service_Application Updater -------\Service_ddservice . . ((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 ))))))))))))))))))))))))))))))) . . 2011-08-20 09:41 . 2011-08-20 09:45 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys 2011-08-19 20:48 . 2011-08-20 07:59 -------- d-----w- c:\users\Krstin\AppData\Local\ElevatedDiagnostics 2011-08-19 16:10 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96318585-4060-4276-86C4-6B99FB930DF1}\mpengine.dll 2011-08-10 18:18 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe 2011-08-10 18:17 . 2011-07-16 02:17 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-08-10 18:13 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 18:13 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 18:13 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-01 18:53 . 2011-08-01 18:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-07-29 09:42 . 2011-07-29 09:42 -------- d-----w- c:\users\Krstin\AppData\Roaming\Artweaver 2011-07-29 09:42 . 2011-07-29 09:42 -------- d-----w- c:\programdata\Artweaver 2011-07-28 10:17 . 2011-07-28 10:17 -------- d-----w- c:\users\Krstin\AppData\Local\Cyberlink 2011-07-27 18:58 . 2002-04-26 15:25 270336 ----a-w- c:\windows\eSellerateEngine.dll 2011-07-24 16:10 . 2011-07-24 16:10 -------- d-----w- c:\program files (x86)\Digital Photo Software 2011-07-24 15:49 . 2011-07-24 16:00 -------- d-----w- c:\users\Krstin\AppData\Roaming\PhotoFiltre . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-11 19:37 . 2011-05-13 18:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 04:26 . 2011-08-10 18:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-04 11:43 . 2011-07-02 08:59 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-05-13 21:00 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-07-04 11:43 . 2011-07-02 09:00 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-07-02 09:00 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-05-13 21:01 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-05-13 21:01 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2011-05-13 21:01 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-05-13 21:01 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2011-05-13 21:01 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-20 19:56 . 2011-06-20 19:56 0 ---ha-w- c:\users\Krstin\AppData\Local\BITA69A.tmp 2011-06-17 15:54 . 2011-06-17 15:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-06-17 15:53 . 2011-06-17 15:53 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-06-17 15:52 . 2011-06-17 15:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-06-17 15:52 . 2011-06-17 15:52 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-06-12 14:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-12 14:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-11 03:07 . 2011-07-13 09:32 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 17:14 . 2011-05-13 17:43 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 11:42 . 2011-06-29 11:38 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 11:38 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 11:38 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 11:38 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 11:38 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-20_13.03.56 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-19 12:52 . 2011-08-20 17:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-08-19 12:52 . 2011-08-20 12:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:54 . 2011-08-20 17:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-08-20 12:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-20 06:16 . 2011-08-20 17:48 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082020110821\index.dat + 2009-07-14 04:54 . 2011-08-20 17:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-08-20 12:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-08-20 13:06 36810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-08-20 08:36 36810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-13 21:05 . 2011-08-20 13:06 10006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3300450850-426711534-3171325175-1000_UserData.bin - 2011-05-13 18:18 . 2011-08-20 12:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-13 18:18 . 2011-08-20 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-13 18:18 . 2011-08-20 12:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-13 18:18 . 2011-08-20 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-20 18:07 . 2011-08-20 18:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-20 13:03 . 2011-08-20 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-20 13:03 . 2011-08-20 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-20 18:07 . 2011-08-20 18:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-08-20 13:02 439784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-08-20 18:06 439784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:54 . 2011-08-20 17:48 1753088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-13 39408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "RemoteControl9"="d:\powerdvd9\PDVD9Serv.exe" [2009-11-30 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-11-19 75048] "PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776] "CLMLServer"="c:\program files (x86)\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024] "PlayMovie"="c:\program files (x86)\CyberLink\PlayMovie\PMVService.exe" [2009-09-09 177384] "TVEService"="c:\program files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-09-30 226536] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\users\Krstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176] R3 BlackBox;BlackBox SR2; [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/05/13 11:32];d:\powerdvd9\NavFilter\000.fcl [2009-11-30 01:41 146928] S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-30 464224] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-30 189792] . . Contents of the 'Scheduled Tasks' folder . 2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 18:09] . 2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] c:\program files\AVAST Software\Avast\ashShA64.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF12416.cfxxe" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.rs/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Krstin\AppData\Roaming\Mozilla\Firefox\Profiles\epsoeuao.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - google.rs FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p= . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\d:\powerdvd9\NavFilter\000.fcl" . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Cyberlink\Shared Files\RichVideo.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Completion time: 2011-08-20 20:12:49 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-20 18:12 ComboFix2.txt 2011-08-20 13:08 . Pre-Run: 9.754.771.456 bytes free Post-Run: 9.696.464.896 bytes free . - - End Of File - - F8C709DEF9AF944727213F27A79AF076

Profil

argus Poslao: 20 Avg 2011 20:21 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Kazi mi kakvo je stanje.

Profil

wendy.mrs Poslao: 20 Avg 2011 20:26 Idi na vrh
offline wendy.mrs Građanin Pridružio: 29 Avg 2007 Poruke: 50 Gde živiš: vojvodina	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Ej, odlično, nisam ni primetila da mogu da otvorim fejs. A jedino je to i bio problem.

Profil

argus Poslao: 20 Avg 2011 20:32 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Odlicno, a htela si da obaras sistem Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

wendy.mrs Poslao: 20 Avg 2011 21:05 Idi na vrh
offline wendy.mrs Građanin Pridružio: 29 Avg 2007 Poruke: 50 Gde živiš: vojvodina	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Napisano: 20 Avg 2011 21:02 Neverovatno. Nisam mislila da ću uspeti ovo da odradim. Svaka vam čast. Predpostavljam da treba da se rešim starog i instaliram nov antivirus i skeniram računar. Dopuna: 20 Avg 2011 21:03 Ma ja sam se ipak oslonila na vas. Pa... Dopuna: 20 Avg 2011 21:05 Obavljena i deinstalacija

Profil

argus Poslao: 20 Avg 2011 21:47 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Da, deinstaliraj stari i instaliraj novi AV. Pozdrav. Mozes isti antivirus.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Takođe Hi - facebook virus

Ko je trenutno na forumu

Ukupno su 1046 korisnika na forumu :: 43 registrovanih, 7 sakrivenih i 996 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AleksSE, amaterSRB, aramis s, armor, babaroga, banebeograd, bojanM84, cemix, darcaud, deimos25, Denaya, Dorcolac, draganl, dragoljub11987, DragoslavS, Duh sa sekirom, dule10savic, Dzoni90, FileFinder, Gargantua, JOntra, kenny74, kinez88, Koca Popovic, kuntalo, mercedesamg, milenko crazy north, milimoj, miodrag, Mirage 2000N, nebkv, oldtimer, Parker, pein, Petarvu, Povratak1912, raptorsi, RecA, Ripanjac, ruma, shone34, Srle993, ss10

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by