MyCity » Ambulanta -> Arhiva Ambulante » Wprm.AutoIt

Wprm.AutoIt

Napisano na dan: 25.10.2011

Strana:
1
2

Wprm.AutoIt

Sledeća strana

Pagination

Odgovori

Strana:
1
2

elzike7 Poslao: 25 Okt 2011 10:35 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pri dizanju racunara mi se otvarao Internet Explorer. Prozor je bio mali, stranica bela, jedino sam video naslov "redvase.bravenet.com...". Pustio sam AVG i MBAM i prozora vise nema. DDS kaze Avira Firewall ali njega nemam, imam samo Windows-ov. AVG "Object name";"C:\WINDOWS\CIDD_P\lsass.exe (3268-)" "Detection name";"File is running from an improper path" "Object type";"process" "SDK Type";"Core" "Result";"" "Action history";"" "Object name";"C:\WINDOWS\CIDD_P\lsass.exe" "Detection name";"File is running from an improper path" "Object type";"file" "SDK Type";"Core" "Result";"" "Action history";"" MBAM https://www.mycity.rs/must-login.png DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Nikola at 9:02:12 on 2011-10-25 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1918.1055 [GMT 2:00] . AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Avira FireWall Enabled . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\AVG\AVG2012\avgmfapx.exe C:\Program Files\AVG\AVG2012\avgmfapx.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.rs/ BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\users\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live pomagač za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot dRunOnce: [RunNarrator] Narrator.exe mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) mPolicies-explorer: NoSimpleStartMenu = 1 (0x1) mPolicies-explorer: StartMenuFavorites = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265113017140 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265113007281 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kole017\application data\mozilla\firefox\profiles\tt8evuvw.default\ FF - prefs.js: browser.startup.homepage - www.google.rs FF - prefs.js: keyword.URL - hxxp://www.google.rs/#sclient=psy&hl=sr&site=&source=hp&q= . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . . ==================== Find3M ==================== . . ============= FINISH: 9:03:21,00 =============== https://www.mycity.rs/must-login.png RootRepeal https://www.mycity.rs/must-login.png

Profil

Fil Poslao: 25 Okt 2011 15:21 Idi na vrh
offline Fil Legendarni građanin Pridružio: 11 Jun 2009 Poruke: 16586	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, kole017 Preuzmi program RSIT na Desktop: 32-bit: http://images.malwareremoval.com/random/RSIT.exe 32-bit: http://randomsdomain.co.uk/downloads/RSIT.exe 64-bit: http://images.malwareremoval.com/random/RSITx64.exe 64-bit: http://randomsdomain.co.uk/downloads/RSITx64.exe Pokreni ga dvoklikom a zatim klikni Continue. Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba). Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

Profil

elzike7 Poslao: 26 Okt 2011 08:03 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of random's system information tool 1.09 (written by random/random) Run by Nikola at 2011-10-26 08:02:14 Microsoft Windows XP Professional Service Pack 2 System drive C: has 45 GB (45%) free of 100 GB Total RAM: 1918 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:02:38, on 26.10.2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\kole017\Desktop\RSIT.exe C:\Program Files\trend micro\Nikola.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll (file missing) O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1645522239-2147080141-839522115-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1645522239-2147080141-839522115-1010\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....5113017140 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....5113007281 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- End of file - 6971 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2147080141-839522115-1005Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2147080141-839522115-1005UA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1003.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1004.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1005.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1006.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1009.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1003.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1004.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1005.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1009.job =========Mozilla firefox========= ProfilePath - C:\Users\kole017\Application Data\Mozilla\Firefox\Profiles\tt8evuvw.default prefs.js - "browser.search.useDBForOrder" - true prefs.js - "browser.startup.homepage" - "www.google.rs" prefs.js - "extensions.enabledItems" - "yyginstantplay@yoyogames.com:1.1.0.24, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" prefs.js - "keyword.URL" - "http://www.google.rs/#sclient=psy&hl=sr&site=&source=hp&q=" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\ "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669] "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669] "Description"=RealJukebox Netscape Plugin "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669] "Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In "Path"=C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669] "Description"=RealPlayer(tm) HTML5VideoShim Plug-In "Path"=C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669] "Description"=12.0.1.669 "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] "Description"=Yahoo! activeX Plug-in Bridge "Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ npdeployJava1.dll npFoxitReaderPlugin.dll NPOFFICE.DLL nppl3260.dll nppl3260.xpt npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll nprjplug.dll nprpjplug.dll nsjsrealplayerplugin.xpt QuickTimePlugin.class C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml wikipedia.xml yahoo.xml C:\Users\kole017\Application Data\Mozilla\Firefox\Profiles\tt8evuvw.default\extensions\ {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-05 414416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-09-27 2179936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live pomagač za prijavljivanje - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872] "AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-09-23 2404704] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-08-03 13892200] "TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-10-05 273528] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\\Phone\Skype.exe [2011-06-15 15141768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-07-08 202256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe [2006-06-08 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"=1 "NoSimpleStartMenu"=1 "StartMenuFavorites"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe::Enabled:Skype Extras Manager" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Users\All Users\Application Data\YoYoGames\yoyo61.exe"="C:\Users\All Users\Application Data\YoYoGames\yoyo61.exe::Disabled:YoYo Games Player" "C:\Program Files\FarStone\VirtualDrivePro\MGR.exe"="C:\Program Files\FarStone\VirtualDrivePro\MGR.exe::Disabled:VirtualDrive MGR" "C:\Users\kole017\Local Settings\temp\gm_ttt_68220\chat.exe"="C:\Users\kole017\Local Settings\temp\gm_ttt_68220\chat.exe::Enabled:chat" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\Users\kole017\Local Settings\temp\gm_ttt_89568\chat.exe"="C:\Users\kole017\Local Settings\temp\gm_ttt_89568\chat.exe::Enabled:chat" "C:\Users\kole017\desktop\dasda\freeciv-server.exe"="C:\Users\kole017\desktop\dasda\freeciv-server.exe::Enabled:freeciv-server" "C:\Users\kole017\desktop\rf.exe"="C:\Users\kole017\desktop\rf.exe::Disabled:rf" "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe::Enabled:Java(TM) Platform SE binary" "C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe::Enabled:Google Earth" "C:\Program Files\WinPcap\rpcapd.exe"="C:\Program Files\WinPcap\rpcapd.exe::Disabled:Remote Packet Capture Daemon" "C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe::Enabled:AVG Installer" "C:\Users\kole017\desktop\New Folder\Steam.exe"="C:\Users\kole017\desktop\New Folder\Steam.exe::Enabled:Steam" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe::Enabled:Java(TM) Platform SE binary" "C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe::Enabled:AVG Installer" "C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe::Enabled:Online Shield" "C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe::Enabled:AVG Diagnostics 2012" "C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe::Enabled:Personal E-mail Scanner" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "msacm.siren"=sirenacm.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "vidc.xvid"=xvidvfw.dll "VIDC.MPG4"=mpg4c32.dll "VIDC.MP42"=mpg4c32.dll "VIDC.DIVX"=divx.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm "VIDC.FFDS"=ff_vfw.dll "MSVideo8"=VfWWDM32.dll "vidc.tscc"=tsccvid.dll "wave1"=wdmaud.drv "mixer1"=wdmaud.drv ======File associations====== .bat - edit - .cmd - edit - .ini - open - notepad.exe %1 .js - edit - .reg - edit - .txt - open - notepad.exe %1 .vbs - edit - ======List of files/folders created in the last 1 month====== 2063-09-19 07:50:50 ----A---- C:\WINDOWS\system32\rtclmg32.dll 2011-10-26 08:02:15 ----D---- C:\Program Files\trend micro 2011-10-26 08:02:14 ----D---- C:\rsit 2011-10-24 21:38:03 ----D---- C:\Users\kole017\Application Data\NVIDIA 2011-10-24 21:05:52 ----D---- C:\CodeBlocks 2011-10-23 13:11:58 ----D---- C:\Users\kole017\Application Data\SharpReader 2011-10-23 08:51:25 ----D---- C:\Users\kole017\Application Data\Workrave 2011-10-17 23:36:44 ----RSHD---- C:\WINDOWS\configuration 2011-10-13 18:37:10 ----D---- C:\Users\kole017\Application Data\AVG2012 2011-10-13 18:36:18 ----D---- C:\Users\All Users\Application Data\AVG2012 2011-10-05 17:56:31 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2011-10-05 17:56:26 ----A---- C:\WINDOWS\system32\pndx5032.dll 2011-10-05 17:56:26 ----A---- C:\WINDOWS\system32\pndx5016.dll 2011-10-05 17:56:25 ----A---- C:\WINDOWS\system32\pncrt.dll ======List of files/folders modified in the last 1 month====== 2011-10-26 08:02:15 ----RD---- C:\Program Files 2011-10-26 08:01:36 ----D---- C:\WINDOWS\system32\CatRoot2 2011-10-26 07:59:42 ----D---- C:\WINDOWS\temp 2011-10-26 00:01:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-10-25 23:30:11 ----SD---- C:\WINDOWS\Tasks 2011-10-25 23:17:31 ----D---- C:\Users\All Users\Application Data\MFAData 2011-10-25 23:17:29 ----D---- C:\WINDOWS\system32\drivers\AVG 2011-10-25 10:39:37 ----D---- C:\Users 2011-10-25 10:27:43 ----D---- C:\Users\kole017\Application Data\codeblocks 2011-10-25 10:17:55 ----D---- C:\WINDOWS\system32\drivers 2011-10-25 09:04:57 ----SHD---- C:\WINDOWS\Installer 2011-10-25 09:04:40 ----D---- C:\WINDOWS\system32\dllcache 2011-10-25 09:04:35 ----D---- C:\WINDOWS\system32 2011-10-25 08:53:57 ----D---- C:\WINDOWS 2011-10-25 07:42:56 ----D---- C:\Program Files\JDownloader 2011-10-25 00:20:03 ----D---- C:\APOGON 2011-10-24 21:36:06 ----HD---- C:\Program Files\InstallShield Installation Information 2011-10-24 21:15:16 ----D---- C:\WINDOWS\Prefetch 2011-10-24 14:19:48 ----D---- C:\WINDOWS\system32\Macromed 2011-10-23 08:26:20 ----D---- C:\Users\kole017\Application Data\Macromedia 2011-10-20 07:06:17 ----HD---- C:\WINDOWS\inf 2011-10-13 18:35:39 ----D---- C:\Program Files\AVG 2011-10-08 19:04:11 ----D---- C:\Users\kole017\Application Data\Skype 2011-10-05 17:57:04 ----D---- C:\Users\kole017\Application Data\Real 2011-10-05 17:56:47 ----D---- C:\Program Files\Real 2011-10-05 17:56:24 ----A---- C:\WINDOWS\system32\msvcr71.dll 2011-10-05 17:56:24 ----A---- C:\WINDOWS\system32\msvcp71.dll 2011-10-05 17:51:09 ----D---- C:\Program Files\Glary Utilities 2011-10-05 17:50:08 ----D---- C:\Program Files\Common Files\Real 2011-10-02 18:44:37 ----D---- C:\Program Files\Mozilla Firefox 2011-09-29 15:44:20 ----SHD---- C:\System Volume Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-08-18 436792] R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864] R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-07-11 229840] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016] R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-09-01 165376] R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-09-01 18048] R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336] R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608] R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720] R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2003-08-07 10899] R3 FVDSCSI;FVDSCSI; C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2003-08-09 60008] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-07-12 1389056] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-08-03 12542592] R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-26 17792] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-07-12 279680] S0x02000000 OMSCAN;OMSCAN; \Sys [] S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [] S3 aejbueis;aejbueis; C:\WINDOWS\system32\drivers\aejbueis.sys [] S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-01-17 1331136] S3 CA561;VideoCAM Express V2; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-09-30 119798] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 FXDrv32;FXDrv32; \??\F:\FXDrv32.sys [] S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys [] S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064] S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2011-01-15 30208] S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248] R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-08-03 146024] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-08 136176] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-04 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-08 136176] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-12-31 89136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Profil

Fil Poslao: 26 Okt 2011 22:15 Idi na vrh
offline Fil Legendarni građanin Pridružio: 11 Jun 2009 Poruke: 16586	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi na forum, preko ovog linka: http://www.mycity.rs/ambulanta-upload.php , sledeću datoteku: Citat:C:\WINDOWS\system32\drivers\aejbueis.sys Ukoliko ne možeš da nađeš datoteku na toj putanji, isprati uputstvo sa sledećeg linka, za prikazivanje skrivenih datoteka: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html

Profil

elzike7 Poslao: 27 Okt 2011 08:12 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne mogu da je nadjem nikako.

Profil

Fil Poslao: 27 Okt 2011 22:03 Idi na vrh
offline Fil Legendarni građanin Pridružio: 11 Jun 2009 Poruke: 16586	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: `Drivers to delete: aejbueis Files to delete: C:\WINDOWS\system32\drivers\aejbueis.sys Folders to delete: C:\WINDOWS\configuration` Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. Okači svež DDS log (procedura za DDS je objašnjena u uputstvu za otvaranje teme u Ambulanti)

Profil

elzike7 Poslao: 29 Okt 2011 10:19 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 29 Okt 2011 8:31 Postavio bi ja log ranije... Infekcija je dosla putem fleske. Fazon je sto niko ne prepoznaje crva. Ja vidim taj "folder" sa .exe, ali oni (AVG, MBAM) coravi. Dzaba cistim flesku kad ce ponovo da se napuni. Meni sad treba nesto da cisti tog crva. Oce li MCShield da ga sredi? Avast (mnogo je lepsi od AVG , AVG otiso na odmor): http://www.mycity.rs/slika.php?slika=150045_52794926_untitled.PNG MBAM: https://www.mycity.rs/must-login.png The Avanger: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\aejbueis" not found! Deletion of driver "aejbueis" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\aejbueis.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\aejbueis.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "C:\WINDOWS\configuration" deleted successfully. Completed script processing. ***************** Finished! Terminate. DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Nikola at 8:27:58 on 2011-10-29 . ============== Running Processes =============== . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MCShield\MCShieldRTM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\kole017\Desktop\dds.scr C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.rs/ BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\users\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live pomagač za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRunOnce: [RunNarrator] Narrator.exe mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) mPolicies-explorer: NoSimpleStartMenu = 1 (0x1) mPolicies-explorer: StartMenuFavorites = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265113017140 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265113007281 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} : DhcpNameServer = 192.168.1.1 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kole017\application data\mozilla\firefox\profiles\tt8evuvw.default\ FF - prefs.js: browser.startup.homepage - www.google.rs FF - prefs.js: keyword.URL - hxxp://www.google.rs/#sclient=psy&hl=sr&site=&source=hp&q= . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . . ==================== Find3M ==================== . . ============= FINISH: 8:28:59,53 =============== https://www.mycity.rs/must-login.png Dopuna: 29 Okt 2011 8:35 I ove stvari bi trebale da se otkriju . Dopuna: 29 Okt 2011 10:19 Citat:I ove stvari bi trebale da se otkriju . Oke. MCShield je to sredio...

Profil

Fil Poslao: 29 Okt 2011 18:32 Idi na vrh
offline Fil Legendarni građanin Pridružio: 11 Jun 2009 Poruke: 16586	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. Pošto imaš instaliran MCShield, ubodi jedan po jedan USB memorijski uređaj; sačekaj da ih MCShield skenira. Kada završi skeniranje zadnjeg uređaja okači mi izveštaj pod nazivom: AllScans.txt. Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter Pošalji mi sadržaj izveštaja koji će ti se otvoriti u Notepad-u.

Profil

elzike7 Poslao: 30 Okt 2011 06:45 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Postoji mogucnost da su mi nestale neke stvari sa fleske. Imam jednu datoteku FILE000.CHK koja verovatno ima tezinu koja mi fali (9mb). Ne verujem da ako fale da su mi ih izbrisali ovi programi (AVG, AVAST, MCShield,...). Sta bi FILE000.CHK trebalo da znaci, i ako fale, mogu li te stvari da mi se vrate. MCShield sam juce instalirao i isto tako obrisao, ali je ostalo sledece: https://www.mycity.rs/must-login.png ComboFix ComboFix 11-10-29.06 - Nikola 30.10.2011 6:25.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1918.1336 [GMT 1:00] Running from: c:\users\kole017\Desktop\ComboFix.exe AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Avira FireWall Enabled {11638345-E4FC-4BEE-BB73-EC754659C5F6} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\kole017\Application Data\0ad c:\users\kole017\Application Data\0ad\config\user.cfg c:\users\kole017\WINDOWS c:\users\tata\WINDOWS c:\windows\help\tours\htmltour\unlock_playing.htm c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 ))))))))))))))))))))))))))))))) . . 2063-09-19 05:50 . 2063-09-19 05:50 5501 ----a-w- c:\windows\system32\rtclmg32.dll 2011-10-28 20:16 . 2011-10-28 20:16 -------- d-----w- c:\users\tata\Application Data\NVIDIA 2011-10-28 07:17 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-28 07:17 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-10-28 07:17 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-10-28 07:17 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-10-28 07:17 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-10-28 07:17 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-10-28 07:17 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-10-28 07:17 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-10-28 07:17 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-10-28 07:17 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-10-28 07:17 . 2011-10-28 07:17 -------- d-----w- c:\users\All Users\Application Data\AVAST Software 2011-10-28 07:17 . 2011-10-28 07:17 -------- d-----w- c:\program files\AVAST Software 2011-10-28 06:05 . 2011-10-28 07:04 83793 ----a-w- c:\windows\system32\drivers\sfi.dat 2011-10-28 06:03 . 2011-10-28 06:03 -------- d-----w- c:\users\All Users\Application Data\Comodo Downloader 2011-10-28 05:53 . 2011-10-29 08:24 -------- d-----w- c:\users\kole017\Application Data\MCShield 2011-10-27 19:18 . 2011-10-27 19:23 -------- d-----w- c:\users\tata\Application Data\MCShield 2011-10-27 14:02 . 2011-10-27 14:02 -------- d-----w- c:\users\car017\Application Data\Apple Computer 2011-10-27 07:40 . 2011-10-27 07:40 -------- d-----w- c:\users\All Users\Application Data\Apple Computer 2011-10-27 07:39 . 2011-10-27 07:39 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple 2011-10-27 07:39 . 2011-10-27 07:39 -------- d-----w- c:\users\All Users\Application Data\Apple 2011-10-27 07:39 . 2011-10-27 07:39 -------- d-----w- c:\program files\Apple Software Update 2011-10-27 07:31 . 2011-10-27 07:31 -------- d-----w- c:\program files\Common Files\Java 2011-10-27 07:31 . 2011-10-27 07:30 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-10-26 08:29 . 2011-10-26 08:29 -------- d-----w- c:\users\kole017\Application Data\pdfforge 2011-10-26 08:29 . 2011-10-26 08:29 -------- d-----w- c:\program files\PDFCreator 2011-10-25 08:39 . 2011-10-25 08:41 -------- d-----w- c:\users\Desktop 2011-10-24 19:38 . 2011-10-24 19:38 -------- d-----w- c:\users\kole017\Application Data\NVIDIA 2011-10-24 19:05 . 2011-10-24 19:06 -------- d-----w- C:\CodeBlocks 2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-23 11:11 . 2011-10-23 11:13 -------- d-----w- c:\users\kole017\Application Data\SharpReader 2011-10-23 06:51 . 2011-10-23 06:52 -------- d-----w- c:\users\kole017\Application Data\Workrave 2011-10-22 07:39 . 2011-10-22 07:39 -------- d-----w- c:\users\car017\Application Data\NVIDIA 2011-10-13 16:36 . 2011-10-28 05:45 -------- d-----w- c:\users\All Users\Application Data\AVG2012 2011-10-05 15:56 . 2011-10-05 15:56 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2011-10-05 15:56 . 2011-10-05 15:56 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2011-10-05 15:56 . 2011-10-05 15:56 107008 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-27 07:30 . 2010-09-04 13:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-16 08:31 . 2011-05-15 18:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-05 15:56 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-10-05 15:56 . 2006-09-25 15:39 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-09-01 12:32 . 2011-09-01 12:32 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2011-09-01 12:32 . 2011-09-01 12:32 165376 ----a-w- c:\windows\system32\drivers\atksgt.sys 2011-08-31 15:00 . 2009-12-17 10:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-18 11:28 . 2010-03-01 15:45 436792 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-08-16 13:04 . 2011-03-19 18:01 200704 ----a-w- c:\windows\iesshell.dll 2011-08-03 11:49 . 2011-09-20 13:35 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-08-03 11:49 . 2011-09-20 13:35 914024 ----a-w- c:\windows\system32\nvdispco32.dll 2011-08-03 11:49 . 2011-09-20 13:35 875112 ----a-w- c:\windows\system32\nvgenco32.dll 2011-08-03 11:49 . 2011-09-20 13:35 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-08-03 11:49 . 2011-09-20 13:35 5427200 ----a-w- c:\windows\system32\nvcuda.dll 2011-08-03 11:49 . 2011-09-20 13:35 2387560 ----a-w- c:\windows\system32\nvcuvid.dll 2011-08-03 11:49 . 2011-09-20 13:35 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-08-03 11:49 . 2011-09-20 13:35 17186816 ----a-w- c:\windows\system32\nvcompiler.dll 2011-08-03 11:49 . 2009-12-08 13:55 145000 ----a-w- c:\windows\system32\nvcolor.exe 2011-08-03 11:49 . 2009-12-08 13:49 146024 ----a-w- c:\windows\system32\nvsvc32.exe 2011-08-03 11:49 . 2009-12-08 13:49 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-08-03 11:49 . 2009-12-08 13:49 54272 ----a-w- c:\windows\system32\nvwddi.dll 2011-08-03 11:49 . 2009-12-08 13:49 16191488 ----a-w- c:\windows\system32\nvoglnt.dll 2011-08-03 11:49 . 2009-12-08 13:48 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-08-03 11:49 . 2009-12-08 13:48 2404864 ----a-w- c:\windows\system32\nvapi.dll 2011-08-03 11:49 . 2009-12-08 13:48 13892200 ----a-w- c:\windows\system32\nvcpl.dll 2011-08-03 11:49 . 2009-12-08 13:48 4210816 ----a-w- c:\windows\system32\nv4_disp.dll 2011-09-29 06:53 . 2011-03-25 12:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2004-08-04 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-05 273528] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSimpleStartMenu"= 1 (0x1) "StartMenuFavorites"= 1 (0x1) . [HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] backup=c:\windows\pss\Device Detector 3.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 13:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-07-08 17:41 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "VirtualDrive"="c:\program files\FarStone\VirtualDrivePro\VDTask.exe" /AutoRestore . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\FarStone\\VirtualDrivePro\\MGR.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "e:\\CS 1.6 v42 FULL\\hl.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.3.2010 16:45 436792] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.10.2011 8:17 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.10.2011 8:17 320856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2011 8:17 20568] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.9.2011 14:35 2255464] R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [29.3.2010 13:43 60008] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [9.4.2011 10:58 17792] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8.12.2009 17:01 279680] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.5.2011 16:18 136176] S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.5.2011 16:18 136176] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 13:19 23064] S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-10-30 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-01-29 07:07] . 2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-08 15:18] . 2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-08 15:18] . 2011-10-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2011-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\tt8evuvw.default\ FF - prefs.js: browser.startup.homepage - www.google.rs FF - prefs.js: keyword.URL - hxxp://www.google.rs/#sclient=psy&hl=sr&site=&source=hp&q= . - - - - ORPHANS REMOVED - - - - . HKCU-Run-MCShield - c:\program files\MCShield\MCShieldRTM.exe MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-30 06:35 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN] "ImagePath"="\Sys" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1645522239-2147080141-839522115-1003\Software\SecuROM\License information] "datasecu"=hex:4c,f6,63,d9,8b,ef,f6,e6,56,c3,5e,0c,8c,de,25,49,b4,23,69,5c,7f, f1,7c,5b,6a,9d,e3,5b,97,31,54,ca,2b,8e,d1,53,cc,b3,7c,66,78,81,fb,be,77,e9,\ "rkeysecu"=hex:47,1f,b8,fb,bb,d4,ad,21,79,49,7f,5a,03,4d,d0,8e . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(452) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2011-10-30 06:39:10 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-30 05:39 . Pre-Run: 48.888.864.768 bytes free Post-Run: 49.938.780.160 bytes free . - - End Of File - - 5713173CDA65EF892687E9886095F1FB

Profil

Fil Poslao: 30 Okt 2011 16:08 Idi na vrh
offline Fil Legendarni građanin Pridružio: 11 Jun 2009 Poruke: 16586	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tvoj računar je sada čist i nema znakova aktivnog malware-a. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Obriši folder avenger koji se nalazi na C disku. Preporučujem da instaliraš SP3 za Windows XP i da nastaviš da koristiš program MCShield, budući da je infekcija došla preko USB memorijskih uređaja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Wprm.AutoIt

Ko je trenutno na forumu

Ukupno su 988 korisnika na forumu :: 30 registrovanih, 3 sakrivenih i 955 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, acatomic, Apok, Bickoooo, bigfoot, cavatina, cenejac111, comi_pfc, dankisha, debeli, FileFinder, flash12, goranperović66, jackreacher011011, Jeremiah, Levi, Marko Marković, MB120mm, mercedesamg, Metanoja, moldway, nenaddz, operniki, Parker, plavii, stankolich, stegonosa, User98, Vatreni Zmaj, vladaa012

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by