MyCity » Ambulanta -> Arhiva Ambulante » fb virus

fb virus

Napisano na dan: 23.8.2011

Strana:
1
2
3

fb virus

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

joxiful Poslao: 25 Avg 2011 18:40 Idi na vrh
offline joxiful Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-08-24.06 - Jovana 08/25/2011 18:32:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.580 [GMT 2:00] Running from: c:\documents and settings\Jovana\Desktop\ComboFix.exe FW: ActiveArmor Firewall Disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Jovana\LOCALS~1\Temp\6541770.exe c:\documents and settings\Jovana\Application Data\PriceGong c:\documents and settings\Jovana\Application Data\PriceGong\Data\1.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\a.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\b.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\c.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\d.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\e.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\f.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\g.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\h.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\i.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\J.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\k.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\l.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\m.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\n.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\o.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\p.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\q.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\r.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\s.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\t.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\u.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\v.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\w.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\x.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\y.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\z.xml c:\documents and settings\Jovana\WINDOWS c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\l1rezerv.exe c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\services32.exe c:\windows\sysdriver32.exe c:\windows\sysdriver32_.exe c:\windows\system32\drivers\etc\HSTS~1 c:\windows\systemup.exe c:\windows\TEMP\4017603.exe c:\windows\TEMP\983346.exe c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.1\svchost.exe c:\windows\update.2 c:\windows\update.2\svchost.exe c:\windows\update.5.0 c:\windows\update.5.0\svchost.exe c:\windows\update.7.1 c:\windows\update.7.1\svchostdriver.exe c:\windows\update.tray-2-0\svchost.exe c:\windows\VM305Cap.exe c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\winsetupapi.log d:\programi\iWin Games\iWINgameshookie.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DDSERVICE -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVIECHECK -------\Legacy_SRVSYSDRIVER32 -------\Legacy_WXPDRIVERS -------\Service_ddservice -------\Service_srvbtcclient -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Service_wxpdrivers . . ((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 ))))))))))))))))))))))))))))))) . . 2011-08-23 18:36 . 2011-08-23 18:36 -------- d-----w- c:\windows\ufa 2011-08-23 15:32 . 2011-08-23 18:36 246272 ----a-w- c:\windows\unrar.exe 2011-08-23 15:23 . 2011-08-23 15:23 -------- d-----w- c:\windows\av_ico 2011-08-23 15:21 . 2011-08-25 16:35 -------- d--h--w- c:\windows\update.tray-2-0 2011-08-23 15:21 . 2011-08-23 15:21 -------- d--h--w- c:\windows\update.tray-2-0-lnk 2011-08-02 17:53 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe 2011-08-02 17:53 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe 2011-08-02 17:53 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll 2011-08-02 17:53 . 2011-08-02 17:53 -------- d-----w- c:\documents and settings\Jovana\Application Data\Winamp 2011-08-02 17:53 . 2011-08-02 17:53 -------- d-----w- c:\program files\Winamp 2011-08-02 07:44 . 2011-08-02 07:44 -------- d-----w- c:\documents and settings\Jovana\Local Settings\Application Data\Ahead . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 06:25 . 2011-07-15 06:25 98304 ----a-w- c:\windows\system32\CmdLineExt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-03 09:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-05-08 400760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 397312] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Delta.Force.Xtreme.2-RELOADED\\rld-dfx2\\(zabranjeno)\\dfx2.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= . R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/16/2011 3:29 PM 13696] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 1:28 PM 95896] R2 iWinTrusted;iWinTrusted;d:\programi\iWin Games\iWinTrusted.exe [4/8/2011 5:17 PM 176848] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [1/16/2011 3:48 PM 9446] R3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [6/25/2011 11:33 AM 23608] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2011 6:05 PM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/16/2011 5:43 PM 1691480] S3 GSService;GSService;c:\windows\system32\GSService.exe [6/25/2011 11:33 AM 745472] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2011 6:05 PM 136176] S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/25/2011 11:33 AM 243712] S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [1/16/2011 4:32 PM 392316] . Contents of the 'Scheduled Tasks' folder . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:05] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com FF - Ext: Media Plugin: plugin3@gameplaylabs.com - %profile%\extensions\plugin3@gameplaylabs.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - d:\programi\iWin Games\firefox . - - - - ORPHANS REMOVED - - - - . HKLM-Run-wxpdrv - c:\windows\services32.exe HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe HKLM-Run-tray_ico1 - (no file) HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) HKLM-Run-systemup - c:\windows\systemup.exe HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe AddRemove-GamePlayLabs Plugin - c:\documents and settings\Jovana\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-08-25 18:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4056) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2011-08-25 18:40:10 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-25 16:40 . Pre-Run: 7,607,492,608 bytes free Post-Run: 8,019,316,736 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect . - - End Of File - - F0EAAD2B830FA10A40B000606C81BDCE

Profil

NIx Car Poslao: 26 Avg 2011 16:13 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\unrar.exe Folder:: c:\windows\ufa c:\windows\av_ico c:\windows\update.tray-2-0 c:\windows\update.tray-2-0-lnk c:\documents and settings\Jovana\Local Settings\Application Data\GamePlayLabs Plugin FireFox:: FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com FF - Ext: Media Plugin: plugin3@gameplaylabs.com - %profile%\extensions\plugin3@gameplaylabs.com` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 2 Upload-uj mi fajl ... C:\Qoobox\Quarantine\C\windows\VM305Cap.exe.vir preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php NIx Car (AMF Tim)

Profil

joxiful Poslao: 28 Avg 2011 14:15 Idi na vrh
offline joxiful Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 26 Avg 2011 16:49 ComboFix 11-08-26.04 - Jovana 08/26/2011 16:38:50.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.448 [GMT 2:00] Running from: c:\documents and settings\Jovana\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jovana\Desktop\CFScript.txt FW: ActiveArmor Firewall Disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} . FILE :: "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jovana\Local Settings\Application Data\GamePlayLabs Plugin c:\documents and settings\Jovana\Local Settings\Application Data\GamePlayLabs Plugin\plugin.crx c:\documents and settings\Jovana\Local Settings\Application Data\GamePlayLabs Plugin\setup.ini c:\windows\av_ico c:\windows\av_ico\ico_NOD_AV_START.ico c:\windows\av_ico\ico_NOD_SYSINSP.ico c:\windows\av_ico\ico_NOD_SYSRESC.ico c:\windows\av_ico\ico_NOD_TXT.ico c:\windows\av_ico\ico_NOD_UNINSTALL.ico c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\unrar.exe c:\windows\update.tray-2-0-lnk c:\windows\update.tray-2-0-lnk\svchost.exe c:\windows\update.tray-2-0 . . ((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 ))))))))))))))))))))))))))))))) . . 2011-08-02 17:53 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe 2011-08-02 17:53 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe 2011-08-02 17:53 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll 2011-08-02 17:53 . 2011-08-02 17:53 -------- d-----w- c:\documents and settings\Jovana\Application Data\Winamp 2011-08-02 17:53 . 2011-08-02 17:53 -------- d-----w- c:\program files\Winamp 2011-08-02 07:44 . 2011-08-02 07:44 -------- d-----w- c:\documents and settings\Jovana\Local Settings\Application Data\Ahead . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 06:25 . 2011-07-15 06:25 98304 ----a-w- c:\windows\system32\CmdLineExt.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-25_16.37.21 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-26 08:27 . 2011-08-26 08:27 16384 c:\windows\Temp\Perflib_Perfdata_774.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-03 09:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-05-08 400760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 397312] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Delta.Force.Xtreme.2-RELOADED\\rld-dfx2\\(zabranjeno)\\dfx2.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= . R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/16/2011 3:29 PM 13696] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 1:28 PM 95896] R2 iWinTrusted;iWinTrusted;d:\programi\iWin Games\iWinTrusted.exe [4/8/2011 5:17 PM 176848] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [1/16/2011 3:48 PM 9446] R3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [6/25/2011 11:33 AM 23608] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2011 6:05 PM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/16/2011 5:43 PM 1691480] S3 GSService;GSService;c:\windows\system32\GSService.exe [6/25/2011 11:33 AM 745472] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2011 6:05 PM 136176] S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/25/2011 11:33 AM 243712] S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [1/16/2011 4:32 PM 392316] . Contents of the 'Scheduled Tasks' folder . 2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:05] . 2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com FF - Ext: Media Plugin: plugin3@gameplaylabs.com - %profile%\extensions\plugin3@gameplaylabs.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - d:\programi\iWin Games\firefox . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-08-26 16:44 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . Completion time: 2011-08-26 16:45:55 ComboFix-quarantined-files.txt 2011-08-26 14:45 ComboFix2.txt 2011-08-25 16:40 . Pre-Run: 7,652,642,816 bytes free Post-Run: 7,637,778,432 bytes free . - - End Of File - - 5E56FEA50FDDC0CA7492DDBA771F35CE uploadovala sam Dopuna: 28 Avg 2011 14:15 sta dalje?

Profil

1l padr1n0 Poslao: 28 Avg 2011 17:07 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Izvinjavam se sto kasnimo sa odgovorom; nekako se na tvoju temu zaboravilo. Korak 1 Potrebno je da uklonis ostatke ESET NOD32 Antivirusa. Odes na ovaj link: http://kb.eset.com/esetkb/index?page=content&id=SOLN2289 , skines alat ESET Uninstaller, restartujes sistem u Safe mode i odatle pokrenes alat za uklanjanje ostataka NOD-a. Nakon toga predji na sledeci korak ... Korak 2 Obrisi ComboFix fajl sa Desktop-a i skini novi sa ovog linka: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Nakon toga uradi sledece ... Otvoriti Notepad i iskopirati sledeci tekst: `FireFox:: FF - ProfilePath - c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com FF - Ext: Media Plugin: plugin3@gameplaylabs.com - %profile%\extensions\plugin3@gameplaylabs.com` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 3 Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). goran9888 (AMF Tim)

Profil

joxiful Poslao: 06 Sep 2011 18:25 Idi na vrh
offline joxiful Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 01 Sep 2011 23:23 Ja bih vas molila ako mozete sacekati par dana da popravim tataturu posto ne radi pa moram kucati preko on-screen keyboard. Dopuna: 06 Sep 2011 18:14 ComboFix 11-09-06.03 - Jovana 09/06/2011 18:08:24.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.561 [GMT 2:00] Running from: c:\documents and settings\Jovana\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Jovana\Desktop\CFScript.txt FW: ActiveArmor Firewall Disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\chrome.manifest c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\chrome\content\ff-overlay.xul c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\chrome\content\icon.png c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\chrome\content\overlay.js c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\chrome\locale\en-US\overlay.properties c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\defaults\preferences\prefs.js c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\install.rdf c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin@gameplaylabs.com\setup.ini c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\chrome.manifest c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\chrome\content\ff-overlay.xul c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\chrome\content\icon.png c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\chrome\locale\en-US\overlay.properties c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\defaults\preferences\prefs.js c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\install.rdf c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\META-INF\manifest.mf c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\META-INF\zigbert.rsa c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\META-INF\zigbert.sf c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\extensions\plugin3@gameplaylabs.com\setup.ini c:\documents and settings\Jovana\Application Data\PriceGong c:\documents and settings\Jovana\Application Data\PriceGong\Data\1.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\a.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\b.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\c.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\d.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\e.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\f.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\g.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\h.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\i.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\J.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\k.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\l.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\m.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\n.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\o.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\p.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\q.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\r.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\s.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\t.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\u.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\v.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\w.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\x.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\y.xml c:\documents and settings\Jovana\Application Data\PriceGong\Data\z.xml . . ((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 ))))))))))))))))))))))))))))))) . . 2011-08-16 05:20 . 2011-08-16 05:20 4892320 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 06:25 . 2011-07-15 06:25 98304 ----a-w- c:\windows\system32\CmdLineExt.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-25_16.37.21 ))))))))))))))))))))))))))))))))))))))))) . + 2011-09-06 15:16 . 2011-09-06 15:16 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat + 2011-08-28 21:20 . 2011-08-28 21:20 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe + 2011-08-28 21:20 . 2011-08-28 21:20 1241088 c:\windows\Installer\5c0811.msi + 2011-08-28 21:20 . 2011-08-28 21:20 1527808 c:\windows\Installer\5c0804.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-03 09:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-05-08 400760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 397312] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Delta.Force.Xtreme.2-RELOADED\\rld-dfx2\\(zabranjeno)\\dfx2.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/16/2011 3:29 PM 13696] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 1:28 PM 95896] R2 iWinTrusted;iWinTrusted;d:\programi\iWin Games\iWinTrusted.exe [4/8/2011 5:17 PM 176848] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [1/16/2011 3:48 PM 9446] R3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [6/25/2011 11:33 AM 23608] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2011 6:05 PM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/16/2011 5:43 PM 1691480] S3 GSService;GSService;c:\windows\system32\GSService.exe [6/25/2011 11:33 AM 745472] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2011 6:05 PM 136176] S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/25/2011 11:33 AM 243712] S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [1/16/2011 4:32 PM 392316] . Contents of the 'Scheduled Tasks' folder . 2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:05] . 2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\0miz21f1.default\ FF - prefs.js: browser.search.selectedEngine - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - d:\programi\iWin Games\firefox . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-09-06 18:11 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . Completion time: 2011-09-06 18:14:11 ComboFix-quarantined-files.txt 2011-09-06 16:14 ComboFix2.txt 2011-08-26 14:45 ComboFix3.txt 2011-08-25 16:40 . Pre-Run: 7,198,588,928 bytes free Post-Run: 7,243,010,048 bytes free . - - End Of File - - 2A9BECF5961D9217016E9B6BFC482258 Dopuna: 06 Sep 2011 18:25 Malwarebytes' Anti-Malware 1.51.1.1800 malwarebytes.org Database version: 7664 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 9/6/2011 6:25:12 PM mbam-log-2011-09-06 (18-25-12).txt Scan type: Quick scan Objects scanned: 170132 Time elapsed: 2 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected)

Profil

1l padr1n0 Poslao: 06 Sep 2011 20:25 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li si pokrenula ESET NOD32 uninstaller po uputstvu koje sam ti dao? Ja koliko vidim - nisi. Kakvo je sada stanje sistema? goran9888 (AMF Tim)

Profil

joxiful Poslao: 06 Sep 2011 22:55 Idi na vrh
offline joxiful Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! aaa sad sam skontala sta sam uradila :/ da, nisam bas dobro pratila uputstvo za unninstal, niti pokrenula u safe mode.. jel treba ponovo? trenutno sve normalno radi

Profil

1l padr1n0 Poslao: 06 Sep 2011 23:14 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! joxiful ::aaa sad sam skontala sta sam uradila :/ da, nisam bas dobro pratila uputstvo za unninstal, niti pokrenula u safe mode.. jel treba ponovo? trenutno sve normalno radi Naravno da treba. Nakon toga ... Potrebno je da instaliras Anti-Virus na sistem. Moj predlog ti je da koristis besplatan Anti-Virus ukoliko nemas licencu za komercijalnu verziju AV-a. Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan. Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa Postavi mi svez DDS izvestaj da pogledam. DDS izvestaj je onaj izvestaj sto si mi postavila u prvoj poruci, cisto da znas. Nemoj pokretati ComboFix vise. goran9888 (AMF Tim)

Profil

joxiful Poslao: 07 Sep 2011 23:28 Idi na vrh
offline joxiful Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! usla sam u safe mode i pokrenula ga, i pise :enter sequence number of AV product to unninstal and press ENTER. kako da znam taj sequence number?

Profil

1l padr1n0 Poslao: 07 Sep 2011 23:34 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! joxiful ::usla sam u safe mode i pokrenula ga, i pise :enter sequence number of AV product to unninstal and press ENTER. kako da znam taj sequence number? Jel si ti pogledala ovaj link: http://kb.eset.com/esetkb/index?page=content&id=SOLN2289 Izgleda da nisi; jer tamo ima sve slikovito objasnjeno. Verovatno da trebas da ukucas broj 1 i potvrdis sa Enter. Sequence number ti je redni broj nadjene aplikacije koju ti program nudi da ukloni. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » fb virus

Ko je trenutno na forumu

Ukupno su 1093 korisnika na forumu :: 38 registrovanih, 6 sakrivenih i 1049 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AleksSE, amaterSRB, babaroga, bojan_t, BRATORIII, cemix, cikadeda, dane007, darcaud, deimos25, Denaya, Djokkinen, Dorcolac, draganl, dule10savic, Insan, ivan1973, kinez88, Kubovac, kuntalo, Miki01, milenko crazy north, milimoj, miodrag, nebkv, oldtimer, opt1, Parker, pein, Petarvu, raptorsi, Ripanjac, ruma, Sančo, ss10, StefanNBG90, trutcina, tubular

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by