MyCity » Ambulanta -> Arhiva Ambulante » pomoc

pomoc

Napisano na dan: 6.2.2009

pomoc

Odgovori

b.l Poslao: 06 Feb 2009 11:37 Idi na vrh
offline b.l Građanin Pridružio: 04 Feb 2009 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:19:40, on 6.2.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Zdravko\Desktop\New Folder\T.R.exe..exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///D:/nove%20igrice/Mortimer%20Beckett/Images/stg_drm.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....2663775890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....2663678093 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///D:/nove%20igrice/Mortimer%20Beckett/Images/armhelper.ocx O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 7740 bytes

Profil

diarno Poslao: 06 Feb 2009 14:52 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

b.l Poslao: 06 Feb 2009 15:14 Idi na vrh
offline b.l Građanin Pridružio: 04 Feb 2009 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png Dopuna: 06 Feb 2009 15:14 ComboFix 09-02-05.02 - Zdravko 2009-02-06 14:54:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.383.90 [GMT 1:00] Running from: c:\documents and settings\Zdravko\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090205-1] On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\windows c:\program files\windows\AppPatch\acadproc.dll c:\program files\windows\AppPatch\AcGenral.dll c:\program files\windows\AppPatch\AcLayers.dll c:\program files\windows\AppPatch\AcLua.dll c:\program files\windows\AppPatch\AcSpecfc.dll c:\program files\windows\AppPatch\AcXtrnal.dll c:\program files\windows\AppPatch\apph_sp.sdb c:\program files\windows\AppPatch\apphelp.sdb c:\program files\windows\AppPatch\drvmain.sdb c:\program files\windows\AppPatch\msimain.sdb c:\program files\windows\AppPatch\sysmain.sdb c:\program files\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini c:\program files\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll c:\program files\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini c:\program files\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll c:\program files\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini c:\program files\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL c:\program files\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini c:\program files\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll c:\program files\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini c:\program files\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL c:\program files\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini c:\program files\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll c:\program files\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll c:\program files\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp c:\program files\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp c:\program files\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll c:\program files\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll c:\program files\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll c:\program files\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll c:\windows\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-02-05 00:07 . 2009-02-05 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Mushroom Age 2009-02-04 19:08 . 2003-07-15 09:00 578,368 -ra------ c:\windows\system32\drivers\smwdm.sys 2009-02-04 19:08 . 2002-04-01 07:15 4,816 -ra------ c:\windows\system32\drivers\aeaudio.sys 2009-02-04 19:08 . 2003-04-08 04:30 3,744 -ra------ c:\windows\system32\drivers\smsens.sys 2009-02-04 18:58 . 2003-04-15 09:59 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS 2009-02-04 18:58 . 2009-02-04 21:15 3,777 --a------ c:\windows\Ascd_tmp.ini 2009-02-04 00:08 . 2009-02-04 00:08 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Abra Academy2 2009-02-03 14:42 . 2009-02-03 14:42 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Friday's games 2009-02-02 18:19 . 2009-02-02 18:19 319,488 --a------ c:\windows\HideWin.exe 2009-02-01 11:59 . 2009-02-01 12:01 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Registry Booster 2009-02-01 11:50 . 2009-02-01 11:50 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Avant Profiles 2009-02-01 11:36 . 2009-02-01 11:36 <DIR> d-------- C:\AUTOTEST 2009-01-31 23:57 . 2009-01-31 23:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-01-31 23:38 . 2009-02-01 00:06 <DIR> d-------- c:\program files\Winamp 2009-01-31 23:38 . 2009-01-31 23:45 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Winamp 2009-01-30 14:10 . 2009-02-05 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst 2009-01-30 13:01 . 2009-01-30 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2009-01-30 13:00 . 2009-01-30 13:00 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\GameHouse 2009-01-29 23:14 . 2009-01-29 23:14 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\SpinTop 2009-01-27 15:11 . 2009-01-27 15:56 <DIR> d-------- c:\documents and settings\Zdravko\uspy 2009-01-26 23:39 . 2009-01-26 23:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\JollyBear 2009-01-26 19:22 . 2009-01-26 19:22 <DIR> d-------- c:\program files\Oberon Media 2009-01-26 19:21 . 2009-01-26 19:21 <DIR> d-------- c:\program files\ReflexiveArcade 2009-01-26 18:34 . 2009-01-26 18:34 <DIR> d-------- c:\program files\Diskeeper Corporation 2009-01-26 18:34 . 2009-01-26 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Diskeeper Corporation 2009-01-26 18:21 . 2009-01-26 18:21 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Uniblue 2009-01-26 18:08 . 2009-02-04 23:05 <DIR> d-------- c:\documents and settings\Zdravko\Saved Games 2009-01-25 23:19 . 2009-01-25 23:43 <DIR> d-------- c:\windows\system32\NtmsData 2009-01-24 15:11 . 2009-02-04 23:05 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Flood Light Games 2009-01-24 15:11 . 2009-02-04 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Flood Light Games 2009-01-23 12:06 . 2009-01-23 17:39 <DIR> d-------- c:\program files\SweetIM 2009-01-23 12:06 . 2009-01-23 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SweetIM 2009-01-23 09:01 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-23 09:01 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-23 02:08 . 2009-01-23 02:10 <DIR> d-------- c:\program files\TweakNow PowerPack Pro 2009-01-23 02:08 . 2009-01-23 02:08 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\TweakNow PowerPack 2009-01-23 00:11 . 2009-01-23 00:13 <DIR> d-------- c:\documents and settings\Zdravko\Contacts 2009-01-23 00:10 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe 2009-01-23 00:09 . 2009-01-23 00:09 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-23 00:01 . 2009-01-24 16:46 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-22 23:46 . 2009-01-22 23:49 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2009-01-22 23:45 . 2009-01-27 11:36 <DIR> d-------- c:\program files\Windows Live 2009-01-22 23:43 . 2009-01-22 23:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2009-01-22 23:39 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-01-22 23:39 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-01-22 23:39 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2009-01-22 23:38 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-01-22 23:01 . 2009-01-22 23:01 <DIR> d--h----- c:\windows\$hf_mig$ 2009-01-22 23:01 . 2007-03-09 14:58 57,344 --a--c--- c:\windows\system32\dllcache\SET1D.tmp 2009-01-22 00:50 . 2009-01-22 00:50 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Meridian93 2009-01-22 00:34 . 2009-01-22 00:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games 2009-01-21 17:52 . 2009-01-21 17:52 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Reflexivev1001 2009-01-19 18:15 . 2009-01-19 18:15 <DIR> d-------- c:\program files\Common Files\DirectX 2009-01-19 13:50 . 2009-01-19 13:50 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-19 13:50 . 2009-01-19 13:50 1,409 --a------ c:\windows\QTFont.for 2009-01-18 17:07 . 2009-01-18 17:08 <DIR> d-------- c:\program files\YouTube Downloader 2009-01-17 19:27 . 2009-01-17 19:27 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Cat's Eye Games 2009-01-17 18:29 . 2009-01-17 18:31 <DIR> d-------- c:\program files\Google 2009-01-14 20:28 . 2009-02-05 12:24 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-14 16:48 . 2009-01-14 16:48 <DIR> d-------- c:\program files\Alwil Software 2009-01-14 16:48 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-01-14 16:37 . 2009-01-14 16:37 1,172 --a------ c:\windows\mozver.dat 2009-01-14 16:31 . 2009-01-14 16:31 0 --a------ c:\windows\nsreg.dat 2009-01-11 22:37 . 2009-01-11 22:37 876 --a------ c:\windows\$_hpcst$.hpc 2009-01-11 20:05 . 2009-01-11 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Oberon Media 2009-01-11 19:25 . 2009-01-11 20:03 <DIR> d-------- c:\documents and settings\Zdravko\Application Data\Magic Academy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-05 22:36 --------- d-----w c:\documents and settings\Zdravko\Application Data\PlayFirst 2009-02-04 20:16 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-09 21:57 --------- d-----w c:\documents and settings\Zdravko\Application Data\Mind Control Software 2008-12-09 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2008-12-09 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia 2008-12-09 21:26 --------- d-----w c:\program files\BFG 2008-02-07 00:01 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-02-07 00:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-02-07 00:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008020720080208\index.dat 2008-02-07 00:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-09-01 282624] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "IE7-11"="advpack.dll" [2007-03-21 c:\windows\system32\advpack.dll] "RunNarrator"="Narrator.exe" [2007-03-21 c:\windows\system32\narrator.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-14 111184] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2008-02-07 15872] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-14 20560] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041b849a-e250-11dd-b7d1-00112f4345f4}] \Shell\AutoRun\command - G:\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6cc5252-ac21-11dd-b7af-00112f4345f4}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . - - - - ORPHANS REMOVED - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKCU-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-Uniblue RegistryBooster 2009 - (no file) HKCU-Run-Uniblue RegistryBooster 2 - (no file) . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///D:/nove%20igrice/Mortimer%20Beckett/Images/stg_drm.ocx FF - ProfilePath - c:\documents and settings\Zdravko\Application Data\Mozilla\Firefox\Profiles\9m36ry0q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1392740&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1392740&SearchSource=13 FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-06 14:55:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun] "ImagePath"="\??\c:\huadio.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2000478354-688789844-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-06 14:57:20 ComboFix-quarantined-files.txt 2009-02-06 13:57:13 Pre-Run: 7.013.888.000 bytes free Post-Run: 8,516,276,224 bytes free 233

Profil

diarno Poslao: 06 Feb 2009 16:09 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel i dalje imas probleme sa system32 folderom?

Profil

b.l Poslao: 06 Feb 2009 19:33 Idi na vrh
offline b.l Građanin Pridružio: 04 Feb 2009 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne sad je sve ok,hvala na pomoci i strpljenju!Da li da ostavim Combofix i da li da brisem autorun?

Profil

diarno Poslao: 06 Feb 2009 20:21 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovaj postpupak ce obrisati Combofix : Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Mozes obrisati i Autoruns i ukljuci ponovo Avast... PozZz

Profil

b.l Poslao: 06 Feb 2009 22:21 Idi na vrh
offline b.l Građanin Pridružio: 04 Feb 2009 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sredjeno,hvala jos jednom na svemu!Da li bi mogla znati sta je bilo u pitanju?POZZ

Profil

diarno Poslao: 06 Feb 2009 22:26 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jedna vrsta spyware-a... http://en.wikipedia.org/wiki/Spyware http://en.wikipedia.org/wiki/MyWay_Searchbar

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pomoc

Ko je trenutno na forumu

Ukupno su 1105 korisnika na forumu :: 27 registrovanih, 7 sakrivenih i 1071 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, babaroga, bojankrstc, comi_pfc, Denaya, hologram, HrcAk47, ivan1973, ivica976, Krusarac, Lucije Kvint, mercedesamg, Mercury, milenko crazy north, mkukoleca, opt1, proka89, samsung, Smiljke, Srle993, trajkoni018, virked, Vlada1389, voja64, wolf431, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by