MyCity » Ambulanta -> Arhiva Ambulante » pomoc sto pre ,molim vas,virus preko facebooka

pomoc sto pre ,molim vas,virus preko facebooka

Napisano na dan: 19.8.2011

Strana:
1
2
3

pomoc sto pre ,molim vas,virus preko facebooka

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

dejanod Poslao: 20 Avg 2011 17:27 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 20 Avg 2011 17:15 ComboFix 11-08-19.02 - Pc 08/20/2011 16:59:54.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.438 [GMT 2:00] Running from: c:\documents and settings\Pc\Desktop\ComboFix.exe AV: Norton Internet Security Disabled/Updated {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security Enabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Pc\LOCALS~1\Temp\7099298.exe c:\documents and settings\All Users\Application Data\ACD Systems\ACDSee\ImageDB.ddf c:\documents and settings\All Users\Application Data\TorrentEasy\fdmbtsupp.dll c:\documents and settings\Pc\Application Data\cacaoweb c:\documents and settings\Pc\Application Data\cacaoweb\megavideo0SPNZPYF406187091.cacao c:\documents and settings\Pc\Application Data\cacaoweb\megavideo8E8D8PTL1068244821.cacao c:\documents and settings\Pc\Application Data\facemoods.com c:\documents and settings\Pc\WINDOWS c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe c:\program files\WinPCap c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\iun6002.exe c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\system32\drivers\etc\HSTS~1 c:\windows\TEMP\419255.exe c:\windows\TEMP\65179459-loader2.exe c:\windows\TEMP\9237908.exe c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.2 c:\windows\update.5.0 c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVIECHECK -------\Legacy_WXPDRIVERS . . ((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 ))))))))))))))))))))))))))))))) . . 2011-08-19 19:09 . 2011-08-19 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Badoo 2011-08-19 13:30 . 2011-08-19 13:30 -------- d-----w- c:\windows\ufa 2011-08-19 13:27 . 2011-08-19 13:30 246272 ----a-w- c:\windows\unrar.exe 2011-08-19 13:26 . 2011-08-19 13:26 -------- d--h--w- c:\windows\update.7.1 2011-08-19 13:24 . 2011-08-19 13:24 -------- d-----w- c:\windows\av_ico 2011-08-19 13:22 . 2011-08-19 14:41 -------- d--h--w- c:\windows\update.tray-10-0 2011-08-19 13:22 . 2011-08-19 14:41 -------- d--h--w- c:\windows\update.tray-10-0-lnk 2011-08-14 02:00 . 2011-08-14 02:00 -------- d-----w- c:\program files\Common Files\PCSuite 2011-08-12 15:48 . 2011-08-12 15:48 -------- d-----w- c:\program files\Apple Software Update 2011-08-12 15:48 . 2011-08-12 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-08-11 16:50 . 2011-08-11 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2011-08-11 16:42 . 2011-08-11 16:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2011-08-10 10:42 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2011-08-10 10:42 . 2011-08-10 10:42 -------- d-----w- c:\program files\PC Connectivity Solution 2011-08-10 10:41 . 2011-05-18 08:09 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys 2011-08-10 10:41 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2011-08-10 10:41 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2011-08-10 10:41 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2011-08-10 10:41 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2011-08-09 10:22 . 2011-08-09 10:46 -------- d-----w- c:\program files\Symantec 2011-08-09 10:22 . 2011-08-09 10:46 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-08-09 10:22 . 2011-08-09 10:46 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-08-09 10:22 . 2011-08-09 11:20 -------- d-----w- c:\windows\system32\drivers\NIS 2011-08-06 16:50 . 2011-08-06 17:16 -------- d-----w- c:\program files\Adobe Download Assistant 2011-08-05 13:18 . 2011-08-11 16:02 -------- d-----w- c:\program files\Arthaus Paint & Fotoshop . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-19 13:06 . 2011-06-02 16:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2008-04-13 21:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2008-04-13 21:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2010-11-21 12:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36 . 2008-04-14 02:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 18:36 . 2008-04-14 02:42 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2008-04-14 02:41 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 17:40 . 2011-06-23 17:40 180224 ----a-w- c:\windows\system32\WinVd32.sys 2011-06-23 17:40 . 2011-06-23 17:40 7680 ----a-w- c:\windows\system32\WinFLsrv.exe 2011-06-23 12:05 . 2008-04-13 21:07 385024 ------w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2008-04-14 02:42 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02 . 2008-04-13 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 22:32 . 2011-02-17 22:32 23 ----a-w- c:\program files\hfkud16.sys 2003-12-06 20:12 121856 --sha-w- c:\windows\system32\fpplock.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}] 2011-01-17 14:54 175912 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBrot.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 68216 ----a-w- d:\krekovani programi\Internet_Download_Manager_v6.04.2_strike(zabranjeno).info\Internet Download Manager v6.04.2\(zabranjeno)\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="d:\krekovani programi\Internet Download Manager v6.05.14\o\idman.exe" [2011-04-25 3298712] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-13 395640] "NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712] "Badoo Desktop"="c:\documents and settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.38.1042\Badoo.Desktop.exe" [2011-08-04 1042944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Warning: do not remove it!"="fpplock.exe" [2003-12-06 121856] . c:\documents and settings\Pc\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Pc^Start Menu^Programs^Startup^Moo0 SystemMonitor 1.63.lnk] backup=c:\windows\pss\Moo0 SystemMonitor 1.63.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Pc^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Pc^Start Menu^Programs^Startup^Super Finder XT.lnk] backup=c:\windows\pss\Super Finder XT.lnkStartup path=c:\documents and settings\All Users\Start Menu\Programs\FSL\Super Finder XT\Super Finder XT.lnk HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemListener . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 10:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System Optimizer] 2011-02-10 17:33 3519800 ----a-w- c:\program files\Advanced System Optimizer 3\ASO3.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-01-21 03:20 134656 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart] 2010-10-20 13:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2011-06-16 13:21 1500160 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent] 2010-12-11 13:22 2584384 ----a-w- c:\program files\RFA 8\rfagent32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-02-13 16:11 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2006-07-26 23:27 4617720 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "NVSvc"=2 (0x2) "MDM"=2 (0x2) "McComponentHostService"=3 (0x3) "IDriverT"=3 (0x3) "AcrSch2Svc"=2 (0x2) "EASEUS Agent"=2 (0x2) "osppsvc"=3 (0x3) "OMSI download service"=2 (0x2) "Microsoft SharePoint Workspace Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "HDD & SSD access service"=2 (0x2) "ASO3DiskOptimizer"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Documents and Settings\\Pc\\Desktop\\utorrent.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Pc\\My Documents\\Downloads\\Programs\\Facemoods.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1065:TCP"= 1065:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [8/9/2011 12:46 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [8/9/2011 12:46 PM 744568] R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [3/3/2011 12:26 PM 20088] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/23/2010 9:00 PM 98160] R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?] R2 EpocCamSvc;EpocCamSvc;c:\program files\EpocCam\EpocCamSvc.exe [4/28/2011 5:45 PM 97792] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [6/23/2011 7:40 PM 17984] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [3/14/2011 2:52 PM 27632] R3 sef3x1;Sony Ericsson sef3x1 Device Driver;c:\windows\system32\drivers\sef3x1.sys [3/14/2011 3:09 PM 28608] S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [?] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [8/9/2011 12:46 PM 136312] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2011 1:53 PM 136176] S3 cpuz130;cpuz130;\??\c:\docume~1\Pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/6/2011 4:11 PM 23456] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2011 12:46 PM 105592] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [3/13/2011 11:41 PM 13224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2011 1:53 PM 136176] S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110818.030\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110818.030\IDSxpx86.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [3/14/2011 1:46 AM 26512] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8/10/2011 12:41 PM 137600] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [3/2/2011 12:38 PM 103552] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [3/13/2011 8:35 PM 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [3/13/2011 8:35 PM 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [3/13/2011 8:35 PM 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [3/13/2011 8:35 PM 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [3/13/2011 8:35 PM 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [3/13/2011 8:35 PM 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [3/13/2011 8:35 PM 109864] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208] S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2/9/2011 4:16 PM 229376] . Contents of the 'Scheduled Tasks' folder . 2011-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-08-10 c:\windows\Tasks\ASOService.job - c:\program files\Advanced System Optimizer 3\ASO3.exe [2011-02-11 17:33] . 2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 11:53] . 2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 11:53] . 2011-08-19 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19] . 2011-06-24 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://badoo.com/startpage/ uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uInternet Settings,ProxyOverride = <-loopback> IE: Download all links with IDM - d:\krekovani programi\Internet Download Manager v6.05.14\o\IEGetAll.htm IE: Download with IDM - d:\krekovani programi\Internet Download Manager v6.05.14\o\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=5049b195000000000000001fd01ee4db&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17981&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: MB2 Community Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - %profile%\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0} FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19} FF - Ext: Yahoo! Mail Notifier: {89f8dde0-010a-11da-8cd6-0800200c9a66} - %profile%\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe Notify-AtiExtEvent - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-nwiz - nwiz.exe MSConfigStartUp-pamela - (no file) AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe AddRemove-NIS - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.6.0.29\InstStub.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-20 17:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\system32\WinFLdrv.sys 17984 bytes executable c:\windows\system32\sys_drv.dat 7028 bytes c:\windows\system32\sys_drv_2.dat 6024 bytes c:\documents and settings\Pc\Application Data\systemfl.$dk 990 bytes . scan completed successfully hidden files: 4 . ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):9f,7e,e7,0a,af,4b,e5,d8,5d,94,ed,6d,b2,d1,4e,95,9b,70,7c,22,ac, f6,be,10,20,ce,b1,88,4f,3d,be,c8,dc,af,88,34,ce,c8,c0,88,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{aab7dbe5-2a1a-404b-a092-ce285fd89c9e}] @Denied: (Full) (Everyone) "Model"=dword:00000081 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2700) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll d:\krekovani programi\Internet_Download_Manager_v6.04.2_strike(zabranjeno).info\Internet Download Manager v6.04.2\(zabranjeno)\IDMShellExt.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\update.7.1\svchostdriver.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\update.7.1\svchostdriver.exe c:\windows\system32\fpplock.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe . ************************************************************************ . Completion time: 2011-08-20 17:09:31 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-20 15:09 . Pre-Run: 8,945,590,272 bytes free Post-Run: 8,970,010,624 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect . - - End Of File - - 86672A6DABA23D0CE4B4314E5BA65B06 Evo Gorane 988, kako si mi napisao u prethodnoj poruci, odradjeno. Dopuna: 20 Avg 2011 17:27 A sta da radim, da li da deinstaliram ove ostatke od anti-virus programa, jer prakticno nemam, anti-virus program.Cekam upustva.

Profil

1l padr1n0 Poslao: 20 Avg 2011 17:39 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Ukloni AV sa sistema (deinstaliraj ga). Nakon toga pokreni Removal Tool koji ce ukloniti ostatke koji mozes naci ovde (Step 2): http://us.norton.com/support/kb/web_view.jsp?wv_ty.....28154508EN Korak 2 Otvoriti Notepad i iskopirati sledeci tekst: Folder:: c:\windows\ufa c:\windows\update.7.1 c:\windows\av_ico c:\windows\update.tray-10-0 c:\windows\update.tray-10-0-lnk File:: c:\windows\unrar.exe Driver:: ddservice DDS:: uStart Page = hxxp://badoo.com/startpage/ uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uInternet Settings,ProxyOverride = <-loopback> Firefox:: FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\ FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. goran9888 (AMF Tim)

Profil

dejanod Poslao: 21 Avg 2011 15:40 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gorane 988, odradio sam prvi korak po upustvu.A za drugi korak mi izbacuje ovo obavestenje, Combo, kao na slici.Sta dalje, odradio sam sve kako si mi kazao, i izbacuje ovo.Evo slike. Combo fix incorectly spelt.

Profil

1l padr1n0 Poslao: 21 Avg 2011 16:10 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na slici se lepo vidi da nisi ispratio uputstvo kako treba. Skripta ti nosi naziv CFCSript a naziv skripte treba da bude CFScript. Takodje, Notepad mora da bude zatvoren kada prevlacis skriptu preko CF-a. Ponovi postupak ... goran9888 (AMF Tim)

Profil

dejanod Poslao: 22 Avg 2011 01:07 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo, Gorane 988, odradjeno. https://www.mycity.rs/must-login.png ComboFix 11-08-19.02 - Pc 08/22/2011 0:50.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.408 [GMT 2:00] Running from: c:\documents and settings\Pc\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Pc\Desktop\CFScript.txt AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\ACD Systems\ACDSee\ImageDB.ddf c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\extensions\ffxtlbr@Facemoods.com c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\extensions\ffxtlbr@Facemoods.com\facemoods.jar c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\extensions\ffxtlbr@Facemoods.com\install.rdf c:\windows\av_ico c:\windows\av_ico\ico_norton_start.ico c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\unrar.exe c:\windows\update.7.1 c:\windows\update.7.1\svchostdriver.exe c:\windows\update.tray-10-0-lnk c:\windows\update.tray-10-0 . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DDSERVICE -------\Service_ddservice . . ((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 ))))))))))))))))))))))))))))))) . . 2011-08-21 13:55 . 2011-08-21 13:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-08-21 13:55 . 2011-08-21 13:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-08-21 13:41 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-08-21 13:41 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-21 13:41 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-08-21 13:41 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-08-21 13:41 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-08-21 13:41 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-08-21 13:41 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-08-21 13:41 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-08-21 13:41 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr 2011-08-21 13:41 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-08-21 13:41 . 2011-08-21 13:41 -------- d-----w- c:\program files\AVAST Software 2011-08-21 13:41 . 2011-08-21 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-08-21 04:07 . 2011-08-21 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2011-08-19 19:09 . 2011-08-19 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Badoo 2011-08-14 02:00 . 2011-08-14 02:00 -------- d-----w- c:\program files\Common Files\PCSuite 2011-08-12 15:48 . 2011-08-12 15:48 -------- d-----w- c:\program files\Apple Software Update 2011-08-12 15:48 . 2011-08-12 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-08-11 16:50 . 2011-08-11 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2011-08-11 16:42 . 2011-08-11 16:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2011-08-10 10:42 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2011-08-10 10:42 . 2011-08-10 10:42 -------- d-----w- c:\program files\PC Connectivity Solution 2011-08-10 10:41 . 2011-05-18 08:09 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys 2011-08-10 10:41 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2011-08-10 10:41 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2011-08-10 10:41 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2011-08-10 10:41 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2011-08-06 16:50 . 2011-08-06 17:16 -------- d-----w- c:\program files\Adobe Download Assistant 2011-08-05 13:18 . 2011-08-11 16:02 -------- d-----w- c:\program files\Arthaus Paint & Fotoshop . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-19 13:06 . 2011-06-02 16:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2008-04-13 21:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2008-04-13 21:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2010-11-21 12:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36 . 2008-04-14 02:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 18:36 . 2008-04-14 02:42 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2008-04-14 02:41 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 17:40 . 2011-06-23 17:40 180224 ----a-w- c:\windows\system32\WinVd32.sys 2011-06-23 17:40 . 2011-06-23 17:40 7680 ----a-w- c:\windows\system32\WinFLsrv.exe 2011-06-23 12:05 . 2008-04-13 21:07 385024 ------w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2008-04-14 02:42 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02 . 2008-04-13 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 22:32 . 2011-02-17 22:32 23 ----a-w- c:\program files\hfkud16.sys 2003-12-06 20:12 121856 --sha-w- c:\windows\system32\fpplock.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2011-08-20_15.07.08 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-21 23:01 . 2011-08-21 23:01 16384 c:\windows\Temp\Perflib_Perfdata_23c.dat + 2011-08-21 13:55 . 2011-08-21 17:59 32768 c:\windows\system32\config\systemprofile\PrivacIE\index.dat + 2011-08-21 13:55 . 2011-08-21 17:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012011082120110822\index.dat + 2010-11-21 13:04 . 2011-08-21 18:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2010-11-21 13:04 . 2010-11-21 13:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-08-21 15:26 . 2011-08-21 15:26 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FCB5BF3A-CC09-11E0-B92A-001FD01EE4DB}.dat + 2011-08-21 17:59 . 2011-08-21 17:59 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5703C152-CC1F-11E0-B92A-001FD01EE4DB}.dat + 2011-08-21 13:55 . 2011-08-21 13:55 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{34ACFC13-CBFD-11E0-B92A-001FD01EE4DB}.dat + 2011-08-21 13:55 . 2011-08-21 13:55 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2D8F777F-CBFD-11E0-B92A-001FD01EE4DB}.dat + 2011-08-21 13:55 . 2011-08-21 13:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat + 2011-08-21 13:55 . 2011-08-21 15:26 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2011-08-21 13:55 . 2011-08-21 18:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-08-21 13:55 . 2011-08-21 18:01 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2D8F777E-CBFD-11E0-B92A-001FD01EE4DB}.dat + 2011-08-21 18:01 . 2011-08-21 18:01 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9340AB3A-CC1F-11E0-B92A-001FD01EE4DB}.dat + 2010-11-21 13:04 . 2011-08-21 18:01 114688 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2011-08-21 13:55 . 2011-03-14 16:17 4216104 c:\windows\system32\config\systemprofile\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll + 2011-08-21 13:55 . 2011-03-14 16:17 4216104 c:\windows\system32\config\systemprofile\Local Settings\Application Data\BrotherSoft_Extreme\tbBrot.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}] 2011-01-17 14:54 175912 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBrot.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 68216 ----a-w- d:\krekovani programi\Internet_Download_Manager_v6.04.2_strike(zabranjeno).info\Internet Download Manager v6.04.2\(zabranjeno)\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="d:\krekovani programi\Internet Download Manager v6.05.14\o\idman.exe" [2011-04-25 3298712] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-13 395640] "NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712] "Badoo Desktop"="c:\documents and settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.38.1042\Badoo.Desktop.exe" [2011-08-04 1042944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Warning: do not remove it!"="fpplock.exe" [2003-12-06 121856] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] . c:\documents and settings\Pc\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Pc^Start Menu^Programs^Startup^Moo0 SystemMonitor 1.63.lnk] backup=c:\windows\pss\Moo0 SystemMonitor 1.63.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Pc^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Pc^Start Menu^Programs^Startup^Super Finder XT.lnk] backup=c:\windows\pss\Super Finder XT.lnkStartup path=c:\documents and settings\All Users\Start Menu\Programs\FSL\Super Finder XT\Super Finder XT.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 10:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System Optimizer] 2011-02-10 17:33 3519800 ----a-w- c:\program files\Advanced System Optimizer 3\ASO3.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-01-21 03:20 134656 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart] 2010-10-20 13:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2011-06-16 13:21 1500160 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent] 2010-12-11 13:22 2584384 ----a-w- c:\program files\RFA 8\rfagent32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-02-13 16:11 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2006-07-26 23:27 4617720 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "NVSvc"=2 (0x2) "MDM"=2 (0x2) "McComponentHostService"=3 (0x3) "IDriverT"=3 (0x3) "AcrSch2Svc"=2 (0x2) "EASEUS Agent"=2 (0x2) "osppsvc"=3 (0x3) "OMSI download service"=2 (0x2) "Microsoft SharePoint Workspace Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "HDD & SSD access service"=2 (0x2) "ASO3DiskOptimizer"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Documents and Settings\\Pc\\Desktop\\utorrent.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Pc\\My Documents\\Downloads\\Programs\\Facemoods.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1065:TCP"= 1065:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/21/2011 3:41 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/21/2011 3:41 PM 309848] R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [3/3/2011 12:26 PM 20088] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/23/2010 9:00 PM 98160] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/21/2011 3:41 PM 19544] R2 EpocCamSvc;EpocCamSvc;c:\program files\EpocCam\EpocCamSvc.exe [4/28/2011 5:45 PM 97792] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [6/23/2011 7:40 PM 17984] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [3/14/2011 2:52 PM 27632] R3 sef3x1;Sony Ericsson sef3x1 Device Driver;c:\windows\system32\drivers\sef3x1.sys [3/14/2011 3:09 PM 28608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2011 1:53 PM 136176] S3 cpuz130;cpuz130;\??\c:\docume~1\Pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/6/2011 4:11 PM 23456] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [3/13/2011 11:41 PM 13224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2011 1:53 PM 136176] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [3/14/2011 1:46 AM 26512] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8/10/2011 12:41 PM 137600] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [3/2/2011 12:38 PM 103552] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [3/13/2011 8:35 PM 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [3/13/2011 8:35 PM 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [3/13/2011 8:35 PM 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [3/13/2011 8:35 PM 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [3/13/2011 8:35 PM 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [3/13/2011 8:35 PM 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [3/13/2011 8:35 PM 109864] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208] S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2/9/2011 4:16 PM 229376] . Contents of the 'Scheduled Tasks' folder . 2011-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-08-10 c:\windows\Tasks\ASOService.job - c:\program files\Advanced System Optimizer 3\ASO3.exe [2011-02-11 17:33] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 11:53] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 11:53] . 2011-08-21 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19] . 2011-06-24 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19] . . ------- Supplementary Scan ------- . IE: Download all links with IDM - d:\krekovani programi\Internet Download Manager v6.05.14\o\IEGetAll.htm IE: Download with IDM - d:\krekovani programi\Internet Download Manager v6.05.14\o\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hlomor1c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=5049b195000000000000001fd01ee4db&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17981&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: MB2 Community Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - %profile%\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0} FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19} FF - Ext: Yahoo! Mail Notifier: {89f8dde0-010a-11da-8cd6-0800200c9a66} - %profile%\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-22 01:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\system32\WinFLdrv.sys 17984 bytes executable c:\windows\system32\sys_drv.dat 7028 bytes c:\windows\system32\sys_drv_2.dat 6024 bytes . scan completed successfully hidden files: 3 . ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):9f,7e,e7,0a,af,4b,e5,d8,5d,94,ed,6d,b2,d1,4e,95,9b,70,7c,22,ac, f6,be,10,20,ce,b1,88,4f,3d,be,c8,dc,af,88,34,ce,c8,c0,88,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{aab7dbe5-2a1a-404b-a092-ce285fd89c9e}] @Denied: (Full) (Everyone) "Model"=dword:00000081 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2976) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll d:\krekovani programi\Internet_Download_Manager_v6.04.2_strike(zabranjeno).info\Internet Download Manager v6.04.2\(zabranjeno)\IDMShellExt.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\fpplock.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe . ************************************************************************ . Completion time: 2011-08-22 01:05:00 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-21 23:04 ComboFix2.txt 2011-08-20 15:09 . Pre-Run: 8,455,069,696 bytes free Post-Run: 8,544,456,704 bytes free . - - End Of File - - 212B5E8A0B049618FAC977D0A5FBB67F

Profil

1l padr1n0 Poslao: 22 Avg 2011 01:25 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Upali Firewall. Start -> Control Panel -> Windows Firewall -> ON Preuzmi sledeci regfix fajl na Desktop, desni klik na njega, izaberi opciju Merge i potvrdi sa Yes. https://www.mycity.rs/must-login.png Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). Kakvo je sada stanje sistema? goran9888 (AMF Tim)

Profil

dejanod Poslao: 22 Avg 2011 17:23 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 22 Avg 2011 1:28 Sada mogu na facebook, da idem, i dobro je ,nije kao prekjuce.A ovo cu ujutru odraditi, i dostavljam izvestaj.Hvala , Gorane 988, ujutru dostavljam, izvestaje. Dopuna: 22 Avg 2011 17:23 Evo Gorane 988.Odradio sam sve, po upustvu. https://www.mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 22 Avg 2011 17:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: dejanod :: Evo Gorane 988.Odradio sam sve, po upustvu. https://www.mycity.rs/must-login.png Nisi. Postavio si mi ComboFix izvestaj a ja sam ti trazio MBAM izvestaj. Procitaj moju prethodnu poruku detaljno. goran9888 (AMF Tim)

Profil

dejanod Poslao: 23 Avg 2011 07:22 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png Evo Gorane 988, i izvinjenje tebi, zbog moje greske.Izvinjavam ti se, izvoli.

Profil

1l padr1n0 Poslao: 23 Avg 2011 11:18 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje sistema? goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pomoc sto pre ,molim vas,virus preko facebooka

Ko je trenutno na forumu

Ukupno su 845 korisnika na forumu :: 19 registrovanih, 6 sakrivenih i 820 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: avijacija, bbogdan, Bobrock1, Boris90, cavatina, darionis, Karla, kolle.the.kid, Kriglord, Krusarac, ljiljak, menges, milenko crazy north, Milometer, ruma, stegonosa, time, tomigun, Viktor Petrenko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by