MyCity » Ambulanta -> Arhiva Ambulante » problemcici

problemcici

Napisano na dan: 22.12.2008

problemcici

Sledeća strana

Pagination

Odgovori

ogla Poslao: 22 Dec 2008 22:23 Idi na vrh
offline ogla Novi MyCity građanin Pridružio: 22 Dec 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:54:43, on 22.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20935) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Conexant\Adsl\dslstat.exe C:\Program Files\Conexant\Adsl\dslagent.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\HiYo\bin\HiYo.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\olga\Desktop\New Folder (2)\jok.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [Windows Media Player] C:\Program Files\Windows Media Player\wmplayer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9AE27C-EDE9-44E1-9766-99DACF9EBCF2}: NameServer = 77.105.0.19 77.105.0.18 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/olga/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg -- End of file - 7889 bytes a evo i mycity.rs/must-login.png kao i mycity.rs/must-login.png hvala Dopuna: 22 Dec 2008 22:23 pomoc za ubrzanje racunara, to je ono zbog cega je sve ovo gore uradjeno. Ako neko moze iz predhodnog sadrzaja da provali o cemu se tu radi i ima li problema uopste. Unapred zahvalna

Profil

dr_Bora Poslao: 22 Dec 2008 23:22 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

ogla Poslao: 23 Dec 2008 00:16 Idi na vrh
offline ogla Novi MyCity građanin Pridružio: 22 Dec 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-21.04 - olga 2008-12-23 0:01:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.170 [GMT 1:00] Running from: c:\documents and settings\olga\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\00293428.urr c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\00025EA0 c:\program files\MyWebSearch\bar\Cache\007C19A7.bin c:\program files\MyWebSearch\bar\Cache\007C1D7F.bin c:\program files\MyWebSearch\bar\Cache\007C1FA2.bin c:\program files\MyWebSearch\bar\Cache\007C21F4.bin c:\program files\MyWebSearch\bar\Cache\007C23C9 c:\program files\MyWebSearch\bar\Cache\0080C67D.bin c:\program files\MyWebSearch\bar\Cache\0080C94C.bin c:\program files\MyWebSearch\bar\Cache\0080CCA8.bin c:\program files\MyWebSearch\bar\Cache\0080D041.bin c:\program files\MyWebSearch\bar\Cache\0080D4D5.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm c:\program files\MyWebSearch\bar\Message\COMMON\center.htm c:\program files\MyWebSearch\bar\Message\COMMON\index.htm c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\bar\Settings\setting2.htm c:\program files\MyWebSearch\bar\Settings\settings.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL c:\windows\system32\f3PSSavr.scr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 ))))))))))))))))))))))))))))))) . 2008-12-22 20:36 . 2008-12-22 20:36 250 --a------ c:\windows\gmer.ini 2008-12-19 04:57 . 2008-12-19 04:57 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-12-19 04:57 . 2008-12-19 04:57 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-12-19 04:56 . 2008-12-19 04:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-19 04:56 . 2008-12-23 00:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-19 04:56 . 2008-12-23 00:03 2,469,408 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-19 04:56 . 2008-12-23 00:03 221,216 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-19 04:56 . 2008-12-23 00:03 21,420 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-19 04:56 . 2008-12-23 00:03 2,884 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-11-26 15:12 . 2008-11-26 15:13 <DIR> d-------- c:\documents and settings\olga\Application Data\Media Player Classic 2008-11-25 23:38 . 2008-11-25 23:38 <DIR> d-------- c:\documents and settings\olga\Application Data\HiYo 2008-11-25 23:36 . 2008-11-25 23:36 <DIR> d-------- c:\program files\HiYo 2008-11-25 23:36 . 2008-11-25 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HiYo 2008-11-23 19:56 . 2008-11-23 19:56 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-23 19:49 . 2008-11-23 19:49 <DIR> d-------- c:\documents and settings\olga\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1 2008-11-23 19:34 . 2008-11-23 19:34 <DIR> d-------- c:\program files\Babuki . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 17:04 --------- d-----w c:\documents and settings\olga\Application Data\VersionTracker Pro 2008-12-19 03:56 --------- d-----w c:\program files\Kaspersky Lab 2008-12-19 03:28 --------- d-----w c:\program files\Eset 2008-12-12 14:37 --------- d-----w c:\program files\FlashGet 2008-12-10 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-26 14:19 --------- d-----w c:\program files\MicroDVD 2008-11-13 13:11 --------- d-----w c:\program files\Microsoft Office Outlook Connector 2008-11-13 13:09 --------- d-----w c:\program files\MSECache 2008-11-13 13:05 --------- d-----w c:\documents and settings\olga\Application Data\Talkback 2008-11-12 21:02 --------- d-----w c:\program files\Common Files\Adobe 2008-11-12 20:57 --------- d-----w c:\program files\adobe dream 2008-11-12 20:12 --------- d-----w c:\program files\AskTBar 2008-11-12 19:59 --------- d-----w c:\program files\MSXML 4.0 2008-11-12 19:27 --------- d-----w c:\documents and settings\olga\Application Data\Windows Live Writer 2008-11-12 19:25 --------- d-----w c:\program files\Opera 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat 2008-11-10 20:14 --------- d-----w c:\program files\Common Files\Real 2008-11-08 21:06 --------- d-----w c:\program files\Foxit Software 2008-10-31 16:39 --------- d-----w c:\program files\Bonjour 2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:51 284,160 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:24 827,904 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-04-05 15:26 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-02-10 14:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 196864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064] "DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536] "Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2008-12-10 300336] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "My Web Search Bar Search Scope Monitor"="c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w "MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF "HiYo"=c:\program files\HiYo\bin\HiYo.exe /RunFromStartup "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\kav\\kav7.0\\english\\setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 11:47] . - - - - ORPHANS REMOVED - - - - BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL BHO-{07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {7C9AE27C-EDE9-44E1-9766-99DACF9EBCF2} = 77.105.0.19 77.105.0.18 Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll FF - ProfilePath - c:\documents and settings\olga\Application Data\Mozilla\Firefox\Profiles\rlag9gwq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-23 00:06:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3736) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Windows Live\Messenger\msnmsgr.exe . ************************************************************************ . Completion time: 2008-12-23 0:08:50 - machine was rebooted [olga] ComboFix-quarantined-files.txt 2008-12-22 23:08:07 Pre-Run: 31,351,570,432 bytes free Post-Run: 31,392,636,928 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 302 --- E O F --- 2008-12-19 02:01:13 Nadam se da je uspelo. poz

Profil

dr_Bora Poslao: 23 Dec 2008 14:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "My Web Search Bar Search Scope Monitor"=- "MyWebSearch Plugin"=- IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

ogla Poslao: 23 Dec 2008 17:16 Idi na vrh
offline ogla Novi MyCity građanin Pridružio: 22 Dec 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-21.04 - olga 2008-12-23 16:58:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.253 [GMT 1:00] Running from: c:\documents and settings\olga\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\olga\Desktop\CFScript.txt * Created a new restore point FILE :: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 ))))))))))))))))))))))))))))))) . 2008-12-23 16:56 . 2008-12-23 16:57 <DIR> d----c--- C:\32788R22FWJFW 2008-12-22 20:36 . 2008-12-22 20:36 250 --a------ c:\windows\gmer.ini 2008-12-19 04:57 . 2008-12-19 04:57 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-12-19 04:57 . 2008-12-19 04:57 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-12-19 04:56 . 2008-12-19 04:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-19 04:56 . 2008-12-23 10:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-19 04:56 . 2008-12-23 02:48 2,469,408 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-19 04:56 . 2008-12-23 16:57 229,408 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-19 04:56 . 2008-12-23 02:48 21,420 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-19 04:56 . 2008-12-23 16:57 2,912 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-11-26 15:12 . 2008-11-26 15:13 <DIR> d-------- c:\documents and settings\olga\Application Data\Media Player Classic 2008-11-25 23:38 . 2008-11-25 23:38 <DIR> d-------- c:\documents and settings\olga\Application Data\HiYo 2008-11-25 23:36 . 2008-11-25 23:36 <DIR> d-------- c:\program files\HiYo 2008-11-25 23:36 . 2008-11-25 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HiYo 2008-11-23 19:56 . 2008-11-23 19:56 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-23 19:49 . 2008-11-23 19:49 <DIR> d-------- c:\documents and settings\olga\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1 2008-11-23 19:34 . 2008-11-23 19:34 <DIR> d-------- c:\program files\Babuki . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 17:04 --------- d-----w c:\documents and settings\olga\Application Data\VersionTracker Pro 2008-12-19 03:56 --------- d-----w c:\program files\Kaspersky Lab 2008-12-19 03:28 --------- d-----w c:\program files\Eset 2008-12-12 14:37 --------- d-----w c:\program files\FlashGet 2008-12-10 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-26 14:19 --------- d-----w c:\program files\MicroDVD 2008-11-13 13:11 --------- d-----w c:\program files\Microsoft Office Outlook Connector 2008-11-13 13:09 --------- d-----w c:\program files\MSECache 2008-11-13 13:05 --------- d-----w c:\documents and settings\olga\Application Data\Talkback 2008-11-12 21:02 --------- d-----w c:\program files\Common Files\Adobe 2008-11-12 20:57 --------- d-----w c:\program files\adobe dream 2008-11-12 20:12 --------- d-----w c:\program files\AskTBar 2008-11-12 19:59 --------- d-----w c:\program files\MSXML 4.0 2008-11-12 19:27 --------- d-----w c:\documents and settings\olga\Application Data\Windows Live Writer 2008-11-12 19:25 --------- d-----w c:\program files\Opera 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat 2008-11-10 20:14 --------- d-----w c:\program files\Common Files\Real 2008-11-08 21:06 --------- d-----w c:\program files\Foxit Software 2008-10-31 16:39 --------- d-----w c:\program files\Bonjour 2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:51 284,160 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:24 827,904 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-04-05 15:26 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-02-10 14:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-23_ 0.07.22.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-22 23:04:11 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-23 09:37:35 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-22 23:04:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-23 09:37:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-12-22 23:04:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-23 09:37:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-23 08:19:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_508.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 196864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064] "DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536] "Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2008-12-10 300336] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HiYo"=c:\program files\HiYo\bin\HiYo.exe /RunFromStartup "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\kav\\kav7.0\\english\\setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 11:47] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {7C9AE27C-EDE9-44E1-9766-99DACF9EBCF2} = 77.105.0.18 77.105.0.19 Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll FF - ProfilePath - c:\documents and settings\olga\Application Data\Mozilla\Firefox\Profiles\rlag9gwq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-23 17:03:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-12-23 17:04:57 ComboFix-quarantined-files.txt 2008-12-23 16:04:52 ComboFix2.txt 2008-12-22 23:08:51 Pre-Run: 31.361.712.128 bytes free Post-Run: 31,351,996,416 bytes free 184 --- E O F --- 2008-12-19 02:01:13 Obavila. Hvala

Profil

dr_Bora Poslao: 23 Dec 2008 20:12 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi svež HijackThis logfile i reci mi kakvo je sada stanje.

Profil

ogla Poslao: 23 Dec 2008 20:48 Idi na vrh
offline ogla Novi MyCity građanin Pridružio: 22 Dec 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-21.04 - olga 2008-12-23 16:58:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.253 [GMT 1:00] Running from: c:\documents and settings\olga\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\olga\Desktop\CFScript.txt * Created a new restore point FILE :: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 ))))))))))))))))))))))))))))))) . 2008-12-23 16:56 . 2008-12-23 16:57 <DIR> d----c--- C:\32788R22FWJFW 2008-12-22 20:36 . 2008-12-22 20:36 250 --a------ c:\windows\gmer.ini 2008-12-19 04:57 . 2008-12-19 04:57 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-12-19 04:57 . 2008-12-19 04:57 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-12-19 04:56 . 2008-12-19 04:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-19 04:56 . 2008-12-23 10:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-19 04:56 . 2008-12-23 02:48 2,469,408 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-19 04:56 . 2008-12-23 16:57 229,408 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-19 04:56 . 2008-12-23 02:48 21,420 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-19 04:56 . 2008-12-23 16:57 2,912 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-11-26 15:12 . 2008-11-26 15:13 <DIR> d-------- c:\documents and settings\olga\Application Data\Media Player Classic 2008-11-25 23:38 . 2008-11-25 23:38 <DIR> d-------- c:\documents and settings\olga\Application Data\HiYo 2008-11-25 23:36 . 2008-11-25 23:36 <DIR> d-------- c:\program files\HiYo 2008-11-25 23:36 . 2008-11-25 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HiYo 2008-11-23 19:56 . 2008-11-23 19:56 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-23 19:49 . 2008-11-23 19:49 <DIR> d-------- c:\documents and settings\olga\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1 2008-11-23 19:34 . 2008-11-23 19:34 <DIR> d-------- c:\program files\Babuki . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 17:04 --------- d-----w c:\documents and settings\olga\Application Data\VersionTracker Pro 2008-12-19 03:56 --------- d-----w c:\program files\Kaspersky Lab 2008-12-19 03:28 --------- d-----w c:\program files\Eset 2008-12-12 14:37 --------- d-----w c:\program files\FlashGet 2008-12-10 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-26 14:19 --------- d-----w c:\program files\MicroDVD 2008-11-13 13:11 --------- d-----w c:\program files\Microsoft Office Outlook Connector 2008-11-13 13:09 --------- d-----w c:\program files\MSECache 2008-11-13 13:05 --------- d-----w c:\documents and settings\olga\Application Data\Talkback 2008-11-12 21:02 --------- d-----w c:\program files\Common Files\Adobe 2008-11-12 20:57 --------- d-----w c:\program files\adobe dream 2008-11-12 20:12 --------- d-----w c:\program files\AskTBar 2008-11-12 19:59 --------- d-----w c:\program files\MSXML 4.0 2008-11-12 19:27 --------- d-----w c:\documents and settings\olga\Application Data\Windows Live Writer 2008-11-12 19:25 --------- d-----w c:\program files\Opera 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat 2008-11-10 20:14 --------- d-----w c:\program files\Common Files\Real 2008-11-08 21:06 --------- d-----w c:\program files\Foxit Software 2008-10-31 16:39 --------- d-----w c:\program files\Bonjour 2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:51 284,160 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:24 827,904 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-04-05 15:26 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-02-10 14:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-23_ 0.07.22.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-22 23:04:11 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-23 09:37:35 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-22 23:04:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-23 09:37:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-12-22 23:04:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-23 09:37:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-23 08:19:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_508.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 196864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064] "DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536] "Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2008-12-10 300336] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HiYo"=c:\program files\HiYo\bin\HiYo.exe /RunFromStartup "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\kav\\kav7.0\\english\\setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 11:47] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {7C9AE27C-EDE9-44E1-9766-99DACF9EBCF2} = 77.105.0.18 77.105.0.19 Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll FF - ProfilePath - c:\documents and settings\olga\Application Data\Mozilla\Firefox\Profiles\rlag9gwq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-23 17:03:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-12-23 17:04:57 ComboFix-quarantined-files.txt 2008-12-23 16:04:52 ComboFix2.txt 2008-12-22 23:08:51 Pre-Run: 31.361.712.128 bytes free Post-Run: 31,351,996,416 bytes free 184 --- E O F --- 2008-12-19 02:01:13 evo sveze, stanje brzine je brzo ;-) Dopuna: 23 Dec 2008 20:48 I naravno, hvala, hvala na svemu: vremenu, trudu,.... Pozdrav

Profil

dr_Bora Poslao: 23 Dec 2008 22:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tražih HijackThis logfile... Anyway... Pokreni program HijackThis, klikni Do a system scan only i čekiraj kućicu ispred sledeće linije (ukoliko postoji): O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 a zatim klikni Fix checked. Nakon toga: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore I to bi bilo sve; na tvom kompjuteru više ne bi trebalo biti malware-a.

Profil

ogla Poslao: 23 Dec 2008 23:07 Idi na vrh
offline ogla Novi MyCity građanin Pridružio: 22 Dec 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! aha, pa nagovestila sam ja da sam glupa, evo uradila sam sve sto je slikom i slovom bilo opisano. I naravno, ponovo HVALA ;-)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problemcici

Ko je trenutno na forumu

Ukupno su 1078 korisnika na forumu :: 37 registrovanih, 8 sakrivenih i 1033 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, Alibaba1981, amaterSRB, babaroga, Bickoooo, Bobrock1, bojan_t, comi_pfc, DejanCG, Denaya, DPera, draganl, dragoljub11987, Dzoni90, GORDI, Haris, Joja, JOntra, kybonacci, mercedesamg, milimoj, nazgul75, nemkea71, oldtimer, Povratak1912, procesor, sabros, solic, Srki94, Srle993, Tvrtko I, uruk, vasa.93, vaso1, VJ, zodiac94, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by