Problem sa ulaskom na internet :: Pc Klinika ~ Doktori za vas kompjuter

Toolbar

Pravilnik foruma

Burek marketing

Najčešća pitanja

Posetite Burek Prodavnicu

Zatvori

BUREK marketing

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: Problem sa ulaskom na internet (Moderatori: enaB, chelavi1)

Trenutno vreme je: 28. Apr 2024, 17:27:53

Korisnici koji su trenutno na forumu 0 članova i 1 gost pregledaju ovu temu.

Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu!

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Stranice:

3 4

Tema: Problem sa ulaskom na internet (Pročitano 7241 puta)

Just Another Boy

Poruka #10

06. Avg 2011, 18:56:26

Svakodnevni prolaznik

Zodijak
Pol
Poruke	263
Zastava

	Windows XP
	Opera 11.50

@Bazuka Jo, u redu, uradicu to sto si rekao.
Kada sam tek prikljucio net, koristio sam Internet Explorer, ali kratko vrijeme. Onda sam presao na Google Chrome, a nakon njega na Operu jer mi nekako najvise odgovara.
Javicu rezultate kad odradim to sto si rekao.

Pokusao sam to sto si rekao, ali nije uspjelo. Kada sam pokusao da nalijepim taj fajl sto si mi rekao skinem, pisalo mi je da vec postoji fajl sa takvim imenom. Na pitanje da li zelim zamijeniti postojeci fajl sa tim, kliknuo sam na Yes, ali nije moglo, pojavio se eror. Pise: Cannot copy hosts: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.

« Poslednja izmena: 06. Avg 2011, 19:02:51 od Just Another Boy »

IP sačuvana

Zatvori

genije1

Poruka #11

06. Avg 2011, 20:45:42

Jet set burekdzija

Zodijak
Pol
Poruke	7657

	Windows 7
	Mozilla Firefox 5.0

Posto nemam mnogo vremena,deluj odmah po uputstvu

Preuzmi DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds,kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt
Oba izvestaja sacuvaj na Desktop.
Kopiraj mi DDS.txt uz poruku

IP sačuvana

Zatvori

Just Another Boy

Poruka #12

06. Avg 2011, 21:13:18

Svakodnevni prolaznik

Zodijak
Pol
Poruke	263
Zastava

	Windows XP
	Opera 11.50

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Home at 21:05:26 on 2011-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.387.1033.18.503.59 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = hxxp://www.google.com/
uSearch Page = ${URL_SEARCHPAGE}
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = hxxp://www.google.com/
mSearch Page = ${URL_SEARCHPAGE}
uURLSearchHooks: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\tbFre0.dll
uURLSearchHooks: H - No File
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof0.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof0.dll
BHO: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\tbFre0.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\tbFre0.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - No File
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
TB: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No File
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [UberIcon] "c:\program files\windows7\ubericon\UberIcon Manager.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5452040B-9FCA-4103-A26A-C0AE309F372B} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: ???????????????????????????
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\home\application data\mozilla\firefox\profiles\unai0ig2.default\extensions\{e776fbbe-9f00-456f-9278-478f134d35c0}\plugins\npChameleonTomToolbar.dll
FF - plugin: c:\documents and settings\home\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\home\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - c:\program files\mozilla firefox\extensions\ffxtlbr@Facemoods.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - %profile%\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-9-18 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-9-18 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-19 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-18 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-18 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-18 42184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-6 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-6 22712]
S1 ntiomin;ntiomin;

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-6 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-6 135664]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys --> c:\windows\system32\drivers\idmtdi.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-6 41272]
.
=============== Created Last 30 ================
.
2011-08-06 19:00:54   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2011-08-06 18:41:44   --------   d-----w-   c:\documents and settings\home\application data\Malwarebytes
2011-08-06 18:41:31   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-06 18:41:30   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-08-06 18:41:24   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-06 18:41:24   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-08-02 10:58:43   --------   d-----w-   c:\program files\URUSoft
2011-07-28 07:58:20   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-25 11:14:28   --------   d-----w-   c:\documents and settings\all users\application data\YouTube Downloader
2011-07-15 17:06:28   53760   -c--a-w-   c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-15 17:06:28   53760   ----a-w-   c:\windows\system32\vfwwdm32.dll
2011-07-15 17:06:27   20992   ----a-w-   c:\windows\system32\dshowext.ax
2011-07-15 17:06:27   121984   -c--a-w-   c:\windows\system32\dllcache\usbvideo.sys
2011-07-15 17:06:27   121984   ----a-w-   c:\windows\system32\drivers\usbvideo.sys
2011-07-13 13:01:26   --------   d-----w-   c:\program files\FreeTime
2011-07-13 12:36:48   --------   d-----w-   c:\documents and settings\home\application data\streamWriter
.
==================== Find3M ====================
.
2011-07-06 11:01:54   43520   ----a-w-   c:\windows\system32\CmdLineExt03.dll
2011-07-04 11:43:53   40112   ----a-w-   c:\windows\avastSS.scr
2011-07-04 11:36:43   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2007-01-24 13:21:42   77160   ----a-w-   c:\program files\DSETUP.dll
2007-01-24 13:21:42   1673576   ----a-w-   c:\program files\dsetup32.dll
.
============= FINISH: 21:12:07,15 ===============

Eto..

IP sačuvana

Zatvori

genije1

Poruka #13

07. Avg 2011, 06:41:32

Jet set burekdzija

Zodijak
Pol
Poruke	7657

	Windows 7
	Mozilla Firefox 5.0

Oprosti sto si cekao...
DDS log je cist...mi bi sad tu morali da odradimo i neki rootkit scan tj. analizu ali preskocicemo to ovaj put Smile

hosts jeste izmenjen ali najverovatnije od strane nekog security softwera koji je bio instlairan jer su ti sajtovi stvarno maliciozni.

>> Ipak okaci mi i attach.txt log uz poruku

Ukoliko ipak zelis da resetujes hosts na default,moras to ovako:

http://www.funkytoad.com/download/HostsXpert.zip
Pokreni HostsXpert

Klikni na Make ReadOnly?
klikni na Make Writable (ako je dostupan)
Klikni na Restore MS Hosts File pa Ok

Zatvori program

.......................................................................................
Nije zgoreg i ovo odraditi ...

Preuzmi ATF Cleaner
http://www.geekstogo.com/forum/files/file/21-atf-cleaner/
Pokreni program,stikliraj sve >> klik na Emty Select

Preuzmi TFC
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Pokreni ga klik na Start >> restart kompa

..................

Start >> Run >> Control panel >> add or remove program
Deisntaliraj sve sto ima naziv u sebi toolbar

Posle toga VitRegistryFix
http://www.softpedia.com/get/Tweak/Registry-Tweak/Vit-Registry-Fix.shtml

« Poslednja izmena: 07. Avg 2011, 06:42:56 od genije1 »

IP sačuvana

Zatvori

Just Another Boy

Poruka #14

07. Avg 2011, 12:48:04

Svakodnevni prolaznik

Zodijak
Pol
Poruke	263
Zastava

	Windows XP
	Opera 11.50

Evo Attach:

.
==== Hosts File Hijack ======================
.
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 173.232.108.157 www.google.com
Hosts: 173.232.108.157 google.com
Hosts: 173.232.108.157 google.com.au
Hosts: 173.232.108.157 www.google.com.au
Hosts: 173.232.108.157 google.be
Hosts: 173.232.108.157 www.google.be
Hosts: 173.232.108.157 google.com.br
Hosts: 173.232.108.157 www.google.com.br
Hosts: 173.232.108.157 google.ca
Hosts: 173.232.108.157 www.google.ca
Hosts: 173.232.108.157 google.ch
Hosts: 173.232.108.157 www.google.ch
Hosts: 173.232.108.157 google.de
Hosts: 173.232.108.157 www.google.de
Hosts: 173.232.108.157 google.dk
Hosts: 173.232.108.157 www.google.dk
Hosts: 173.232.108.157 google.fr
Hosts: 173.232.108.157 www.google.fr
Hosts: 173.232.108.157 google.ie
Hosts: 173.232.108.157 www.google.ie
Hosts: 173.232.108.157 google.it
Hosts: 173.232.108.157 www.google.it
Hosts: 173.232.108.157 google.co.jp
Hosts: 173.232.108.157 www.google.co.jp
Hosts: 173.232.108.157 google.nl
Hosts: 173.232.108.157 www.google.nl
Hosts: 173.232.108.157 google.no
Hosts: 173.232.108.157 www.google.no
Hosts: 173.232.108.157 google.co.nz
Hosts: 173.232.108.157 www.google.co.nz
Hosts: 173.232.108.157 google.pl
Hosts: 173.232.108.157 www.google.pl
Hosts: 173.232.108.157 google.se
Hosts: 173.232.108.157 www.google.se
Hosts: 173.232.108.157 google.co.uk
Hosts: 173.232.108.157 www.google.co.uk
Hosts: 173.232.108.157 google.co.za
Hosts: 173.232.108.157 www.google.co.za
Hosts: 173.232.108.157 www.google-analytics.com
Hosts: 173.232.108.157 www.bing.com
Hosts: 173.232.108.157 search.yahoo.com
Hosts: 173.232.108.157 www.search.yahoo.com
Hosts: 173.232.108.157 uk.search.yahoo.com
Hosts: 173.232.108.157 ca.search.yahoo.com
Hosts: 173.232.108.157 de.search.yahoo.com
Hosts: 173.232.108.157 fr.search.yahoo.com
Hosts: 173.232.108.157 au.search.yahoo.com
Hosts: 74.125.45.100 4-open-davinci.com
.
==== Installed Programs ======================
.
.
µTorrent
181924
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
AGEIA PhysX v7.09.13
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AssaultCube v1.0
avast! Free Antivirus
CCleaner
DAEMON Tools
Dany's Virtual Drum 2
DivX Setup
ebgcInfra
ebgcRes
ebgcSDK
FormatFactory 2.70
Free_Lunch_Design Toolbar
Futuremark SystemInfo
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Pro 5.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Extreme Graphics 2 Driver
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Codec Pack 4.1.7 (Full)
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware verzija 1.51.1.1800
Mega Manager
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.10)
Nero 8 Micro v8.0.3.0
OpenAL
Opera 11.50
PhotoScape
Picasa 3
RealUpgrade 1.0
Skype™ 5.3
Softonic-Eng7 Toolbar
Subtitle Workshop 2.51
ToggleEN Toolbar
Update for Windows XP (KB898461)
vanBasco's Karaoke Player
VC80CRTRedist - 8.0.50727.4053
Vodafone 804SS USB driver Software
WebFldrs XP
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
WinRAR archiver
WinZip 11.1
WORLD SOCCER WINNING ELEVEN 8 INTERNATIONAL
YouTube Downloader 3.2
.
==== End Of File ===========================

Sto se tice resetovanja hosts-a, nisam uspio. Kada sam na kraju kliknuo na OK, pojavio se error.

Deinstalirao sam sve sto u sebi ima naziv toolbar, ali "Free_Lunch_Design Toolbar" nece da se deistalira. Pokusao sam ga deinstalirati preko CCleaner-a, ali nece ni tamo, a kad kliknem da ga obrisem, pise da je i dalje istaliran. Da ga ipak obisem?

IP sačuvana

Zatvori

genije1

Poruka #15

07. Avg 2011, 14:19:46

Jet set burekdzija

Zodijak
Pol
Poruke	7657

	Windows 7
	Mozilla Firefox 5.0

Ok, attach log ipak pokazuje maliciozne unose...

Odradi sledece:

* Preuzmi ComboFix program na Desktop.
Poseti ovu stranicu za download linki Uputstvo za koriscenje Combofix programa:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Privremeno iskljuci svoj AntiVirus program.
Poseti ovu stranicu za uputstvo:
http://www.bleepingcomputer.com/forums/topic114351.html
ili
http://www.mycity.rs/Uputstva/Iskljucivanje-zastitnog-softvera.html

* Pokreni Combofix i klikni na I Agree
Kad alat zavrsi skeniranje otvorice notepad sa izvestajem (log).
Okaci uz poruku CF log ( Pregled poruke >> dodatne opcije >> browse ) (tipicna lokacija loga: C:\ComboFix.txt)

IP sačuvana

Zatvori

Just Another Boy

Poruka #16

07. Avg 2011, 16:20:28

Svakodnevni prolaznik

Zodijak
Pol
Poruke	263
Zastava

	Windows XP
	Opera 11.50

Uradio sam sta si rekao i kad sam kliknuo na Operu, normalno se otvorila pocetna stranica, a i cini mi se da brze radi.
Hocu sad ukljuciti antivirus ili da ga jos ostavim iskljucenog?
Sto se tice ComboFix-a, je l' moze ostati ovako na desktopu ili bih ga trebao obrisati?

Evo ovo sto si rekao da ti kopiram:

ComboFix 11-08-06.02 - Home 07.08.2011 15:49:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.387.1033.18.503.242 [GMT 2:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\8ed687f
c:\documents and settings\All Users\Application Data\8ed687f\83.mof
c:\documents and settings\All Users\Application Data\8ed687f\BackUp\Google Translate Client.lnk
c:\documents and settings\All Users\Application Data\8ed687f\BackUp\Mousotron.lnk
c:\documents and settings\All Users\Application Data\8ed687f\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\8ed687f\BackUp\Vienna Navigator.lnk
c:\documents and settings\All Users\Application Data\8ed687f\mozcrt19.dll
c:\documents and settings\All Users\Application Data\8ed687f\MSE.ico
c:\documents and settings\All Users\Application Data\8ed687f\MSESys\vd952342.bd
c:\documents and settings\All Users\Application Data\8ed687f\sqlite3.dll
c:\documents and settings\Home\Application Data\facemoods.com
c:\documents and settings\Home\Application Data\Local
c:\documents and settings\Home\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\Home\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Home\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Home\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Home\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Home\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Home\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Home\Application Data\PriceGong
c:\documents and settings\Home\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Home\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Home\WINDOWS
c:\program files\autorun.inf
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome.manifest
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Loader.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\prefman.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\utils.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\install.rdf
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\vssver.scc
c:\windows\daemon.dll
c:\windows\system32\f3PSSavr.scr
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_POWERMANAGER
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-06 18:41 . 2011-08-06 18:41   --------   d-----w-   c:\documents and settings\Home\Application Data\Malwarebytes
2011-08-06 18:41 . 2011-07-06 17:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-06 18:41 . 2011-08-06 18:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-06 18:41 . 2011-08-06 18:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-08-06 18:41 . 2011-07-06 17:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-02 10:58 . 2011-08-02 10:58   --------   d-----w-   c:\program files\URUSoft
2011-07-28 07:58 . 2011-07-28 07:58   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-25 11:14 . 2011-07-25 11:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-07-15 17:06 . 2008-04-13 20:42   53760   -c--a-w-   c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-15 17:06 . 2008-04-13 20:42   53760   ----a-w-   c:\windows\system32\vfwwdm32.dll
2011-07-15 17:06 . 2008-04-13 20:42   20992   ----a-w-   c:\windows\system32\dshowext.ax
2011-07-15 17:06 . 2008-04-13 15:16   121984   -c--a-w-   c:\windows\system32\dllcache\usbvideo.sys
2011-07-15 17:06 . 2008-04-13 15:16   121984   ----a-w-   c:\windows\system32\drivers\usbvideo.sys
2011-07-13 13:01 . 2011-07-13 13:01   --------   d-----w-   c:\program files\FreeTime
2011-07-13 12:36 . 2011-07-13 12:48   --------   d-----w-   c:\documents and settings\Home\Application Data\streamWriter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 11:01 . 2011-07-06 11:01   43520   ----a-w-   c:\windows\system32\CmdLineExt03.dll
2011-07-04 11:43 . 2010-06-29 12:30   40112   ----a-w-   c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-05-18 18:17   199304   ----a-w-   c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-19 21:27   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-05-18 18:17   309848   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-05-18 18:17   43608   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-05-18 18:17   102616   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-05-18 18:17   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-05-18 18:17   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-05-18 18:17   30808   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-05-18 18:17   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2007-01-24 13:21 . 2007-01-24 13:21   77160   ----a-w-   c:\program files\DSETUP.dll
2007-01-24 13:21 . 2007-01-24 13:21   1673576   ----a-w-   c:\program files\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-28 09:18 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-28 . AF8ED52D2A32C7729C7F91C72B8CCB10 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-03-20 . 9A8D604748D9FE73B66021E5782A4A3C . 989696 . . [5.1.2600.5508] . . c:\windows\system32\kernel32.dll
.
[7] 2008-04-13 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-03-20 . 1CA39C7E1423FF8821664E0E06FEA55E . 343040 . . [7.0.2600.5508] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll
.
[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll
[-] 2008-03-20 . 31653CDF039C3F415B8D33F2D133E6AB . 1287168 . . [5.1.2600.5508] . . c:\windows\system32\ole32.dll
.
[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-28 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-04-26 . F65795635A4DA985337F1A8C15B42F98 . 2227072 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-04-26 . 46391325B9159057FFFAFCA37A39A669 . 2350208 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2008-04-28 . 66620EE56B0FFB1B267BD24ECF942A9B . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2010-09-10 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2010-09-10 11:45   2735200   ----a-w-   c:\program files\Free_Lunch_Design\tbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2010-09-10 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2010-09-10 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50   21864   ----a-w-   c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]
"UberIcon"="c:\program files\Windows7\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-17 399736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Translate Client.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Mousotron.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Vienna Navigator.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMngr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GizmoDriveDelegate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mousotron
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59   937920   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02   37296   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
2005-11-05 06:10   480256   ----a-w-   c:\program files\Windows7\Analog Clock\AnalogClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-28 09:22   25088   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05   81920   ----a-w-   c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25   1230704   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facebook]
2010-02-08 23:48   558080   ----a-w-   c:\program files\Naevius Facebook Layouts\facebook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47   31016   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-04-01 14:33   77824   ----a-r-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-04-01 14:33   114688   ----a-r-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-04-01 14:33   94208   ----a-r-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KRun]
2007-04-06 14:15   518656   ----a-w-   c:\program files\Windows7\RunMe\RunMe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
2007-09-02 06:12   586240   ----a-w-   c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43   248040   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-06 21:59   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
2005-06-01 15:41   65536   ----a-w-   c:\program files\Windows7\TransBar\TransBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
2006-05-21 03:43   180224   ----a-w-   c:\program files\Windows7\UberIcon\UberIcon Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-04-17 19:52   399736   ----a-w-   c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
2006-11-18 10:31   581632   ----a-w-   c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Visual Task Tips]
2007-09-05 17:20   36352   ----a-w-   c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9/18/2010 11:35 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9/18/2010 11:35 PM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/2/2009 9:44 PM 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/19/2011 11:27 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/18/2010 8:17 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/18/2010 8:17 PM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/6/2011 8:41 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/6/2011 8:41 PM 22712]
S1 ntiomin;ntiomin;

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2010 11:59 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2010 11:59 PM 135664]
S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/6/2011 8:41 PM 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 21:59]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 21:59]
.
2011-08-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-1614895754-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-1614895754-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://www.google.com/
uStart Page = about:blank
mLocal Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\unai0ig2.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - %profile%\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1192a62b-4dbc-4d1f-b54e-d820a1be76be} - (no file)
BHO-{1192a62b-4dbc-4d1f-b54e-d820a1be76be} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
Toolbar-{1192a62b-4dbc-4d1f-b54e-d820a1be76be} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 16:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55a4fe59-115c-40e7-8d9a-86cff63d1d42}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b5
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8e,72,ab,44,67,fe,23,6b,72,19,16,83,2e,48,b6,f2,90,a1,6f,c3,2a,
96,81,37,2a,bd,99,a4,68,cc,aa,8d,8c,c7,40,03,ce,25,6d,fb,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'explorer.exe'(3632)
c:\program files\Windows7\UberIcon\UberIcon.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2011-08-07 16:10:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-07 14:10
.
Pre-Run: 31.162.462.208 bytes free
Post-Run: 31.182.675.968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 345CDDB56AC455907433497CF929C76F

« Poslednja izmena: 07. Avg 2011, 16:22:19 od Just Another Boy »

IP sačuvana

Zatvori

genije1

Poruka #17

07. Avg 2011, 17:58:02

Jet set burekdzija

Zodijak
Pol
Poruke	7657

	Windows 7
	Mozilla Firefox 5.0

Ne brisi nista ,sacekaj da ti pregledam log...a moracemo neke stvari da popravimo i vratimo "nazad" u sistem

>>> Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Kod:

FileLook::
c:\windows\system32\midimap.dll

Snapshot::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=-

KillAll::

File::
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

Firefox::
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\unai0ig2.default\
FF - Ext: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - %profile%\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55a4fe59-115c-40e7-8d9a-86cff63d1d42}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b5
"Therad"=dword:00000015

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8e,72,ab,44,67,fe,23,6b,72,19,16,83,2e,48,b6,f2,90,a1,6f,c3,2a,
96,81,37,2a,bd,99,a4,68,cc,aa,8d,8c,c7,40,03,ce,25,6d,fb,00,00,00,00,00,00,\

Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop

Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe

To ce startovati ComboFix,klikni na I Agree . U toku rada mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)

E sad ovo pazljivo procitaj!!!

Citat

Okaci uz poruku CF log ( Pregled poruke >> dodatne opcije >> browse ) (tipicna lokacija loga: C:\ComboFix.txt)

Okaci mi uz poruku C:\ComboFix notepad kao sto sam napisao uz poruku.

IP sačuvana

Zatvori

genije1

Poruka #18

07. Avg 2011, 18:04:38

Jet set burekdzija

Zodijak
Pol
Poruke	7657

	Windows 7
	Mozilla Firefox 5.0

Da ne zaboravim...
Kada zavrsis sa CF-om ,zajedno sa njegovim logom postavi mi svez Attach.txt log od DDS-a.
Znaci ponovo pokrenes DDS i okacis mi uz poruku Attach.txt log kao i jel svez Combofix.txt log

« Poslednja izmena: 07. Avg 2011, 18:05:17 od genije1 »

IP sačuvana

Zatvori

Just Another Boy

Poruka #19

07. Avg 2011, 21:32:46

Svakodnevni prolaznik

Zodijak
Pol
Poruke	263
Zastava

	Windows XP
	Opera 11.50

Koliko sad ComboFix-u treba da zavrsi ovo. Pise da bi trebalo trajati 10 minuta ili se mozda to vrijeme udupla, medjutim skoro sat vremena stoji:
"Scaning for infected files...
This typically doesn't take more then 10 minutes
However, scan times for badly infected machines may easily double" i nista se ne desava.

IP sačuvana

Zatvori

Stranice:

3 4

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: Problem sa ulaskom na internet (Moderatori: enaB, chelavi1)

Trenutno vreme je: 28. Apr 2024, 17:27:53

Prebaci se na:

Oznake: ageia ukloniti qoobox office idm sqlite3 player download extension sistem
search framework net regsvr32 windovs ulazak real aswsp problemi maknuti

Poslednji odgovor u temi napisan je pre više od 6 meseci.

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Domaci :: Morazzia :: TotalCar :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Alfaprevod

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.