MyCity » Ambulanta -> Arhiva Ambulante » C:\WINDOWS\system32\x

C:\WINDOWS\system32\x

Napisano na dan: 6.2.2009

C:\WINDOWS\system32\x

Sledeća strana

Pagination

Odgovori

dalibor12 Poslao: 06 Feb 2009 10:33 Idi na vrh
offline dalibor12 Novi MyCity građanin Pridružio: 26 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav imam problem vidim da ovde resavete i nemoguce pa rekoh da vas upitam-ovako vec duze vreme ne mogu da obrisem neke viruse sta su vec neznam ni ja koristim avast/Malwarebytes' Anti-Malware/ ali ne pomaze stalno mi avast izbacuje ove poruke C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6AVOXCJO\aepsh[1].bmp C:\WINDOWS\system32\x naravno ja to lepo obrisem ali se ponovo pojave i to stalno na nekih 15 minuta sta da radim a da da postavim i ovo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:25 AM, on 2/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PC Tools Disk Suite\DSService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\system32\java.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DiskSuite] C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BC98E0-1649-40BB-888C-6C6A035FDFAD}: NameServer = 92.60.224.20 92.60.224.30 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: PC Tools Disk Suite (DiskSuiteService) - PC Tools Software - C:\Program Files\PC Tools Disk Suite\DSService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5595 bytes Dopuna: 06 Feb 2009 10:33 Malwarebytes' Anti-Malware 1.33 Database version: 1733 Windows 5.1.2600 Service Pack 2 2/6/2009 10:30:17 AM mbam-log-2009-02-06 (10-30-17).txt Scan type: Quick Scan Objects scanned: 50080 Time elapsed: 2 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Profil

dr_Bora Poslao: 06 Feb 2009 21:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dalibor12 Poslao: 07 Feb 2009 09:08 Idi na vrh
offline dalibor12 Novi MyCity građanin Pridružio: 26 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-06.02 - Administrator 2009-02-07 8:59:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1023.447 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090206-0] On-access scanning disabled (Updated) AV: Avira AntiVir PersonalEdition On-access scanning enabled (Updated) AV: BitDefender Antivirus On-access scanning disabled (Updated) FW: BitDefender Firewall disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-06 22:15 . 2009-02-06 22:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avira 2009-02-06 21:11 . 2009-02-06 21:11 <DIR> d-------- c:\program files\Avira 2009-02-06 21:11 . 2009-02-06 21:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-06 10:23 . 2009-02-06 10:23 <DIR> d-------- c:\program files\Trend Micro 2009-02-05 17:48 . 2009-02-05 17:48 <DIR> d--h----- c:\windows\msdownld.tmp 2009-02-05 17:07 . 2009-02-05 17:07 <DIR> d-------- c:\program files\BFG 2009-02-05 17:07 . 2009-02-05 17:07 <DIR> d-------- c:\program files\Backspin Billiards 2009-02-05 17:07 . 2009-02-05 17:07 737,280 --a------ c:\windows\iun6002.exe 2009-02-05 16:26 . 2009-02-05 16:26 <DIR> d-------- c:\program files\Alawar 2009-02-04 23:24 . 2009-02-04 23:24 <DIR> d-------- c:\program files\Tall Emu 2009-02-04 23:20 . 2009-02-05 14:42 <DIR> d-------- c:\program files\PC Tools Disk Suite 2009-02-04 23:20 . 2009-02-07 04:28 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-04 23:20 . 2009-02-04 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-02-04 22:55 . 2009-02-04 22:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-04 22:55 . 2009-02-04 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-04 22:55 . 2009-02-04 22:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-04 22:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-04 22:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-04 22:18 . 2009-02-04 22:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Thinstall 2009-02-04 16:39 . 2009-02-04 16:40 <DIR> d-------- c:\windows\SxsCaPendDel 2009-02-03 20:49 . 2009-02-03 20:49 <DIR> d-------- c:\windows\system32\LogFiles 2009-02-03 20:45 . 2009-02-06 22:06 <DIR> d-------- c:\documents and settings\Administrator\Tracing 2009-02-03 20:44 . 2009-02-03 20:44 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-02-03 20:44 . 2009-02-03 20:44 <DIR> d-------- c:\program files\Microsoft 2009-02-03 20:31 . 2009-02-03 20:31 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-02-03 19:48 . 2006-11-07 14:58 356,352 --a------ c:\windows\system32\nvunrm.exe 2009-02-03 19:48 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll 2009-02-03 19:48 . 2006-10-19 09:36 3,903 --a------ c:\windows\system32\nvnrm.nvu 2009-02-03 19:29 . 2009-02-03 19:29 <DIR> d-------- c:\windows\ServicePackFiles 2009-02-03 19:29 . 2004-07-17 11:40 19,528 --a------ c:\windows\000001_.tmp 2009-02-03 16:09 . 2009-02-03 16:09 <DIR> dr-h----- c:\documents and settings\Administrator\Application Data\SecuROM 2009-02-03 16:09 . 2009-02-03 16:09 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2009-02-03 16:05 . 2009-02-03 16:05 <DIR> d-------- c:\program files\Microsoft Works 2009-02-03 16:05 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-02-03 16:04 . 2009-02-03 16:04 <DIR> d-------- c:\program files\MSBuild 2009-02-03 16:00 . 2009-02-03 16:04 <DIR> d-------- c:\windows\SHELLNEW 2009-02-03 15:59 . 2009-02-03 16:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-03 15:58 . 2009-02-03 15:58 <DIR> dr-h----- C:\MSOCache 2009-02-03 14:50 . 2009-02-03 15:02 223 --a------ c:\windows\wcx_ftp.ini 2009-02-03 08:00 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll 2009-02-03 08:00 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll 2009-02-03 08:00 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll 2009-02-02 22:29 . 2009-02-02 22:29 850 --a------ c:\windows\system32\ProductTweaks.xml 2009-02-02 22:29 . 2009-02-02 22:29 385 --a------ c:\windows\system32\user_gensett.xml 2009-02-02 22:28 . 2009-02-02 22:28 876 --a------ c:\windows\system32\BDUpdateV1.xml 2009-02-02 21:26 . 2009-02-02 21:26 60 --a------ c:\windows\wininit.ini 2009-02-02 21:23 . 2009-02-06 18:55 <DIR> d-------- c:\program files\Counter-strike 2009-02-02 17:01 . 2009-02-04 16:37 81,984 --a------ c:\windows\system32\bdod.bin 2009-02-02 16:49 . 2009-02-02 16:49 <DIR> d-------- c:\windows\system32\logs 2009-02-02 16:49 . 2009-02-04 16:38 <DIR> d-------- c:\program files\Common Files\BitDefender 2009-02-02 16:49 . 2009-02-04 16:38 <DIR> d-------- c:\program files\BitDefender 2009-02-02 16:49 . 2009-02-02 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender 2009-02-01 20:33 . 2009-02-01 20:33 <DIR> d-------- c:\program files\Java 2009-02-01 20:33 . 2009-02-01 20:33 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-01 20:33 . 2009-02-01 20:33 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-01 20:20 . 2009-02-01 20:20 <DIR> d-------- c:\program files\Alwil Software 2009-02-01 20:02 . 2009-02-01 20:02 <DIR> d-------- C:\jDownloader 2009-02-01 20:01 . 2009-02-03 14:29 <DIR> d-------- C:\YuRecnik 2009-02-01 20:01 . 2009-02-04 23:19 <DIR> d-------- c:\program files\Real Alternative 2009-02-01 20:00 . 2009-02-01 20:00 <DIR> d-------- c:\program files\GRETECH 2009-02-01 20:00 . 2009-02-01 20:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH 2009-02-01 20:00 . 2009-02-01 20:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GRETECH . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 19:45 --------- d-----w c:\program files\Windows Live 2009-02-03 18:46 15,600 ----a-w c:\windows\gdrv.sys 2009-02-03 14:02 --------- d-----w c:\program files\TC UP 2009-02-01 18:54 --------- d-----w c:\program files\The KMPlayer 2009-02-01 18:51 --------- d-----w c:\program files\Winamp 2009-02-01 18:51 --------- d-----w c:\documents and settings\Administrator\Application Data\Winamp 2009-02-01 18:46 --------- d-----w c:\program files\DAEMON Tools Toolbar 2009-02-01 18:46 --------- d-----w c:\program files\DAEMON Tools Lite 2009-02-01 18:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-02-01 18:45 --------- d-----w c:\documents and settings\Administrator\Application Data\DAEMON Tools 2009-02-01 18:41 --------- d-----w c:\program files\Flock 2009-02-01 18:41 --------- d-----w c:\documents and settings\Administrator\Application Data\Flock 2009-02-01 18:38 --------- d-----w c:\documents and settings\Administrator\Application Data\HEXelon 2009-02-01 18:27 315,392 ----a-w c:\windows\HideWin.exe 2009-02-01 18:27 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-01 18:27 --------- d-----w c:\program files\Realtek 2009-02-01 18:27 --------- d-----w c:\program files\DIFX 2009-02-01 18:09 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2009-02-01 18:05 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-01 17:59 --------- d-----w c:\program files\microsoft frontpage 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-01 136600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "DiskSuite"="c:\program files\PC Tools Disk Suite\aDSProcMngr.exe" [2009-02-04 267584] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-03-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0aswBoot.exe /M:13e0c9d9c [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "c:\\Program Files\\Counter-strike\\hl.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\TC UP\\TOTALCMD.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 111184] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-02-06 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-02-06 258305] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-02-06 41217] R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [2009-02-04 845120] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: avsda.dll TCP: {A0BC98E0-1649-40BB-888C-6C6A035FDFAD} = 92.60.224.20 92.60.224.30 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-07 09:00:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(712) c:\windows\system32\avsda.dll . Completion time: 2009-02-07 9:01:25 ComboFix-quarantined-files.txt 2009-02-07 08:01:23 Pre-Run: 93,567,721,472 bytes free Post-Run: 93,560,344,576 bytes free 178

Profil

dr_Bora Poslao: 07 Feb 2009 09:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zamolio bih te da se odlučiš za jedan antivirus - ostale deinstaliraj. Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili. Pitanje: imaš li neki flash drive?

Profil

dalibor12 Poslao: 07 Feb 2009 10:26 Idi na vrh
offline dalibor12 Novi MyCity građanin Pridružio: 26 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ostavio sam samo avas sve mi je jasno ali ovo ne sta znaci to jes sta da radim Ponovi ovo isto sa Autostart Tab-om Dopuna: 07 Feb 2009 10:18 mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 07 Feb 2009 10:19 Pitanje: imaš li neki flash drive? kada bi ja to znao sta je Dopuna: 07 Feb 2009 10:26 a da pre neki dan sam instalirao sistem i nemam flesku nisam isao na one sajtove znaci pojavilo se niodkuda nemogu da ga obrisem nijednim antivirusom mislim on obrise ali se stalno onovo vraca

Profil

dr_Bora Poslao: 07 Feb 2009 10:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa, ovde ne vidim aktivan malware. Napravi screenshot ili prepiši šta tačno bude detektovano; znači, zanima me naziv detekcije i naziv detektovanog file-a. Uputstvo za pravljenje screenshot-a: http://www.mycity.rs/Windows/Pravljenje-screenshota.html

Profil

dalibor12 Poslao: 07 Feb 2009 13:13 Idi na vrh
offline dalibor12 Novi MyCity građanin Pridružio: 26 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! postavicu cim ga ponovo avast pronadje ali bice uskoro sigurno Dopuna: 07 Feb 2009 13:13

Profil

dr_Bora Poslao: 07 Feb 2009 14:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1) Preuzmi i instaliraj zakrpu sa sledećeg linka: http://www.microsoft.com/downloads/details.aspx?fa.....laylang=en ------------------------------------------------------------------------------------- 2) Aktiviraj firewall: Control Panel > Windows Firewall; obeleži On (recommended) i klikni OK. ------------------------------------------------------------------------------------- 3) Preuzmi Dr.Web CureIt (~12 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

Profil

dalibor12 Poslao: 08 Feb 2009 13:41 Idi na vrh
offline dalibor12 Novi MyCity građanin Pridružio: 26 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ovako prvo hvala na trudu odradio sam sve sto si reko i koliko vidim nema vise onih dosadnih poruka da prijavljuje od juce nisam izvrsio ceo skan jer je trajalo 3 sata i nisam imao vise strpljenja da cekam pa sam prekinuo skeniranje pronasao je 10 virusa sta vec sve sam obrisao i sada je sve ok hvalo jos jednom puno hvala

Profil

MyCity » Ambulanta -> Arhiva Ambulante » C:\WINDOWS\system32\x

Ko je trenutno na forumu

Ukupno su 934 korisnika na forumu :: 10 registrovanih, 2 sakrivenih i 922 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., bobomicek, Dimitrise93, Koridor, Milos82, mrav pesadinac, novator, shaja1, vathra, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by