MyCity » Ambulanta -> Arhiva Ambulante » ...KesenjanganSosial.exe i regedit?

...KesenjanganSosial.exe i regedit?

Napisano na dan: 6.5.2009

...KesenjanganSosial.exe i regedit?

Sledeća strana

Pagination

Odgovori

dejan.jrm Poslao: 06 Maj 2009 09:47 Idi na vrh
offline dejan.jrm Građanin Pridružio: 18 Sep 2008 Poruke: 58	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nakon čišćenja virusa ostao je rep od zaraze,tačnije (prijavljuje da Windows ne može da nađe KesenjanganSosial.exe.Kako da ga otkačim u run-u i kako da pokrenem regedit jer mi ne da da uđem već mi daje opciju "otvori pomoću..."? Hijack ne mogu da pokrenem ni regedit čak ni u safe modu...Particije otvaram bez problema.

Profil

dr_Bora Poslao: 06 Maj 2009 13:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Preimenuj HijackThis.exe u tr3.exe pre pokretanja.

Profil

dejan.jrm Poslao: 06 Maj 2009 14:07 Idi na vrh
offline dejan.jrm Građanin Pridružio: 18 Sep 2008 Poruke: 58	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 06 Maj 2009 13:45 Ne mogu da ga preimenujem Dopuna: 06 Maj 2009 13:48 Sve [to probam od aplikacija da otvorim na kompu prikažemi poruku "otvori pomoću".Da se virus nije uvukao u exe. fajlove... Dopuna: 06 Maj 2009 14:07 Ispravka preimenovao sam ga u TR3.exe ali i dalje ne može da ga pokrene i nakon pokretanja daje opciju "otvori pomoću".

Profil

dr_Bora Poslao: 06 Maj 2009 16:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Maj 2009 15:05 Možeš li ovo da pokreneš: https://www.mycity.rs/must-login.png Ako si uspeo, nakon toga bi trebalo da možeš pokretati exe file-ove. Dopuna: 06 Maj 2009 16:16 Šta se dogodi kada klikneš desnim tasterom na exe file (npr. HijackThis)? Koja opcija je default (boldovana)? Postoji li opcija Open u meniju? Radi li kada izabereš Open?

Profil

dejan.jrm Poslao: 07 Maj 2009 13:34 Idi na vrh
offline dejan.jrm Građanin Pridružio: 18 Sep 2008 Poruke: 58	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 07 Maj 2009 10:25 Open je default,postoji kao opcija i kada je pokrenem desnim klikom otvara mi "otvori pomoću". Dopuna: 07 Maj 2009 10:27 Sada ću probati sa Fix exe pa ću ostaviti poruku šta se desilo. Dopuna: 07 Maj 2009 11:58 Isto je i sa Fix exe. Skinuo sam AVG8.5 sa kojim sam skenirao prvi put računar i instalirao Symantec i pokrenuo scan na istom,koji je počeo da nalazi viruse,tačnije "Infostealer".Moguće je da se virus uvukao u exe fajlove pa zbog toga pravi problem. Dopuna: 07 Maj 2009 13:24 Skinuo sam viruse sa Symantecom i pokrenuo Fix exe.Sve radi kako treba.Mnogo hvala Dopuna: 07 Maj 2009 13:34 Za svaki slučaj da ostavim log fajl. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:30:08, on 7.5.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe C:\Program Files\Virtual CD v4\System\vcdsecs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\X\Desktop\TR3.exe\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GlobalCom O1 - Hosts: 61.129.115.198 xldd.com O1 - Hosts: 61.129.115.198 ojiang.com O1 - Hosts: 61.129.115.198 shuixian.net O1 - Hosts: 61.129.115.198 xlarea.com O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [soundmix] C:\WINDOWS\system32\soundmix.exe O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\RakyatKelaparan.exe" O4 - HKLM\..\Run: [System File] C:\WINDOWS\MY DOCUMENTS.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Default User" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tok-Cirrhatus-1002] "C:\Documents and Settings\X\Local Settings\Application Data\br3027on.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ParagrafLexAlarm.lnk = C:\Program Files\ParagrafLex\browser\ParagrafLexAlarm.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - HP - C:\DOCUME~1\X\LOCALS~1\Temp\hpdj.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe O23 - Service: Virtual CD v4 Security service (VCDSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe O24 - Desktop Component 0: (no name) - e-dnevnik.org/sveti-sava.jpg -- End of file - 6677 bytes

Profil

dr_Bora Poslao: 07 Maj 2009 16:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde ima tragova nekoliko infekcija. Ako si raspoložen da ''počistimo''... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Privremeno deaktiviraj antivirus. Startuj ComboFix i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dejan.jrm Poslao: 08 Maj 2009 12:01 Idi na vrh
offline dejan.jrm Građanin Pridružio: 18 Sep 2008 Poruke: 58	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinuo sam AVG i pokrenuo Combo,evo i log ... ComboFix 09-04-27.04 - X 08.05.2009 11:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.59 [GMT 2:00] Running from: c:\documents and settings\X\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-5-8 ))))))))))))))))))))))))))))))) . 2009-05-07 12:04 . 2009-05-07 12:04 -------- d-----w c:\program files\Lavalys 2009-05-07 11:39 . 2009-05-07 11:39 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-07 11:39 . 2009-05-07 11:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 11:39 . 2009-05-07 11:39 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-07 11:39 . 2009-05-07 11:41 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-07 11:39 . 2009-05-07 11:39 -------- d-----w c:\documents and settings\X\Application Data\AVGTOOLBAR 2009-05-07 11:38 . 2009-05-07 11:38 -------- d-----w c:\program files\AVG 2009-05-07 11:38 . 2009-05-08 09:34 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-06 10:19 . 2004-08-04 01:07 31232 -c--a-w c:\windows\system32\dllcache\tools.dll 2009-05-06 10:18 . 2004-08-04 01:07 7680 -c--a-w c:\windows\system32\dllcache\migregdb.exe 2009-05-06 10:17 . 2004-08-04 01:07 18944 -c--a-w c:\windows\system32\dllcache\cprofile.exe 2009-05-06 10:16 . 2003-03-24 14:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe 2009-05-06 10:16 . 2003-03-24 14:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe 2009-05-06 10:16 . 2003-03-24 14:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll 2009-05-06 10:16 . 2004-08-04 01:07 290816 -c--a-w c:\windows\system32\dllcache\adsiis51.dll 2009-05-06 10:16 . 2004-08-04 01:07 43520 -c--a-w c:\windows\system32\dllcache\admwprox.dll 2009-05-06 10:16 . 2003-03-24 14:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe 2009-05-06 10:16 . 2003-03-24 14:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll 2009-05-06 09:56 . 2004-08-04 01:07 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-05-06 09:56 . 2004-08-04 01:07 13312 ----a-w c:\windows\system32\irclass.dll 2009-05-06 09:56 . 2004-08-04 01:07 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-05-06 09:56 . 2004-08-04 01:07 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-05-04 13:40 . 2009-05-04 18:53 -------- d--h--w C:\$AVG8.VAULT$ 2009-05-04 09:03 . 2009-05-04 09:03 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-17-4 2009-05-04 07:36 . 2009-05-04 07:36 6751 ----a-w c:\documents and settings\X\Local Settings\Application Data\Bron.tok.A17.em.bin 2009-05-04 07:12 . 2009-05-04 07:12 -------- d-----w c:\documents and settings\X\Local Settings\Application Data\Bron.tok-17-4 2009-04-28 10:20 . 2009-04-28 10:20 -------- d-----w c:\documents and settings\X\Paragraf-Lex 2009-04-28 10:18 . 2009-04-28 10:18 -------- d-----w c:\documents and settings\X\Local Settings\Application Data\Paragraf-Lex 2009-04-28 08:49 . 2009-04-28 08:50 -------- d-----w c:\program files\ParagrafLex 2009-04-15 09:03 . 2009-04-15 09:03 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-17-15 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-07 11:53 . 2004-06-11 13:29 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-07 11:47 . 2004-06-11 13:35 -------- d-----w c:\program files\Norton SystemWorks 2009-05-07 11:46 . 2004-06-11 13:43 92688 ----a-w c:\documents and settings\X\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-06 10:14 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-06 10:11 . 2004-06-10 11:04 23332 ----a-w c:\windows\system32\emptyregdb.dat 2009-05-04 16:42 . 2004-06-10 13:24 -------- d-----w c:\program files\Serials 2000 2009-04-01 09:13 . 2009-04-01 09:13 47656 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A17.em.bin 2004-10-07 17:04 . 2004-10-07 17:04 56 --sha-r c:\windows\system32\A76EFF3E0E.sys 2004-10-07 17:04 . 2004-10-07 17:04 1682 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-01-07 46592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] "washindex"="c:\program files\Washer\washidx.exe" [2002-07-17 33792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\X\Start Menu\Programs\Startup\ ParagrafLexAlarm.lnk - c:\program files\ParagrafLex\browser\ParagrafLexAlarm.exe [2009-4-28 481779] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-07 11:39 10520 ----a-w c:\windows\system32\avgrsstx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave3"= serwvdrv.dll "wave4"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop(2).ini] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop(2).ini backup=c:\windows\pss\desktop(2).iniCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^X^Start Menu^Programs^Startup^desktop(2).ini] path=c:\documents and settings\X\Start Menu\Programs\Startup\desktop(2).ini backup=c:\windows\pss\desktop(2).iniStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\EIS\\EIS.exe"= "c:\\Program Files\\Internet Explorer\\iexplore.exe"= "c:\\Program Files\\ParagrafLex\\browser\\jre\\bin\\java.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12714:TCP"= 12714:TCP:NortonAV "16843:TCP"= 16843:TCP:NortonAV "12600:TCP"= 12600:TCP:NortonAV "12327:TCP"= 12327:TCP:NortonAV "14785:TCP"= 14785:TCP:NortonAV "13997:TCP"= 13997:TCP:NortonAV "14314:TCP"= 14314:TCP:NortonAV "18442:TCP"= 18442:TCP:NortonAV "15262:TCP"= 15262:TCP:NortonAV "15104:TCP"= 15104:TCP:NortonAV "16722:TCP"= 16722:TCP:NortonAV "16272:TCP"= 16272:TCP:NortonAV "13015:TCP"= 13015:TCP:NortonAV "15859:TCP"= 15859:TCP:NortonAV "18413:TCP"= 18413:TCP:NortonAV "18841:TCP"= 18841:TCP:NortonAV "12239:TCP"= 12239:TCP:NortonAV "17926:TCP"= 17926:TCP:NortonAV "14590:TCP"= 14590:TCP:NortonAV "13144:TCP"= 13144:TCP:NortonAV "15523:TCP"= 15523:TCP:NortonAV "15108:TCP"= 15108:TCP:NortonAV "16533:TCP"= 16533:TCP:NortonAV "12490:TCP"= 12490:TCP:NortonAV "17381:TCP"= 17381:TCP:NortonAV "17676:TCP"= 17676:TCP:NortonAV "14230:TCP"= 14230:TCP:NortonAV "14283:TCP"= 14283:TCP:NortonAV "12957:TCP"= 12957:TCP:NortonAV "15895:TCP"= 15895:TCP:NortonAV "15789:TCP"= 15789:TCP:NortonAV "15155:TCP"= 15155:TCP:NortonAV "14508:TCP"= 14508:TCP:NortonAV "17749:TCP"= 17749:TCP:NortonAV "13093:TCP"= 13093:TCP:NortonAV "15806:TCP"= 15806:TCP:NortonAV "14989:TCP"= 14989:TCP:NortonAV "14449:TCP"= 14449:TCP:NortonAV "16797:TCP"= 16797:TCP:NortonAV "14529:TCP"= 14529:TCP:NortonAV "13805:TCP"= 13805:TCP:NortonAV "12913:TCP"= 12913:TCP:NortonAV "14587:TCP"= 14587:TCP:NortonAV "14450:TCP"= 14450:TCP:NortonAV "14933:TCP"= 14933:TCP:NortonAV "18387:TCP"= 18387:TCP:NortonAV "12849:TCP"= 12849:TCP:NortonAV "17810:TCP"= 17810:TCP:NortonAV "18978:TCP"= 18978:TCP:NortonAV "13670:TCP"= 13670:TCP:NortonAV "13326:TCP"= 13326:TCP:NortonAV "18781:TCP"= 18781:TCP:NortonAV "15816:TCP"= 15816:TCP:NortonAV "17256:TCP"= 17256:TCP:NortonAV "13630:TCP"= 13630:TCP:NortonAV R1 GhPciScan;GhostPciScanner; [x] R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\DRIVERS\vcdmpdrv.sys [2002-05-28 49168] R4 Ltmadoysd;Ltmadoysd; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-07 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-07 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-07 298264] S2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{065a9d56-678a-11dd-8f02-ab70afa4a91e}] \Shell\AutoRun\command - F:\ \Shell\explore\Command - f:\recycler\autorun.exe -ExploreCurDir \Shell\open\Command - f:\recycler\autorun.exe -OpenCurDir [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3ce0e6-4349-11dd-b8cb-d585e6f067d6}] \Shell\Auto\command - F:\AdobeR.exe e \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f81a3d6-0a23-11de-8fb8-80529d841ed1}] \Shell\AutoRun\command - F:\ \Shell\explore\Command - f:\recycler\autorun.exe -ExploreCurDir \Shell\open\Command - f:\recycler\autorun.exe -OpenCurDir [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{725ab6f4-fb21-11dc-b870-b9e2f42888ac}] \Shell\AutoRun\command - F:\ \Shell\explore\Command - f:\recycler\autorun.exe -ExploreCurDir \Shell\open\Command - f:\recycler\autorun.exe -OpenCurDir [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbebaa0-674d-11dc-b7c4-c92540584cd6}] \Shell\Auto\command - F:\AdobeR.exe e \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a213fab2-a21d-11db-b724-e4682f1074d6}] \Shell\Auto\command - F:\AdobeR.exe e \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2bdf4b9-7562-11dc-b7d6-ca3cd61164d6}] \Shell\AutoRun\command - H:\ \Shell\explore\Command - h:\recycler\autorun.exe -ExploreCurDir \Shell\open\Command - h:\recycler\autorun.exe -OpenCurDir [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc9a0dd0-ee03-11dd-8f94-9da08cab68d6}] \Shell\AutoRun\command - F:\ \Shell\explore\Command - f:\recycler\autorun.exe -ExploreCurDir \Shell\open\Command - f:\recycler\autorun.exe -OpenCurDir . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-Tok-Cirrhatus-1002 - c:\documents and settings\X\Local Settings\Application Data\br3027on.exe HKU-Default-Run-Tok-Cirrhatus-1860 - c:\documents and settings\NetworkService\Local Settings\Application Data\br4743on.exe HKU-Default-Run-Tok-Cirrhatus - (no file) Notify-AtiExtEvent - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.krstarica.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://e:\content\include\XPPatchInstaller.CAB . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-08 11:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3956) c:\progra~1\DAP\DAPIE.DLL c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\program files\DAP\DAPIEBar.dll . Completion time: 2009-05-08 11:55 ComboFix-quarantined-files.txt 2009-05-08 09:53 Pre-Run: 17.553.936.384 bytes free Post-Run: 18.173.980.672 bytes free 232 --- E O F --- 2009-03-16 12:50

Profil

dr_Bora Poslao: 08 Maj 2009 15:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface). * Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini i pokreni: http://amf.mycity.rs/personal/dr_Bora/Win32.Rjump_Port_Exception_Cleaner.exe Na kraju rada, program zatvori klikom na Ok. ------------------------------------------------------------------------------------- Obriši verziju ComboFix-a koju imaš i skini najnoviju sa ranije datih linkova. Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\documents and settings\X\Local Settings\Application Data\Bron.tok.A17.em.bin c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A17.em.bin Folder:: c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-17-4 c:\documents and settings\X\Local Settings\Application Data\Bron.tok-17-4 c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-17-15 Driver:: Ltmadoysd Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{065a9d56-678a-11dd-8f02-ab70afa4a91e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3ce0e6-4349-11dd-b8cb-d585e6f067d6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f81a3d6-0a23-11de-8fb8-80529d841ed1}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{725ab6f4-fb21-11dc-b870-b9e2f42888ac}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbebaa0-674d-11dc-b7c4-c92540584cd6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a213fab2-a21d-11db-b724-e4682f1074d6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2bdf4b9-7562-11dc-b7d6-ca3cd61164d6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc9a0dd0-ee03-11dd-8f94-9da08cab68d6}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ------------------------------------------------------------------------------------- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

dejan.jrm Poslao: 08 Maj 2009 17:16 Idi na vrh
offline dejan.jrm Građanin Pridružio: 18 Sep 2008 Poruke: 58	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 08 Maj 2009 17:02 CFLog sa skeniranja ComboFix 09-05-07.A0 - X 08.05.2009 16:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.99 [GMT 2:00] Running from: c:\documents and settings\X\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\X\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) FILE :: c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A17.em.bin c:\documents and settings\X\Local Settings\Application Data\Bron.tok.A17.em.bin . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-17-15 c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-17-4 c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A17.em.bin c:\documents and settings\X\Local Settings\Application Data\Bron.tok-17-4 c:\documents and settings\X\Local Settings\Application Data\Bron.tok.A17.em.bin c:\documents and settings\X\RavMonLog . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Ltmadoysd ((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))))) . 2009-05-07 12:04 . 2009-05-07 12:04 -------- d-----w c:\program files\Lavalys 2009-05-07 11:39 . 2009-05-07 11:39 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-07 11:39 . 2009-05-07 11:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 11:39 . 2009-05-07 11:39 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-07 11:39 . 2009-05-08 10:07 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-07 11:39 . 2009-05-08 14:14 -------- d-----w c:\documents and settings\X\Application Data\AVGTOOLBAR 2009-05-07 11:38 . 2009-05-07 11:38 -------- d-----w c:\program files\AVG 2009-05-07 11:38 . 2009-05-08 10:02 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-06 10:19 . 2004-08-04 01:07 31232 -c--a-w c:\windows\system32\dllcache\tools.dll 2009-05-06 10:18 . 2004-08-04 01:07 7680 -c--a-w c:\windows\system32\dllcache\migregdb.exe 2009-05-06 10:17 . 2004-08-04 01:07 18944 -c--a-w c:\windows\system32\dllcache\cprofile.exe 2009-05-06 10:16 . 2003-03-24 14:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe 2009-05-06 10:16 . 2003-03-24 14:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe 2009-05-06 10:16 . 2003-03-24 14:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll 2009-05-06 10:16 . 2004-08-04 01:07 290816 -c--a-w c:\windows\system32\dllcache\adsiis51.dll 2009-05-06 10:16 . 2004-08-04 01:07 43520 -c--a-w c:\windows\system32\dllcache\admwprox.dll 2009-05-06 10:16 . 2003-03-24 14:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe 2009-05-06 10:16 . 2003-03-24 14:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll 2009-05-06 09:56 . 2004-08-04 01:07 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-05-06 09:56 . 2004-08-04 01:07 13312 ----a-w c:\windows\system32\irclass.dll 2009-05-06 09:56 . 2004-08-04 01:07 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-05-06 09:56 . 2004-08-04 01:07 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-05-04 13:40 . 2009-05-08 11:43 -------- d--h--w C:\$AVG8.VAULT$ 2009-04-28 10:20 . 2009-04-28 10:20 -------- d-----w c:\documents and settings\X\Paragraf-Lex 2009-04-28 10:18 . 2009-04-28 10:18 -------- d-----w c:\documents and settings\X\Local Settings\Application Data\Paragraf-Lex 2009-04-28 08:49 . 2009-04-28 08:50 -------- d-----w c:\program files\ParagrafLex . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-07 11:53 . 2004-06-11 13:29 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-07 11:47 . 2004-06-11 13:35 -------- d-----w c:\program files\Norton SystemWorks 2009-05-07 11:46 . 2004-06-11 13:43 92688 ----a-w c:\documents and settings\X\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-06 10:14 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-06 10:11 . 2004-06-10 11:04 23332 ----a-w c:\windows\system32\emptyregdb.dat 2009-05-04 16:42 . 2004-06-10 13:24 -------- d-----w c:\program files\Serials 2000 2004-10-07 17:04 . 2004-10-07 17:04 56 --sha-r c:\windows\system32\A76EFF3E0E.sys 2004-10-07 17:04 . 2004-10-07 17:04 1682 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-05-08_09.47.35 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-08 14:46 . 2009-05-08 14:46 16384 c:\windows\Temp\Perflib_Perfdata_568.dat + 2008-10-16 12:09 . 2008-10-16 12:09 92696 c:\windows\SoftwareDistribution\SelfUpdate\cdm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1932568] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-01-07 46592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] "washindex"="c:\program files\Washer\washidx.exe" [2002-07-17 33792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\X\Start Menu\Programs\Startup\ ParagrafLexAlarm.lnk - c:\program files\ParagrafLex\browser\ParagrafLexAlarm.exe [2009-4-28 481779] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-07 11:39 10520 ----a-w c:\windows\system32\avgrsstx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave3"= serwvdrv.dll "wave4"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop(2).ini] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop(2).ini backup=c:\windows\pss\desktop(2).iniCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^X^Start Menu^Programs^Startup^desktop(2).ini] path=c:\documents and settings\X\Start Menu\Programs\Startup\desktop(2).ini backup=c:\windows\pss\desktop(2).iniStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\EIS\\EIS.exe"= "c:\\Program Files\\ParagrafLex\\browser\\jre\\bin\\java.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.5.2009 13:39 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.5.2009 13:39 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7.5.2009 13:38 298264] R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [11.6.2004 15:37 135168] S1 GhPciScan;GhostPciScanner;\??\c:\program files\Norton SystemWorks\Norton Ghost\ghpciscan.sys --> c:\program files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [?] S1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [10.6.2004 15:27 49168] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.krstarica.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://e:\content\include\XPPatchInstaller.CAB . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-08 16:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2400) c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\progra~1\DAP\DAPIE.DLL c:\program files\DAP\DAPIEBar.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Norton SystemWorks\Norton Ghost\GhostStartService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\progra~1\NORTON~2\SPEEDD~1\NOPDB.EXE c:\program files\Virtual CD v4\System\VCDSecS.exe c:\program files\ParagrafLex\browser\jre\bin\java.exe . ************************************************************************ . Completion time: 2009-05-08 16:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-08 14:56 ComboFix2.txt 2009-05-08 09:55 Pre-Run: 18.108.923.904 bytes free Post-Run: 18.021.253.120 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin 185 --- E O F --- 2009-03-16 12:50 Dopuna: 08 Maj 2009 17:16 UsbNoRisc fajl sa svih USB memorijskih uredjaja USBNoRisk 2.1 by bobby Started at 8.5.2009 17:00:42 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- D: {44626478-1dcf-11d9-b449-bd9c281666d3} C: {63ad96d4-1db3-11d9-a613-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 63ad96d4-1db3-11d9-a613-806d6172696f ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 44626478-1dcf-11d9-b449-bd9c281666d3 ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 8.5.2009 17:01:26 Scanning for connected USB mass storage... ---------------------------------------- F: {214c9034-3a0e-11de-9009-87133137cbd6} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 214c9034-3a0e-11de-9009-87133137cbd6 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 8.5.2009 17:05:40 Scanning for connected USB mass storage... ---------------------------------------- G: {0ec82756-48e8-11dd-8ef9-85a2920f8cd1} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No Autorun.inf files found on G: No mountpoint found for 0ec82756-48e8-11dd-8ef9-85a2920f8cd1 ---------------------------------------- desktop.ini found on G: ---------------------------------------- Content of G:\Razvoj\Projekti gotovi\emir dokument\desktop.ini ---------------------------------------- [.ShellClassInfo] IconFile=%SystemRoot%\system32\SHELL32.dll IconIndex=21 ---------------------------------------- Files referenced from G:\Razvoj\Projekti gotovi\emir dokument\desktop.ini ---------------------------------------- None ---------------------------------------- ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ========================================

Profil

dr_Bora Poslao: 08 Maj 2009 17:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok. Ovo sada izgleda čisto. Preostaje da uradiš sledeće: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi. To je sve.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » ...KesenjanganSosial.exe i regedit?

Ko je trenutno na forumu

Ukupno su 955 korisnika na forumu :: 22 registrovanih, 4 sakrivenih i 929 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AC-DC, aleksmajstor, ArchaBasha, bato, BSD, Dimitrije Paunovic, DonRumataEstorski, flash12, hyla, ILGromovnik, JOntra, Još malo pa deda, Lubica, Milos82, Nobunaga, pein, Rocky I, sovanova95, Srle993, vaso1, wizzardone, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by