MyCity » Ambulanta -> Arhiva Ambulante » Komp ne funkcionise kako valja!

Komp ne funkcionise kako valja!

Napisano na dan: 31.5.2010

Strana:
1
2

Komp ne funkcionise kako valja!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Hit-Man Poslao: 31 Maj 2010 20:15 Idi na vrh
offline Hit-Man Prijatelj foruma Pridružio: 15 Avg 2006 Poruke: 2381 Gde živiš: Trenutno nigde...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije moj komp vec burazerov i ja ne znam da popravim ovo cudo! Ja sam instalirao jos davno SpyBot antispyware ali nisam AV! Sada kad startujem komp, ponasa se kao da ima dva instalirana AV ali nema. Mora da je naleteo na neki virus! Sta mi predlazete jer jedino iz safemoda mogu da udjem u komp!?

Profil

Bogdan-Tc Poslao: 31 Maj 2010 21:22 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Za početak isprati sledeće... Skini program RSIT na Desktop: http://images.malwareremoval.com/random/RSIT.exe Pokreni ga dvoklikom a zatim klikni Continue. Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba). Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

Profil

Hit-Man Poslao: 01 Jun 2010 18:14 Idi na vrh
offline Hit-Man Prijatelj foruma Pridružio: 15 Avg 2006 Poruke: 2381 Gde živiš: Trenutno nigde...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pisem sa burazerovog kompa, jedva je dosao k sebi. Logfile of random's system information tool 1.07 (written by random/random) Run by goga at 2010-06-01 18:11:03 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 145 GB (76%) free of 191 GB Total RAM: 511 MB (24% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:11:37, on 2010-06-01 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program\Java\jre6\bin\jusched.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\Winamp\winampa.exe C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Spybot - Search & Destroy\TeaTimer.exe C:\Program\uTorrent\uTorrent.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\goga\Skrivbord\RSIT.exe C:\Program\trend micro\goga.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {ACDDF090-7937-42AA-9F7C-1A50E14E452D} - c:\windows\system32\nlouqyd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunOnce: [SpybotDeletingA9060] command.com /c del "C:\Program\AntiMalware\antimalware.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingC3203] cmd.exe /c del "C:\Program\AntiMalware\antimalware.exe" O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2025429265-823518204-1801674531-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administratör') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O21 - SSODL: GootkitSSO - {B8F823FC-E610-4FCC-8FAB-69FA4007ECBD} - C:\WINDOWS\System32\msxsltsso.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7839 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-04 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live inloggningshjälpen - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACDDF090-7937-42AA-9F7C-1A50E14E452D}] c:\windows\system32\nlouqyd.dll [2004-08-04 114176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-09-05 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-05 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-09-05 148888] "ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-07-22 81920] "TkBellExe"=C:\Program\Delade filer\Real\Update_OB\realsched.exe [2009-03-04 198160] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "WinampAgent"=C:\Program\Winamp\winampa.exe [2009-02-25 37888] "Ulead AutoDetector v2"=C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112] "HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152] "QuickTime Task"=C:\Program\QuickTime\qttask.exe [2009-11-11 417792] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingA9060"=command.com /c del C:\Program\AntiMalware\antimalware.exe [] "SpybotDeletingC3203"=cmd.exe /c del C:\Program\AntiMalware\antimalware.exe [] "Spybot - Search & Destroy"=C:\Program\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=C:\Program\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] "uTorrent"=C:\Program\uTorrent\uTorrent.exe [2010-02-15 319280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] GootkitSSO - {B8F823FC-E610-4FCC-8FAB-69FA4007ECBD} - C:\WINDOWS\System32\msxsltsso.dll [2010-05-31 42496] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program\Atari\Test Drive Unlimited\TestDriveUnlimited.exe::Enabled:Test Drive Unlimited" "C:\Program\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" "C:\Program\Messenger\msmsgs.exe"="C:\Program\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live Sync" "C:\Program\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program\Spyware Terminator\SpywareTerminatorUpdate.exe::Enabled:Crawler Spyware Terminator" "C:\Program\uTorrent\uTorrent.exe"="C:\Program\uTorrent\uTorrent.exe::Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb321be8-e4de-11de-a0bc-001485bcbed2}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb321bea-e4de-11de-a0bc-001485bcbed2}] shell\AutoRun\command - E:\AutoRun.exe ======List of files/folders created in the last 1 months====== 2010-06-01 18:11:10 ----D---- C:\Program\trend micro 2010-06-01 18:11:03 ----D---- C:\rsit 2010-05-28 20:41:38 ----A---- C:\WINDOWS\system32\msxsltsso.dll 2010-05-28 20:37:13 ----D---- C:\Program\AntiMalware 2010-05-26 12:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-05-12 15:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ ======List of files/folders modified in the last 1 months====== 2010-06-01 18:11:10 ----RD---- C:\Program 2010-06-01 18:10:54 ----D---- C:\WINDOWS\Temp 2010-06-01 18:08:49 ----D---- C:\Documents and Settings\goga\Application Data\uTorrent 2010-06-01 18:05:07 ----D---- C:\Program\Mozilla Firefox 2010-06-01 18:00:59 ----SHD---- C:\System Volume Information 2010-06-01 17:59:41 ----D---- C:\WINDOWS\system32\Restore 2010-05-31 10:19:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-31 09:06:34 ----D---- C:\WINDOWS 2010-05-31 08:02:15 ----D---- C:\WINDOWS\system32\drivers 2010-05-31 08:02:15 ----D---- C:\WINDOWS\system32 2010-05-31 07:07:54 ----HD---- C:\WINDOWS\inf 2010-05-31 07:07:51 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-31 07:07:43 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-31 07:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-30 12:43:48 ----D---- C:\Program\Spyware Terminator 2010-05-28 20:45:34 ----D---- C:\WINDOWS\Prefetch 2010-05-28 20:39:48 ----D---- C:\WINDOWS\system32\config 2010-05-28 20:38:50 ----D---- C:\WINDOWS\system32\wbem 2010-05-28 20:38:47 ----D---- C:\WINDOWS\Registration 2010-05-28 20:37:19 ----SHD---- C:\RECYCLER 2010-05-28 19:24:31 ----A---- C:\WINDOWS\win.ini 2010-05-28 19:24:31 ----A---- C:\WINDOWS\system.ini 2010-05-27 19:05:34 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-26 12:06:13 ----A---- C:\WINDOWS\imsins.BAK 2010-05-24 19:03:33 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-12 15:49:46 ----SHD---- C:\WINDOWS\Installer 2010-05-12 15:49:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-05-12 15:49:18 ----D---- C:\Program\Outlook Express 2010-05-12 09:54:01 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-26 3644032] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760] R3 hidusb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160] R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-04-17 101376] S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832] R2 gubtyyqf;Remote Access Auto Connection Support; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-09-05 152984] R2 MDM;Machine Debug Manager; C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] R2 SeaPort;SeaPort; C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Profil

Bogdan-Tc Poslao: 01 Jun 2010 18:30 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Hit-Man Poslao: 01 Jun 2010 19:18 Idi na vrh
offline Hit-Man Prijatelj foruma Pridružio: 15 Avg 2006 Poruke: 2381 Gde živiš: Trenutno nigde...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 01 Jun 2010 19:15 kod mene ne postiji nista kako da deaktiviram program! Citao sam upustvo za Comodo FW/IS ali se ne slaze! Na kompu kada klinkem desni klik kod mene ima opcije za open, ... copy i ono sa WinRaR! Pokrenuo sam program ali sada samo pise AutoScan i prozor za plavom pozadinom.. Mozda nisam to trebao da pokrenem? Dopuna: 01 Jun 2010 19:17 Zaustavio se i pise ''comboFix je detektovao rootkit i da mora da restartuje komp''

Profil

Bogdan-Tc Poslao: 01 Jun 2010 19:32 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li je završio sa radom sam ili si ti nešto dirao? Trebalo je da ti se prikaže izveštaj u Notepad-u. Ako nije prikazao izveštaj idi na C: particiju i pronađi ComboFix.txt koji ćeš iskopirati ovde u poruci. C:\ComboFix.txt

Profil

Hit-Man Poslao: 01 Jun 2010 19:50 Idi na vrh
offline Hit-Man Prijatelj foruma Pridružio: 15 Avg 2006 Poruke: 2381 Gde živiš: Trenutno nigde...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 01 Jun 2010 19:35 Ne sam je zavrsio ali je imalo samo opcija ''OK'' tj. da se komp restartuje i evo, restartovao se i opet skenira... Pise: Zavrsena faza 1,2,3 pod brojevima ali nadole! Dopuna: 01 Jun 2010 19:48 ComboFix 10-06-01.01 - goga 2010-06-01 19:28:33.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.259 [GMT 2:00] Körs från: c:\documents and settings\goga\Skrivbord\ComboFix.exe VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !! . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\sysReserve.ini c:\program\AntiMalware c:\program\AntiMalware\amext.dll c:\program\AntiMalware\help.ico c:\windows\system32\abqexli.dll c:\windows\system32\drivers\cxcabtkc.sys c:\windows\system32\drivers\djfpsklc.sys c:\windows\system32\msxsltsso.dll c:\windows\system32\net.net c:\windows\system32\nlouqyd.dll Infekterad kopia av c:\windows\system32\drivers\ftdisk.sys hittades och desinficerades. Återställd kopia från - Kitty had a snack :p . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DJFPSKLC -------\Legacy_GUBTYYQF -------\Service_djfpsklc -------\Service_gubtyyqf (((((((((((((((((((((((( Filer Skapade från 2010-05-01 till 2010-06-01 )))))))))))))))))))))))))))))) . 2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- c:\program\trend micro 2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- C:\rsit 2010-05-28 18:38 . 2010-05-28 18:38 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-27 17:05 . 2010-05-27 17:05 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-01 17:44 . 2010-06-01 17:44 42496 ----a-w- c:\windows\system32\msxsltsso.dll 2010-06-01 17:43 . 2010-02-14 16:51 -------- d-----w- c:\documents and settings\goga\Application Data\uTorrent 2010-06-01 17:26 . 2009-12-06 13:49 -------- d-----w- c:\program\Spybot - Search & Destroy 2010-06-01 17:00 . 2009-12-06 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-30 10:43 . 2009-12-09 16:38 -------- d-----w- c:\program\Spyware Terminator 2010-05-27 17:05 . 2004-08-04 12:00 210816 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-05-16 18:00 . 2010-03-19 13:35 439816 ----a-w- c:\documents and settings\goga\Application Data\Real\Update\setup3.10\setup.exe 2010-05-12 13:49 . 2009-03-04 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-28 08:43 . 2004-08-04 12:00 83974 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 08:43 . 2004-08-04 12:00 445832 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-11 16:52 . 2009-12-01 18:00 79488 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-11 12:37 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:37 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:37 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:11 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2006-10-11 08:04 . 2009-03-04 17:44 61036 ----a-w- c:\program\mozilla firefox\components\jar50.dll 2006-10-11 08:04 . 2009-03-04 17:44 48742 ----a-w- c:\program\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 . 2009-03-04 17:44 29313 ----a-w- c:\program\mozilla firefox\components\myspell.dll 2006-10-11 08:05 . 2009-03-04 17:44 41082 ----a-w- c:\program\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 . 2009-03-04 17:44 166510 ----a-w- c:\program\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2010-05-27 17:05 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys [-] 2010-05-27 17:05 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2004-08-04 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 182912 . . [------] . . c:\windows\$NtServicePackUninstall$\ndis.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . Not Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program\uTorrent\uTorrent.exe" [2010-02-15 319280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-09-05 148888] "ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064] "SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920] "TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2009-03-04 198160] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program\Winamp\winampa.exe" [2009-02-25 37888] "Ulead AutoDetector v2"="c:\program\Delade filer\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "GootkitSSO"= {9449C3A2-8FE8-4A9E-8685-F2F856D20A91} - c:\windows\System32\msxsltsso.dll [2010-06-01 42496] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "48202:TCP"= 48202:TCP:@xpsp2res.dll,-22009 "58701:TCP"= 58701:TCP:@xpsp2res.dll,-22009 S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-05-13 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2009-05-13 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2009-05-13 109992] --- Övriga tjänster/drivrutiner i minnet --- NewlyCreated - DJFPSKLC Deregistered - djfpsklc . Innehållet i mappen 'Schemalagda aktiviteter': 2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.google.se/ IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\goga\Application Data\Mozilla\Firefox\Profiles\ik3cbe6x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - component: c:\program\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program\Mozilla Firefox\extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}\components\FFAlert.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - ShellIconOverlayIdentifiers-{ACDDF090-7937-42AA-9F7C-1A50E14E452D} - (no file) ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-01 19:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\msxsltsso.dll 42496 bytes executable scan completed successfully hidden files: 1 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe >>UNKNOWN [0x8236B0E0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf86b8f28 \Driver\ACPI -> ACPI.sys @ 0xf853bcb8 \Driver\atapi -> atapi.sys @ 0xf84f3852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76 NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0x82317b0a PacketIndicateHandler -> NDIS.sys @ 0x82322a21 SendHandler -> NDIS.sys @ 0x82317949 user & kernel MBR OK malicious code @ sector 0x1749ddc1 size 0x1a8 ! ********************************************************************** . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'winlogon.exe'(504) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(6076) c:\windows\System32\msxsltsso.dll c:\program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL . ------------------------ Andra processer som körs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program\Java\jre6\bin\jqs.exe c:\program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\HPZipm12.exe c:\windows\SOUNDMAN.EXE c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe c:\program\Internet Explorer\IEXPLORE.EXE c:\program\Windows Live\Toolbar\wltuser.exe . ************************************************************************ . Sluttid: 2010-06-01 19:47:31 - datorn startades om. ComboFix-quarantined-files.txt 2010-06-01 17:47 Före genomsökningen: 152 001 245 184 byte ledigt Efter genomsökningen: 152 115 806 208 byte ledigt - - End Of File - - 9FF7EF57256595615AC84BF784787B8E Dopuna: 01 Jun 2010 19:50 Ovo je na svedskom, sto ti nije jasno pitaj oko prevoda!

Profil

Bogdan-Tc Poslao: 01 Jun 2010 20:57 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je instalirati Recovery console. Idi na http://www.microsoft.com/downloads/details.aspx?Fa.....laylang=en Klikni na Download; File koji si preuzeo prevuci na ikonicu ComboFix-a; Izveštaj/log koji dobiješ iskopiraj ovde u poruci.

Profil

Hit-Man Poslao: 03 Jun 2010 17:49 Idi na vrh
offline Hit-Man Prijatelj foruma Pridružio: 15 Avg 2006 Poruke: 2381 Gde živiš: Trenutno nigde...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-06-02.04 - goga 2010-06-03 17:36:48.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.297 [GMT 2:00] Körs från: c:\documents and settings\goga\Skrivbord\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\goga\Skrivbord\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\msxsltsso.dll Infekterad kopia av c:\windows\system32\drivers\ndis.sys hittades och desinficerades. Återställd kopia från - c:\windows\ServicePackFiles\i386\ndis.sys . (((((((((((((((((((((((( Filer Skapade från 2010-05-03 till 2010-06-03 )))))))))))))))))))))))))))))) . 2010-06-02 10:34 . 2010-06-03 15:26 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2010-06-02 06:35 . 2010-06-02 06:35 503808 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-259cfb04-n\msvcp71.dll 2010-06-02 06:35 . 2010-06-02 06:35 499712 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-259cfb04-n\jmc.dll 2010-06-02 06:35 . 2010-06-02 06:35 348160 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-259cfb04-n\msvcr71.dll 2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- c:\program\trend micro 2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- C:\rsit 2010-05-28 18:38 . 2010-05-28 18:38 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-03 15:45 . 2010-02-14 16:51 -------- d-----w- c:\documents and settings\goga\Application Data\uTorrent 2010-06-01 17:26 . 2009-12-06 13:49 -------- d-----w- c:\program\Spybot - Search & Destroy 2010-06-01 17:00 . 2009-12-06 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-30 10:43 . 2009-12-09 16:38 -------- d-----w- c:\program\Spyware Terminator 2010-05-16 18:00 . 2010-03-19 13:35 439816 ----a-w- c:\documents and settings\goga\Application Data\Real\Update\setup3.10\setup.exe 2010-05-12 13:49 . 2009-03-04 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-28 08:43 . 2004-08-04 12:00 83974 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 08:43 . 2004-08-04 12:00 445832 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-11 16:52 . 2009-12-01 18:00 79488 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-11 12:37 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:37 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:37 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:11 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2006-10-11 08:04 . 2009-03-04 17:44 61036 ----a-w- c:\program\mozilla firefox\components\jar50.dll 2006-10-11 08:04 . 2009-03-04 17:44 48742 ----a-w- c:\program\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 . 2009-03-04 17:44 29313 ----a-w- c:\program\mozilla firefox\components\myspell.dll 2006-10-11 08:05 . 2009-03-04 17:44 41082 ----a-w- c:\program\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 . 2009-03-04 17:44 166510 ----a-w- c:\program\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2010-06-01_17.43.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-03 15:45 . 2010-06-03 15:45 16384 c:\windows\Temp\Perflib_Perfdata_158.dat + 2010-06-02 09:11 . 2010-06-02 13:08 32768 c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012010060220100603\index.dat + 2009-03-03 21:15 . 2010-06-03 15:26 65536 c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat + 2009-03-03 21:15 . 2010-06-03 15:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-03 21:15 . 2010-06-01 17:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2004-08-04 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\drivers\ndis.sys + 2004-08-04 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\ndis.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . Not Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program\uTorrent\uTorrent.exe" [2010-02-15 319280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-09-05 148888] "ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064] "SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920] "TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2009-03-04 198160] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program\Winamp\winampa.exe" [2009-02-25 37888] "Ulead AutoDetector v2"="c:\program\Delade filer\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program\\Messenger\\msmsgs.exe"= "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "48202:TCP"= 48202:TCP:@xpsp2res.dll,-22009 "58701:TCP"= 58701:TCP:@xpsp2res.dll,-22009 S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-05-13 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2009-05-13 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2009-05-13 109992] . Innehållet i mappen 'Schemalagda aktiviteter': 2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.google.se/ IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\goga\Application Data\Mozilla\Firefox\Profiles\ik3cbe6x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - component: c:\program\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program\Mozilla Firefox\extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}\components\FFAlert.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - SSODL-GootkitSSO-{FF894987-3BD2-46B4-9341-339C3720939F} - c:\windows\System32\msxsltsso.dll ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-03 17:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'winlogon.exe'(504) c:\windows\system32\Ati2evxx.dll . ------------------------ Andra processer som körs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program\Java\jre6\bin\jqs.exe c:\program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\HPZipm12.exe c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\wscntfy.exe . ************************************************************************ . Sluttid: 2010-06-03 17:49:37 - datorn startades om. ComboFix-quarantined-files.txt 2010-06-03 15:49 ComboFix2.txt 2010-06-01 17:47 Före genomsökningen: 158 450 720 768 byte ledigt Efter genomsökningen: 158 465 826 816 byte ledigt WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - F21F7BD904649DD2AE62A6DBFE4226B5

Profil

Bogdan-Tc Poslao: 03 Jun 2010 18:11 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Komp ne funkcionise kako valja!

Ko je trenutno na forumu

Ukupno su 760 korisnika na forumu :: 50 registrovanih, 8 sakrivenih i 702 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, Andrija357, Bobrock1, bojank, cavatina, ccoogg123, cenejac111, crnitrn, Dimitrise93, djo97, dragoljub11987, Dvojac005, Excalibur13, FOX, Georgius, Hans Gajger, HogarStrashni, ikan, Instruktor 1223, ivan1973, jackreacher011011, janbo, Karla, kihot, kjkszpj, Krvava Devetka, Leonov, lord sir giga, mikrimaus, mile23, Milos ZA, moldway, oganj123, ozzy, pein, Pohovani_00, rajkoplje, Smiljke, stalja, Stanlio, StepskiVuk, vathra, Vatreni Zmaj, Vlad000, vukdra, wizzardone, zixmix, zlaya011, zziko, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by