MyCity » Ambulanta -> Arhiva Ambulante » Molim vas za pomoć

Molim vas za pomoć

Napisano na dan: 28.4.2009

Strana:
1
2

Molim vas za pomoć

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Veni_Vidi_Vici Poslao: 28 Apr 2009 13:36 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem na ovom računaru, verovatno je zakačio neku infekciju. Usporen je za 70 posto....uopšte nije za rad...baciću ga kroz prozor. Pomozite mi.... Evo ga log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:31:13, on 28.4.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\nMtsk.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: CIEPl Object - {02E60F0E-0497-4F6D-9214-39335A631A70} - C:\WINDOWS\system32\holdapi.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6motp.dll (file missing) O2 - BHO: Image Helper - {646782DF-07D9-5816-C17D-32459D631863} - C:\WINDOWS\system\bpmdm32.dll (file missing) O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8D7F9337-6D3E-4A57-843B-6586794739D0}: NameServer = 195.250.98.5 195.250.98.8 O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll O20 - Winlogon Notify: holdapi - holdapi.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6333 bytes

Profil

helen1 Poslao: 28 Apr 2009 17:52 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface). * Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. -------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Veni_Vidi_Vici Poslao: 29 Apr 2009 13:45 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 29 Apr 2009 13:32 ComboFix 09-04-28.02 - Petrovic 29.04.2009 11:47.1 - NTFSx86 Running from: c:\documents and settings\Petrovic\Desktop\ComboFix.exe AV: AVG 7.5.516 On-access scanning disabled (Outdated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\as.txt c:\windows\knight.exe c:\windows\recover.reg c:\windows\system32\7_exception.nls c:\windows\system32\crypts.dll c:\windows\system32\digiwet.dll c:\windows\system32\qabmjmmh.ini c:\windows\system32\wsys.dll c:\windows\system32\yjevnjuu.ini c:\windows\system32\drivers\str.sys . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_EXAMPLE -------\Legacy_RUNTIME -------\Service_EXAMPLE -------\Service_Runtime ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))))) . 2009-04-28 11:28 . 2009-04-28 11:28 -------- d-----w c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 11:36 . 2009-02-13 11:36 1046 ----a-w c:\windows\system32\dktqbbjt.exe 2009-02-13 11:35 . 2009-02-13 11:35 20992 ----a-w c:\windows\system32\dggedaaa.exe 2008-03-31 08:26 . 2006-10-23 09:59 848 --sha-w c:\windows\system32\KGyGaAvL.sys 2007-03-15 14:31 . 2007-03-16 11:22 93946 --sha-w c:\windows\system32\ospcont.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-07-29 5354792] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-13 579072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 77824] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-17 69632] "nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-06-17 2550272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-02-13 219136] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-23 113664] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVP"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\msncall.exe"= "c:\\WINDOWS\\system32\\dggedaaa.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2005-06-03 60556] --- Other Services/Drivers In Memory --- Deregistered - AFD Deregistered - ALG Deregistered - Ati HotKey Poller Deregistered - ATI Smart Deregistered - AudioSrv Deregistered - audstub Deregistered - AVG Anti-Spyware Driver Deregistered - AVG Anti-Spyware Guard Deregistered - Avg7Alrt Deregistered - Avg7Core Deregistered - Avg7RsW Deregistered - Avg7RsXP Deregistered - Avg7UpdSvc Deregistered - AvgAsCln Deregistered - AvgClean Deregistered - Beep Deregistered - bgsvcgen Deregistered - Browser Deregistered - cbmtugria Deregistered - Cdfs Deregistered - CryptSvc Deregistered - DcomLaunch Deregistered - Dhcp Deregistered - dmio Deregistered - dmload Deregistered - dmserver Deregistered - Dnscache Deregistered - ERSvc Deregistered - EventSystem Deregistered - Fastfat Deregistered - FastUserSwitchingCompatibility Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - helpsvc Deregistered - HTTP Deregistered - IntelIde Deregistered - IpNat Deregistered - IPSec Deregistered - KSecDD Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LmHosts Deregistered - mnmdd Deregistered - Mouclass Deregistered - MountMgr Deregistered - MRxDAV Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netman Deregistered - Nla Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - ParVdm Deregistered - PolicyAgent Deregistered - PptpMiniport Deregistered - PQNTDrv Deregistered - ProtectedStorage Deregistered - PSched Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasMan Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RecAgent Deregistered - RemoteRegistry Deregistered - RpcSs Deregistered - SamSs Deregistered - Schedule Deregistered - seclogon Deregistered - SENS Deregistered - ServiceLayer Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - SLService Deregistered - SlWdmSup Deregistered - SMBios Deregistered - Spooler Deregistered - sr Deregistered - srservice Deregistered - Srv Deregistered - SSDPSRV Deregistered - stisvc Deregistered - swenum Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - TermService Deregistered - Themes Deregistered - TrkWks Deregistered - Update Deregistered - VgaSave Deregistered - VolSnap Deregistered - W32Time Deregistered - Wanarp Deregistered - WebClient Deregistered - winmgmt Deregistered - wscsvc Deregistered - wuauserv Deregistered - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e54b088-4878-11dd-a3cb-00111187a92f}] \Shell\auto\command - F:\Knight.exe open \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open \Shell\explore\command - F:\Knight.exe open \Shell\find\command - F:\Knight.exe open \Shell\install\command - F:\Knight.exe open \Shell\open\command - F:\Knight.exe open [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c57aee64-d7cb-11db-a261-00111187a92f}] \Shell\Auto\command - G:\Cn911.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef843652-dc3f-11db-a267-00111187a92f}] \Shell\Auto\command - Cn911.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe . Contents of the 'Scheduled Tasks' folder 2009-04-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26] 2007-01-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8034612465.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] . - - - - ORPHANS REMOVED - - - - ShellIconOverlayIdentifiers-{40DAD1B9-DDCF-4A31-A5D3-A03BC8881370} - c:\windows\System32\windexserv.dll HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe ShellExecuteHooks-{93994DE8-8239-4655-B1D1-5F4E91300429} - c:\program files\DVDIdle Pro\DVDShell.dll ShellExecuteHooks-{F28439F2-4996-41B8-8BD0-22789780DE81} - (no file) Notify-holdapi - holdapi.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Petrovic\Application Data\Mozilla\Firefox\Profiles\083qiytx.default\ FF - prefs.js: browser.startup.homepage - yahoo.com . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-29 12:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\str.sys 0 bytes c:\windows\system32\drivers\xcxqonjrhfg.sys 30976 bytes executable scan completed successfully hidden files: 2 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(5428-) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\windows\system32\bgsvcgen.exe c:\windows\system32\slserv.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe . ************************************************************************ . Completion time: 2009-04-29 13:21 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-29 11:19 Pre-Run: 2.417.307.648 bytes free Post-Run: 3.034.013.696 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 281 Dopuna: 29 Apr 2009 13:45 Sta se dešava, ima li pomaka i spasa za ovaj kompjuter

Profil

helen1 Poslao: 29 Apr 2009 15:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probacemo nesto da sredimo. Iskljuci zastitu: Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\dktqbbjt.exe c:\windows\system32\dggedaaa.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e54b088-4878-11dd-a3cb-00111187a92f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c57aee64-d7cb-11db-a261-00111187a92f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef843652-dc3f-11db-a267-00111187a92f}] Rootkit:: c:\windows\system32\drivers\str.sys c:\windows\system32\drivers\xcxqonjrhfg.sys Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Veni_Vidi_Vici Poslao: 29 Apr 2009 23:06 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 29 Apr 2009 23:01 ComboFix 09-04-28.02 - Petrovic 29.04.2009 22:18.2 - NTFSx86 Running from: c:\documents and settings\Petrovic\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Petrovic\Desktop\CFScript.txt.txt AV: AVG 7.5.516 On-access scanning disabled (Outdated) FILE :: c:\windows\system32\dggedaaa.exe c:\windows\system32\dktqbbjt.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\dggedaaa.exe c:\windows\system32\dktqbbjt.exe c:\windows\system32\drivers\str.sys c:\windows\system32\drivers\xcxqonjrhfg.sys . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))))) . 2009-04-28 11:28 . 2009-04-28 11:28 -------- d-----w c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-31 08:26 . 2006-10-23 09:59 848 --sha-w c:\windows\system32\KGyGaAvL.sys 2007-03-15 14:31 . 2007-03-16 11:22 93946 --sha-w c:\windows\system32\ospcont.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.54.37 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-16 12:09 . 2008-10-16 12:09 43544 c:\windows\system32\wups2.dll + 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll + 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\wuauclt.exe + 2009-04-29 12:25 . 2008-10-16 12:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll + 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\dllcache\cdm.dll - 2002-10-13 20:25 . 2009-04-29 10:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2002-10-13 20:25 . 2009-04-29 19:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2002-10-13 20:25 . 2009-04-29 10:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2002-10-13 20:25 . 2009-04-29 19:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2002-10-13 20:25 . 2009-04-29 19:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2002-10-13 20:25 . 2009-04-29 10:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\cdm.dll + 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\wuweb.dll + 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\wucltui.dll + 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\wuapi.dll + 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\dllcache\wuweb.dll + 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\dllcache\wucltui.dll + 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll + 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\wuaueng.dll + 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-07-29 5354792] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-13 579072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 77824] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-17 69632] "nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-06-17 2550272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-02-13 219136] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-23 113664] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVP"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\msncall.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= R2 cbmtugria;cbmtugria; [x] R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2005-06-03 60556] . Contents of the 'Scheduled Tasks' folder 2009-04-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26] 2007-01-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8034612465.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Petrovic\Application Data\Mozilla\Firefox\Profiles\083qiytx.default\ FF - prefs.js: browser.startup.homepage - yahoo.com . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-29 22:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3764) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\windows\system32\bgsvcgen.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************ . Completion time: 2009-04-29 22:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-29 20:57 ComboFix2.txt 2009-04-29 11:21 Pre-Run: 2.984.882.176 bytes free Post-Run: 2.978.844.672 bytes free 154 Dopuna: 29 Apr 2009 23:06 Evo uradjeno je sve kako si mi rekao, mislim da ima nekog napretka...kompjuter mi radi brže. Jel možeš da mi napišeš šta je to što ga je napalo i gde se to uobičajeno zakači?

Profil

helen1 Poslao: 29 Apr 2009 23:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bilo je svacega, ugasi ponovo Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: cbmtugria` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja

Profil

Veni_Vidi_Vici Poslao: 30 Apr 2009 12:10 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Apr 2009 12:09 ComboFix 09-04-28.02 - Petrovic 30.04.2009 11:59.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.198 [GMT 2:00] Running from: c:\documents and settings\Petrovic\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Petrovic\Desktop\CFScript.txt.txt AV: AVG 7.5.516 On-access scanning disabled (Outdated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CBMTUGRIA -------\Service_cbmtugria ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 ))))))))))))))))))))))))))))))) . 2009-04-28 11:28 . 2009-04-28 11:28 -------- d-----w c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-29 21:09 . 2007-01-08 19:59 -------- d-----w c:\program files\Common Files\PCSuite 2008-03-31 08:26 . 2006-10-23 09:59 848 --sha-w c:\windows\system32\KGyGaAvL.sys 2007-03-15 14:31 . 2007-03-16 11:22 93946 --sha-w c:\windows\system32\ospcont.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.54.37 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-16 12:09 . 2008-10-16 12:09 43544 c:\windows\system32\wups2.dll + 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll + 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\wuauclt.exe + 2009-04-29 12:25 . 2008-10-16 12:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll + 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\dllcache\cdm.dll + 2002-10-13 20:25 . 2009-04-29 19:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2002-10-13 20:25 . 2009-04-29 10:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2002-10-13 20:25 . 2009-04-29 10:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2002-10-13 20:25 . 2009-04-29 19:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\cdm.dll + 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\wuweb.dll + 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\wucltui.dll + 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\wuapi.dll + 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\dllcache\wuweb.dll + 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\dllcache\wucltui.dll + 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll + 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\wuaueng.dll + 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-13 579072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 77824] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-17 69632] "nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-06-17 2550272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-02-13 219136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-23 113664] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVP"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\msncall.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2005-06-03 60556] . Contents of the 'Scheduled Tasks' folder 2009-04-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26] 2007-01-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8034612465.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {8D7F9337-6D3E-4A57-843B-6586794739D0} = 195.250.98.5 195.250.98.8 FF - ProfilePath - c:\documents and settings\Petrovic\Application Data\Mozilla\Firefox\Profiles\083qiytx.default\ FF - prefs.js: browser.startup.homepage - yahoo.com . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-30 12:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2888-) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\windows\system32\bgsvcgen.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************ . Completion time: 2009-04-30 12:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-30 10:05 ComboFix2.txt 2009-04-29 20:57 ComboFix3.txt 2009-04-29 11:21 Pre-Run: 2.961.932.288 bytes free Post-Run: 2.956.300.288 bytes free 150 Dopuna: 30 Apr 2009 12:10 Ево учињено је како ми је речено....Који су следећи кораци који се требају предузети....

Profil

helen1 Poslao: 30 Apr 2009 12:55 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel ima nekih problema?

Profil

Veni_Vidi_Vici Poslao: 30 Apr 2009 14:57 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koliko mogu da zakljucim nema za sada.radi brzo, vise nije usporen.da li jos nesto treba uraditi da se taj postupak isceljenja zavrsi:)

Profil

helen1 Poslao: 30 Apr 2009 15:00 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Treba jos ovo: Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim vas za pomoć

Ko je trenutno na forumu

Ukupno su 935 korisnika na forumu :: 31 registrovanih, 8 sakrivenih i 896 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, babaroga, Battlehammer, ccoogg123, Denaya, doktor1964, DonRumataEstorski, DPera, GandorCC, Georgius, ivica976, Koridor, Leonov, lucko1, milimoj, MilosKop, nemkea71, Neutral-M, Nobunaga, Rogan33, sevenino, Shinobi, Srki94, Sumadija34, vathra, vlvl, W123, YU-UKI, šumar bk2, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by