MyCity » Ambulanta -> Arhiva Ambulante » Problem sa pretraživačem i particijama

Problem sa pretraživačem i particijama

Napisano na dan: 3.1.2011

Strana:
1
2

Problem sa pretraživačem i particijama

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Jovo93 Poslao: 03 Jan 2011 11:31 Idi na vrh
offline Jovo93 Počasni građanin Pridružio: 03 Jan 2011 Poruke: 997	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Srećna nova svima! Pozdrav svima upravo sam se registrovao i da opišem moje probleme: 1. Problem: Problem je u tome da ne mogu ući na nekim sajtovima preko bilo kog pretraživača već duže vreme(microsoft, avast, kaspersky), a mogao sam na samom početku korišćenja interneta ili posle reinstalacije sistema. Koristio sam avast 4.8 i 5 i on je pronašao preko 1000 inficiranih fajlova koje sam prebacio u kovčeg (kasnije sam oba antivirusa obrisao što je verovatno i dovelo do problema br.2) a sada koristim kaspersky virus removal tool i malwarebyts . Pokušavao sam brisanjem cookies-a da rešim problem i ništa. Koristi sam dial-up internet sada mts mobilni internet. 2.Problem: Drugi problem je u tome da je ne mogu direkto ući na obe particije (c i d) već moram opcioni klik pa explore. Kada pokušam direktno sa dvoklikom izbaci mi prozor za "open with" kao kada pokrećem neku ekstenziju za koju nemam program. A smatram da sam problem ja napravio kada sam inficiran fajl (koji je verovatno služio za pokretanje particija) prebacio u kovčeg avasta a kasnije i obrisao avast (od kako sam fajlove prebacio u kovčeg javlja mi se ovaj problem) DDS (Ver_10-12-12.02) - NTFSx86 Run by ë at 10:55:55,76 on ØÖÔ 03.01.2011 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.468 [GMT 1:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\PROGRAMI\Mobilni Internet\ModemListener.exe D:\PROGRAMI\WinAmp\winampa.exe C:\WINDOWS\system32\ctfmon.exe D:\PROGRAMI\DAEMON tool\DAEMON Tools Lite\daemon.exe C:\Program Files\Messenger\msmsgs.exe D:\PROGRAMI\FRAPS 3.2.3\FRAPS.EXE D:\PROGRAMI\WinZip\WZQKPICK.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Documents and Settings\â\Desktop\Virus Removal Tool\is-VFP4E\is-VFP4E.exe C:\WINDOWS\system32\svchost.exe -k imgsvc D:\PROGRAMI\Mobilni Internet\Hspa USB Modem.exe D:\Pretrazivaci\FireFox 3.6\firefox.exe D:\Pretrazivaci\FireFox 3.6\plugin-container.exe C:\Program Files\NCH Software\PlayPad\playpad.exe C:\Documents and Settings\â\Desktop\App\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2463487 uURLSearchHooks: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\media_star\tbMedi.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\media_star\tbMedi.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\media_star\tbMedi.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "d:\programi\daemon tool\daemon tools lite\daemon.exe" -autorun uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [RegistryBooster] "d:\programi\registrybooster\launcher.exe" delay 20000 uRun: [Fraps] d:\programi\fraps 3.2.3\FRAPS.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ModemListener] d:\programi\mobilni internet\ModemListener.exe start mRun: [WinampAgent] d:\programi\winamp\winampa.exe mRun: [Adobe Reader Speed Launcher] "d:\programi\adobe reader 9\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\2340~1\startm~1\programs\startup\is-vfp4e.lnk - c:\documents and settings\â\desktop\virus removal tool\is-vfp4e\startup.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - d:\programi\winzip\WZQKPICK.EXE IE: &Download All using 4shared Desktop - d:\programi\4shared\4shared desktop\down_all.htm IE: E&xport to Microsoft Excel - d:\programi\office~1\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\office~1\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: {51B1FE67-57FD-4203-9BF2-2D0C17A4DB98} = 195.178.38.3 195.178.38.8 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 is-VFP4Edrv;is-VFP4Edrv;c:\windows\system32\drivers\40773340.sys [2011-1-2 148496] R2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?] R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2010-10-5 103552] R3 Winacpci;Winacpci;c:\windows\system32\drivers\winacpci.sys [2010-5-9 602128] S2 bsatqqsu;Server Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-7-11 23456] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-6-20 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-6-20 8320] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-6-25 32377] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] =============== Created Last 30 ================ 2011-01-02 18:51:10 4098080 --sha-w- c:\windows\system32\drivers\fidbox.dat 2011-01-02 18:51:04 148496 ----a-w- c:\windows\system32\drivers\40773340.sys 2011-01-02 18:04:21 -------- d-----w- c:\docume~1\2340~1\applic~1\Malwarebytes 2011-01-02 18:04:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-02 18:04:13 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2011-01-02 18:04:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-02 18:04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-02 15:09:00 327168 ----a-w- c:\windows\IsUninst.exe 2011-01-02 14:33:13 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData 2011-01-02 10:58:24 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software 2011-01-02 09:07:51 1060864 ----a-w- c:\windows\system32\MFC71.dll 2011-01-02 08:23:29 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-02 08:23:29 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy 2010-12-06 13:49:07 -------- d-----w- c:\docume~1\2340~1\locals~1\applic~1\Sports Interactive 2010-12-04 19:11:52 -------- d-----w- c:\program files\Megaupload Downloader 2010-12-04 18:44:15 155648 ----a-w- c:\windows\system32\libssl32.dll 2010-12-04 18:03:18 -------- d-----w- c:\docume~1\2340~1\applic~1\GetRightToGo ==================== Find3M ==================== 2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl ============= FINISH: 10:56:14,12 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 03 Jan 2011 13:59 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: paokjowanpfc Registruj se da bi pohvalio/la poruku! Pozdrav paokjowanpfc! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

Jovo93 Poslao: 03 Jan 2011 14:17 Idi na vrh
offline Jovo93 Počasni građanin Pridružio: 03 Jan 2011 Poruke: 997	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Problem br.2 rešen Hvala! https://www.mycity.rs/must-login.png ComboFix 11-01-02.04 - â 03.01.2011 14:11:07.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.596 [GMT 1:00] Running from: c:\documents and settings\â\My Documents\Ïðè¼åìè\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\â\Application Data\PriceGong c:\documents and settings\â\Application Data\PriceGong\Data\1.xml c:\documents and settings\â\Application Data\PriceGong\Data\a.xml c:\documents and settings\â\Application Data\PriceGong\Data\b.xml c:\documents and settings\â\Application Data\PriceGong\Data\c.xml c:\documents and settings\â\Application Data\PriceGong\Data\d.xml c:\documents and settings\â\Application Data\PriceGong\Data\e.xml c:\documents and settings\â\Application Data\PriceGong\Data\f.xml c:\documents and settings\â\Application Data\PriceGong\Data\g.xml c:\documents and settings\â\Application Data\PriceGong\Data\h.xml c:\documents and settings\â\Application Data\PriceGong\Data\i.xml c:\documents and settings\â\Application Data\PriceGong\Data\J.xml c:\documents and settings\â\Application Data\PriceGong\Data\k.xml c:\documents and settings\â\Application Data\PriceGong\Data\l.xml c:\documents and settings\â\Application Data\PriceGong\Data\m.xml c:\documents and settings\â\Application Data\PriceGong\Data\mru.xml c:\documents and settings\â\Application Data\PriceGong\Data\n.xml c:\documents and settings\â\Application Data\PriceGong\Data\o.xml c:\documents and settings\â\Application Data\PriceGong\Data\p.xml c:\documents and settings\â\Application Data\PriceGong\Data\q.xml c:\documents and settings\â\Application Data\PriceGong\Data\r.xml c:\documents and settings\â\Application Data\PriceGong\Data\s.xml c:\documents and settings\â\Application Data\PriceGong\Data\t.xml c:\documents and settings\â\Application Data\PriceGong\Data\u.xml c:\documents and settings\â\Application Data\PriceGong\Data\v.xml c:\documents and settings\â\Application Data\PriceGong\Data\w.xml c:\documents and settings\â\Application Data\PriceGong\Data\x.xml c:\documents and settings\â\Application Data\PriceGong\Data\y.xml c:\documents and settings\â\Application Data\PriceGong\Data\z.xml c:\windows\system32\Thumbs.db D:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 ))))))))))))))))))))))))))))))) . 2011-01-02 18:51 . 2011-01-03 13:05 7925792 --sha-w- c:\windows\system32\drivers\fidbox.dat 2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\â\Application Data\Malwarebytes 2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2011-01-02 15:09 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe 2011-01-02 14:33 . 2011-01-02 14:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData 2011-01-02 10:58 . 2011-01-02 18:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software 2011-01-02 09:07 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx 2011-01-02 09:07 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2011-01-02 09:07 . 2011-01-02 10:59 -------- d-----w- c:\program files\Alwil Software 2011-01-02 08:23 . 2011-01-02 12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-02 08:23 . 2011-01-02 12:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2010-12-29 17:11 . 2010-12-29 17:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles 2010-12-06 13:49 . 2010-12-06 13:49 -------- d-----w- c:\documents and settings\â\Local Settings\Application Data\Sports Interactive 2010-12-04 19:11 . 2010-12-04 19:11 -------- d-----w- c:\program files\Megaupload Downloader 2010-12-04 18:44 . 2010-12-04 19:12 155648 ----a-w- c:\windows\system32\libssl32.dll 2010-12-04 18:03 . 2011-01-02 16:55 -------- d-----w- c:\documents and settings\â\Application Data\GetRightToGo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-12 17:53 . 2010-06-21 14:57 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34 . 2010-06-21 14:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2007-11-07 01:19 . 2010-12-10 17:40 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll 2007-11-07 01:19 . 2010-12-10 17:40 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\Media_Star\tbMedi.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\programi\DAEMON tool\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Fraps"="d:\programi\FRAPS 3.2.3\FRAPS.EXE" [2010-06-15 2176944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "nwiz"="nwiz.exe" [2007-06-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ModemListener"="d:\programi\Mobilni Internet\ModemListener.exe" [2010-07-12 98304] "WinampAgent"="d:\programi\WinAmp\winampa.exe" [2010-07-12 74752] "Adobe Reader Speed Launcher"="d:\programi\Adobe Reader 9\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - d:\programi\WinZip\WZQKPICK.EXE [2010-5-9 118784] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\IGRE\\Manager 2011\\fm.exe"= "d:\\IGRE\\PES 2010\\pes2010.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6577:TCP"= 6577:TCP:uevwmpl R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2010 23:13 721904] R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [5.10.2010 13:56 103552] R3 Winacpci;Winacpci;c:\windows\system32\drivers\winacpci.sys [9.5.2010 21:55 602128] S2 bsatqqsu;Server Boot;c:\windows\system32\svchost.exe -k netsvcs [3.8.2004 23:56 14336] S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [11.7.2010 10:27 23456] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.6.2010 08:10 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.6.2010 08:10 8320] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [25.6.2010 15:00 32377] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs bsatqqsu . Contents of the 'Scheduled Tasks' folder 2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-823518204-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] 2011-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-823518204-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2463487 IE: &Download All using 4shared Desktop - d:\programi\4shared\4shared Desktop\down_all.htm IE: E&xport to Microsoft Excel - d:\programi\OFFICE~1\OFFICE11\EXCEL.EXE/3000 TCP: {51B1FE67-57FD-4203-9BF2-2D0C17A4DB98} = 195.178.38.3 195.178.38.8 . - - - - ORPHANS REMOVED - - - - HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe HKCU-Run-RegistryBooster - d:\programi\RegistryBooster\launcher.exe AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-KLiteCodecPack_is1 - d:\programi\K-Lite Codec Pack\unins000.exe AddRemove-Mozilla Firefox (4.0b1) - d:\pretrazivaci\FireFox 4.0 beta\uninstall\helper.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-03 14:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsatqqsu] "ServiceDll"="c:\windows\system32\crxucnly.dll" . Completion time: 2011-01-03 14:14:35 ComboFix-quarantined-files.txt 2011-01-03 13:14 Pre-Run: 5.420.736.512 bytes free Post-Run: 5.611.073.536 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - C6047607C4BBDAA0253E52610CCE515F

Profil

1l padr1n0 Poslao: 03 Jan 2011 15:39 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: paokjowanpfc Registruj se da bi pohvalio/la poruku! - Zamolio bih te da detaljno citas Uputstva koja ti dajem i da radis iskljucivo po njima Korak 1 Skini i instaliraj sledecu zakrpu: http://www.microsoft.com/downloads/en/details.aspx.....laylang=en Korak 2 Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6577:TCP"=- Driver:: bsatqqsu NetSvc:: bsatqqsu File:: c:\windows\system32\crxucnly.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 3 Instaliraj AntiVirus. Ukoliko nemas licencu za neki komercijalni AV, preporucujem ti da instaliras jedan od dosta besplatnih, tipa: Avast, Avira, AVG, Microsoft Security Essentials, Panda Cloud, itd. Korak 4 - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. goran9888 (AMF Tim)

Profil

Jovo93 Poslao: 03 Jan 2011 15:45 Idi na vrh
offline Jovo93 Počasni građanin Pridružio: 03 Jan 2011 Poruke: 997	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve je to ok, ali ja ne mogu da uđem na microsoft.com piše na početku opisivanja mog problema.

Profil

1l padr1n0 Poslao: 03 Jan 2011 15:55 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: paokjowanpfc Registruj se da bi pohvalio/la poruku! Predji na Korak 2. Kada zavrsis sa CF-om, najverovatnije ces moci uraditi Korak 1. Ako ni tada ne moze, zaobidji trenutno taj korak, obavesti me u sledecoj poruci i nastavi dalje sa resavanjem slucaja.

Profil

Jovo93 Poslao: 03 Jan 2011 16:28 Idi na vrh
offline Jovo93 Počasni građanin Pridružio: 03 Jan 2011 Poruke: 997	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 03 Jan 2011 16:08 ComboFix 11-01-02.04 - в 03.01.2011 16:01:11.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.501 [GMT 1:00] Running from: c:\documents and settings\в\Desktop\App\ComboFix.exe Command switches used :: c:\documents and settings\в\Desktop\CFScript.txt AV: avast! Antivirus Enabled/Outdated {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\crxucnly.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\crxucnly.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BSATQQSU -------\Service_bsatqqsu ((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 ))))))))))))))))))))))))))))))) . 2011-01-03 14:59 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-01-03 14:59 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-01-03 14:59 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-01-03 14:59 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-01-03 14:59 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-01-03 14:59 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-01-03 14:59 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-01-03 14:59 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2011-01-03 14:59 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-02 18:51 . 2011-01-03 13:05 7925792 --sha-w- c:\windows\system32\drivers\fidbox.dat 2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\в\Application Data\Malwarebytes 2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2011-01-02 15:09 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe 2011-01-02 14:33 . 2011-01-02 14:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData 2011-01-02 10:58 . 2011-01-03 14:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software 2011-01-02 09:07 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx 2011-01-02 09:07 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2011-01-02 09:07 . 2011-01-02 10:59 -------- d-----w- c:\program files\Alwil Software 2011-01-02 08:23 . 2011-01-02 12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-02 08:23 . 2011-01-02 12:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2010-12-29 17:11 . 2010-12-29 17:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles 2010-12-06 13:49 . 2010-12-06 13:49 -------- d-----w- c:\documents and settings\в\Local Settings\Application Data\Sports Interactive 2010-12-04 19:11 . 2010-12-04 19:11 -------- d-----w- c:\program files\Megaupload Downloader 2010-12-04 18:44 . 2010-12-04 19:12 155648 ----a-w- c:\windows\system32\libssl32.dll 2010-12-04 18:03 . 2011-01-02 16:55 -------- d-----w- c:\documents and settings\в\Application Data\GetRightToGo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-12 17:53 . 2010-06-21 14:57 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34 . 2010-06-21 14:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2007-11-07 01:19 . 2010-12-10 17:40 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll 2007-11-07 01:19 . 2010-12-10 17:40 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll . ((((((((((((((((((((((((((((( SnapShot@2011-01-03_13.13.27 ))))))))))))))))))))))))))))))))))))))))) . + 2011-01-03 15:06 . 2011-01-03 15:06 16384 c:\windows\Temp\Perflib_Perfdata_5bc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\Media_Star\tbMedi.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\programi\DAEMON tool\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Fraps"="d:\programi\FRAPS 3.2.3\FRAPS.EXE" [2010-06-15 2176944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "nwiz"="nwiz.exe" [2007-06-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ModemListener"="d:\programi\Mobilni Internet\ModemListener.exe" [2010-07-12 98304] "WinampAgent"="d:\programi\WinAmp\winampa.exe" [2010-07-12 74752] "Adobe Reader Speed Launcher"="d:\programi\Adobe Reader 9\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - d:\programi\WinZip\WZQKPICK.EXE [2010-5-9 118784] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\IGRE\\Manager 2011\\fm.exe"= "d:\\IGRE\\PES 2010\\pes2010.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6577:TCP"= 6577:TCP:uevwmpl R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2010 23:13 721904] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.1.2011 15:59 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.1.2011 15:59 17744] R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?] R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [5.10.2010 13:56 103552] R3 Winacpci;Winacpci;c:\windows\system32\drivers\winacpci.sys [9.5.2010 21:55 602128] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [11.7.2010 10:27 23456] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.6.2010 08:10 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.6.2010 08:10 8320] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [25.6.2010 15:00 32377] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder 2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-823518204-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] 2011-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-823518204-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2463487 IE: &Download All using 4shared Desktop - d:\programi\4shared\4shared Desktop\down_all.htm IE: E&xport to Microsoft Excel - d:\programi\OFFICE~1\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-03 16:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2720) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\DeviceHelper\DeviceManager.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2011-01-03 16:07:38 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-03 15:07 ComboFix2.txt 2011-01-03 13:14 Pre-Run: 5.460.598.784 bytes free Post-Run: 5.393.248.256 bytes free - - End Of File - - 041FC5C906E6ADB0CAF226DD8E27575C Dopuna: 03 Jan 2011 16:16 USBNoRisk 2.6 (08 September 2010) by bobby Started at 3.1.2011 16:15:55 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {1ad92d99-5b6e-11df-94ca-806d6172696f} C: {644a2580-5b63-11df-892f-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 644a2580-5b63-11df-892f-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 1ad92d99-5b6e-11df-94ca-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [autorun] open=b9v.exe shell\open\command=b9v.exe ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [autorun] open=b9v.exe shell\open\command=b9v.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 3.1.2011 16:16:04 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 3.1.2011 16:16:06 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 3.1.2011 16:16:06 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 3.1.2011 16:16:06 Scanning for connected removable storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== ======================================== ======================================== New device connected at 3.1.2011 16:16:10 Scanning for connected USB mass storage... ---------------------------------------- H: {dab28fde-e044-11df-8a43-001d926a11ab} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: H:\autorun.inf.blocked ---------------------------------------- Content of H:\autorun.inf.blocked ---------------------------------------- [autorun] open=f662sjd.exe shell\open\command=f662sjd.exe ---------------------------------------- Files referenced from H:\autorun.inf.blocked ---------------------------------------- H:\f662sjd.exe -r-hs 115200 ---------------------------------------- ---------------------------------------- No autorun.inf files found on H: No mountpoint found for dab28fde-e044-11df-8a43-001d926a11ab ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ======================================== ======================================== ======================================== ======================================== ======================================== Dopuna: 03 Jan 2011 16:25 I dalje ne mogu da uđem na sajt smo zablokira kao da učitava a ne ulazi na sajt probao sam da se diskonektujem pa ponovo i ništa. Kao usb koristio sam prvo mobilni internet pa mob. telefon (ukoliko vam bude potrebno). Dopuna: 03 Jan 2011 16:28 Sad sam ušao na avstov sajt kao i kaspersky-ev a nisam mogao. Dok na microsoftov ne može.

Profil

1l padr1n0 Poslao: 03 Jan 2011 17:18 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: paokjowanpfc Registruj se da bi pohvalio/la poruku! Arhiviraj (zip, rar) folder C:\QooBox\Quarantine i upload-uj ga preko sledećeg link-a: http://www.mycity.rs/ambulanta-upload.php Isto to uradi i sa fajlom na sledecoj lokaciji (posalji preko istog link-a): c:\program files\Common Files\DeviceHelper\DeviceManager.exe goran9888 (AMF Tim)

Profil

Jovo93 Poslao: 03 Jan 2011 19:20 Idi na vrh
offline Jovo93 Počasni građanin Pridružio: 03 Jan 2011 Poruke: 997	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 03 Jan 2011 19:16 Izvinite zbog čekanja imao sam problem sa strujom. Uploadovao sa ovaj drugi fajl a prvi još uploaduje obavestiću vas preko pp kad i to završi. Dopuna: 03 Jan 2011 19:20 Evo sad sam uploadovao i prvi fajl.

Profil

1l padr1n0 Poslao: 03 Jan 2011 19:48 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: paokjowanpfc Registruj se da bi pohvalio/la poruku! - U proslom koraku najverovatnije nisi dobro kopirao CF skript pa bih te zamolio da sada to pazljivo i detaljno radis Korak 1 Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6577:TCP"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 2 - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj (mobilni telefon). - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{dab28fde-e044-11df-8a43-001d926a11ab} f_delete:%DRIVE%f662sjd.exe f_delete:C:\b9v.exe f_delete:D:\b9v.exe folder_list:%DRIVE% no_sh:` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa pretraživačem i particijama

Ko je trenutno na forumu

Ukupno su 984 korisnika na forumu :: 25 registrovanih, 0 sakrivenih i 959 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, banebeograd, Boris BM, Dannyboy, delboy, djboj, Djokislav, esx66, HrcAk47, Ksh037, Lazarus, Milos82, milutin134, Mixelotti, nikoladim, ozzy, Rogonos, S.Palestinac, S2M, Sass Drake, stagezin, Trpe Grozni, vladetije, vladulns

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by