MyCity » Ambulanta -> Arhiva Ambulante » problem sa trojancima

problem sa trojancima

Napisano na dan: 18.4.2009

problem sa trojancima

Sledeća strana

Pagination

Odgovori

vania71 Poslao: 18 Apr 2009 16:06 Idi na vrh
offline vania71 Novi MyCity građanin Pridružio: 18 Apr 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 18 Apr 2009 16:02 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:58:29 م, on 18/04/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Documents and Settings\Acer\Desktop\vania\TR3.exe..exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: Shell=explorer.exe, killer.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Disk Cleaner.lnk = C:\Program Files\Disk Cleaner\dclean.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: lsass.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 8209 bytes imam trojance i nezanam kako da ih se resim hvala unapred Dopuna: 18 Apr 2009 16:06 molim za pomoc ja sam pocetnik na kompjuteru i imam problema sa trojancima posavetujte me kako da ih izbrisem hvala unapred

Profil

argus Poslao: 18 Apr 2009 17:02 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. --------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

vania71 Poslao: 19 Apr 2009 16:34 Idi na vrh
offline vania71 Novi MyCity građanin Pridružio: 18 Apr 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-19.05 - Acer 04/19/2009 17:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.502.214 [GMT 3:00] Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090418-0] On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Acer\Application Data\tazebama c:\documents and settings\Acer\Application Data\tazebama\tazebama.log c:\documents and settings\Acer\Application Data\tazebama\zPharaoh.dat c:\documents and settings\Administrator\Application Data\tazebama c:\documents and settings\Administrator\Application Data\tazebama\zPharaoh.dat C:\Funny UST Scandal.avi.exe c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll c:\windows\Funny UST Scandal.exe c:\windows\IE4 Error Log.txt c:\windows\system32\setting.ini D:\Funny UST Scandal.avi.exe D:\smss.exe . ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-18 03:38 . 2009-04-18 03:38 -------- d-----w C:\log 2009-04-16 21:02 . 2009-04-16 21:02 -------- d-----w c:\documents and settings\Acer\Application Data\Anabel 2009-04-14 13:43 . 2009-04-14 13:43 -------- d-----w c:\documents and settings\Acer\Application Data\Alawar 2009-04-07 17:48 . 2009-04-07 17:50 -------- d-----w c:\documents and settings\Acer\Application Data\BeachPartyCraze 2009-04-06 15:00 . 2009-04-06 15:00 -------- d-----w c:\documents and settings\All Users\Application Data\Fugazo 2009-04-02 16:48 . 2009-04-02 16:48 -------- d-----w c:\documents and settings\All Users\Application Data\SugarGames 2009-04-02 15:34 . 2009-04-02 15:34 -------- d-----w c:\documents and settings\All Users\Application Data\Arkadium 2009-04-01 13:31 . 2009-04-01 13:31 -------- d-----w c:\documents and settings\All Users\Application Data\TheRace_dev 2009-03-31 14:20 . 2009-03-31 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\iWin 2009-03-28 15:47 . 2009-03-28 15:47 -------- d-----w c:\documents and settings\All Users\Application Data\Fitn17 2009-03-27 01:17 . 2009-03-27 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\AdventureChronicles1 2009-03-22 13:14 . 2009-03-22 13:25 -------- d-----w c:\documents and settings\Acer\Application Data\FairyTale 2009-03-20 16:22 . 2008-03-05 13:03 479752 ----a-w c:\windows\system32\XAudio2_0.dll 2009-03-20 16:22 . 2008-03-05 13:03 238088 ----a-w c:\windows\system32\xactengine3_0.dll 2009-03-20 16:22 . 2008-03-05 13:00 25608 ----a-w c:\windows\system32\X3DAudio1_3.dll 2009-03-20 16:22 . 2008-03-05 12:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll 2009-03-20 16:22 . 2008-03-05 12:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll 2009-03-20 16:22 . 2008-02-05 20:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll 2009-03-20 16:22 . 2007-10-22 00:39 267272 ----a-w c:\windows\system32\xactengine2_10.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 13:37 . 2008-12-01 15:16 -------- d-----w c:\program files\RealArcade 2009-04-18 14:46 . 2008-11-12 18:17 -------- d-----w c:\documents and settings\Acer\Application Data\Meridian93 2009-04-18 14:29 . 2008-11-12 16:49 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-16 20:58 . 2009-04-16 20:47 605708659 ----a-w c:\program files\maya2009-win-trial.exe 2009-04-12 15:36 . 2009-04-12 15:30 -------- d-----w c:\program files\Disk Cleaner 2009-04-12 15:26 . 2009-04-12 15:26 431079 ----a-w c:\program files\dcsetup1_5_7_feb_2008.exe 2009-04-11 14:55 . 2008-10-18 06:16 -------- d-----w c:\program files\MSN Messenger 2009-04-05 16:44 . 2009-04-05 16:44 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-04-05 16:38 . 2008-10-18 06:24 -------- d-----w c:\program files\Common Files\Adobe 2009-04-05 16:14 . 2009-04-05 16:14 43083040 ----a-w c:\program files\AdbeRdr910_en_US_Std.exe 2009-04-05 13:00 . 2009-04-05 12:51 -------- d-----w c:\program files\RegCleaner 2009-04-05 12:51 . 2009-04-05 12:51 553687 ----a-w c:\program files\jv16_regcleaner.exe 2009-04-03 20:21 . 2009-01-23 17:12 -------- d-----w c:\documents and settings\Acer\Application Data\EleFun Games 2009-03-31 14:20 . 2008-11-23 20:31 -------- d-----w c:\documents and settings\Acer\Application Data\iWin 2009-03-29 15:57 . 2008-11-12 21:05 -------- d-----w c:\documents and settings\All Users\Application Data\Intenium 2009-03-28 16:52 . 2008-11-13 12:08 -------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2009-03-27 19:34 . 2008-10-18 06:15 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-25 17:01 . 2009-03-16 14:50 -------- d-----w c:\documents and settings\Acer\Application Data\ITTNord 2009-03-19 15:06 . 2009-03-19 15:06 -------- d-----w c:\documents and settings\Acer\Application Data\Total Eclipse 2009-03-19 14:06 . 2009-03-16 14:00 -------- d-----w c:\program files\Spellagories 2009-03-19 13:56 . 2009-03-17 14:22 -------- d-----w c:\documents and settings\Acer\Application Data\Mind Control Software 2009-03-18 19:12 . 2009-03-18 19:12 -------- d-----w c:\documents and settings\All Users\Application Data\FreshGames 2009-03-16 15:31 . 2009-03-16 15:31 -------- d-----w c:\documents and settings\Acer\Application Data\Righteous Kill 2009-03-16 13:34 . 2009-03-09 13:59 -------- d-----w c:\documents and settings\Acer\Application Data\Ancient Quest of Saqqarah__gamehouse 2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\documents and settings\Acer\Application Data\panoramik 2009-03-15 15:32 . 2009-03-15 15:32 -------- d-----w c:\documents and settings\All Users\Application Data\Game Club Cafe Game Downloads 2009-03-14 19:51 . 2009-03-14 19:51 -------- d-----w c:\documents and settings\Acer\Application Data\ViquaSoft 2009-03-12 13:40 . 2009-01-28 15:41 -------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2009-03-08 14:49 . 2009-03-08 14:49 -------- d-----w c:\documents and settings\Acer\Application Data\Playrix Entertainment 2009-03-07 14:43 . 2008-11-17 17:16 -------- d-----w c:\documents and settings\All Users\Application Data\Gogii 2009-03-07 13:29 . 2009-03-07 13:29 -------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze 2009-03-05 15:16 . 2008-11-18 15:14 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2009-03-05 15:16 . 2008-11-18 15:14 -------- d-----w c:\documents and settings\Acer\Application Data\PlayFirst 2009-03-04 11:51 . 2009-02-20 10:53 4 --s-a-w C:\dp01m.log 2009-02-28 14:45 . 2009-02-28 14:45 -------- d-----w c:\documents and settings\All Users\Application Data\HoverBee Studios 2009-02-24 12:33 . 2009-02-20 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\FaceOnBody 2009-02-24 12:33 . 2009-02-20 11:34 -------- d-----w c:\program files\FaceOnBody 2009-02-21 21:20 . 2009-02-21 21:20 -------- d-----w c:\documents and settings\All Users\Application Data\PlayPond 2009-02-21 21:18 . 2009-02-20 10:46 -------- d-----w c:\program files\Google 2009-02-20 16:25 . 2009-02-20 10:36 -------- d-----w c:\documents and settings\Acer\Application Data\IDM 2009-02-20 15:43 . 2009-02-20 10:36 -------- d-----w c:\documents and settings\Acer\Application Data\DMCache 2009-02-20 11:31 . 2009-02-20 11:31 -------- d-----w c:\program files\Common Files\xing shared 2009-02-20 11:31 . 2008-10-18 06:13 -------- d-----w c:\program files\Common Files\Real 2009-02-20 10:57 . 2008-10-18 06:20 -------- d-----w c:\program files\CyberLink 2009-02-20 10:53 . 2009-02-20 10:53 -------- d-----w c:\program files\Waraxe 2009-02-20 10:52 . 2009-02-20 10:48 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2009-02-20 10:42 . 2009-02-20 10:41 -------- d-----w c:\program files\QuickWiz 2009-02-20 10:41 . 2009-02-20 10:41 -------- d-----w c:\program files\Common Files\Accent Shared 2009-02-20 10:41 . 2009-02-20 10:41 -------- d-----w c:\program files\Common Files\GuruNet Shared 2009-02-20 10:29 . 2008-10-18 06:25 -------- d-----w c:\program files\Common Files\ACD Systems 2009-02-20 10:28 . 2008-10-18 06:25 -------- d-----w c:\program files\ACD Systems 2009-02-17 11:46 . 2009-02-20 10:39 298496 ----a-w c:\windows\uninst.exe 2009-02-16 20:14 . 2008-10-18 06:29 6 ----a-w C:\ISACER.ID 2008-11-22 21:46 . 2008-10-17 20:06 95032 ----a-w c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-18 77824] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-20 1862144] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-20 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Acer\Start Menu\Programs\Startup\ Disk Cleaner.lnk - c:\program files\Disk Cleaner\dclean.exe [2005-11-21 209920] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-3 415072] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R3 EpmShd;Acer EPM System Hardware Driver; [x] S1 aswSP;avast! Self Protection; [x] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 13:51 13560] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16690af8-c182-11dd-889f-0013cec26358}] \Shell\Autoplay\Command - F:\smss.exe \Shell\AutoRun\command - F:\smss.exe \Shell\Explore\Command - F:\smss.exe \Shell\Open\Command - F:\smss.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c7d334-d8f8-11dd-88df-0014a48dce6e}] \Shell\Autoplay\Command - F:\smss.exe \Shell\AutoRun\command - F:\smss.exe \Shell\Explore\Command - F:\smss.exe \Shell\Open\Command - F:\smss.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{799d8bda-a0cb-11dd-8858-0013cec26358}] \Shell\Autoplay\Command - F:\smss.exe \Shell\AutoRun\command - F:\smss.exe \Shell\Explore\Command - F:\smss.exe \Shell\Open\Command - F:\smss.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2e1f05-a5fa-11dd-8865-0014a48dce6e}] \Shell\AutoRun\command - F:\bo1dhu.bat \Shell\explore\Command - F:\bo1dhu.bat \Shell\open\Command - F:\bo1dhu.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd02ede8-9f71-11dd-8856-0013cec26358}] \Shell\Autoplay\Command - F:\smss.exe \Shell\AutoRun\command - F:\smss.exe \Shell\Explore\Command - F:\smss.exe \Shell\Open\Command - F:\smss.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-Device Detector - DevDetect.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.sa/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-19 17:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\program files\Common Files\ACD Systems\EN\DevDetect.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-04-19 17:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-19 14:26 Pre-Run: 11,013,988,352 bytes free Post-Run: 11,909,120,000 bytes free 216

Profil

argus Poslao: 19 Apr 2009 20:31 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo iskljuci AV Otvoriti Notepad i iskopirati sledeci tekst: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16690af8-c182-11dd-889f-0013cec26358}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c7d334-d8f8-11dd-88df-0014a48dce6e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{799d8bda-a0cb-11dd-8858-0013cec26358}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2e1f05-a5fa-11dd-8865-0014a48dce6e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd02ede8-9f71-11dd-8856-0013cec26358}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. -------------------------------------- - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

vania71 Poslao: 20 Apr 2009 13:33 Idi na vrh
offline vania71 Novi MyCity građanin Pridružio: 18 Apr 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 20 Apr 2009 13:32 ComboFix 09-04-19.01 - Acer 04/20/2009 14:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.502.194 [GMT 3:00] Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Acer\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090418-0] On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 ))))))))))))))))))))))))))))))) . 2009-04-19 20:53 . 2009-04-19 20:53 -------- d-----w c:\documents and settings\All Users\Application Data\Valusoft 2009-04-19 20:53 . 2009-04-19 20:53 -------- d-----w c:\documents and settings\Acer\Application Data\Valusoft 2009-04-18 03:38 . 2009-04-18 03:38 -------- d-----w C:\log 2009-04-16 21:02 . 2009-04-16 21:02 -------- d-----w c:\documents and settings\Acer\Application Data\Anabel 2009-04-14 13:43 . 2009-04-14 13:43 -------- d-----w c:\documents and settings\Acer\Application Data\Alawar 2009-04-07 17:48 . 2009-04-07 17:50 -------- d-----w c:\documents and settings\Acer\Application Data\BeachPartyCraze 2009-04-06 15:00 . 2009-04-06 15:00 -------- d-----w c:\documents and settings\All Users\Application Data\Fugazo 2009-04-02 16:48 . 2009-04-02 16:48 -------- d-----w c:\documents and settings\All Users\Application Data\SugarGames 2009-04-02 15:34 . 2009-04-02 15:34 -------- d-----w c:\documents and settings\All Users\Application Data\Arkadium 2009-04-01 13:31 . 2009-04-01 13:31 -------- d-----w c:\documents and settings\All Users\Application Data\TheRace_dev 2009-03-31 14:20 . 2009-03-31 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\iWin 2009-03-28 15:47 . 2009-03-28 15:47 -------- d-----w c:\documents and settings\All Users\Application Data\Fitn17 2009-03-27 01:17 . 2009-03-27 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\AdventureChronicles1 2009-03-22 13:14 . 2009-03-22 13:25 -------- d-----w c:\documents and settings\Acer\Application Data\FairyTale . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 14:40 . 2008-12-01 15:16 -------- d-----w c:\program files\RealArcade 2009-04-19 14:34 . 2008-10-17 20:06 95032 ----a-w c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-18 14:46 . 2008-11-12 18:17 -------- d-----w c:\documents and settings\Acer\Application Data\Meridian93 2009-04-18 14:29 . 2008-11-12 16:49 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-16 20:58 . 2009-04-16 20:47 605708659 ----a-w c:\program files\maya2009-win-trial.exe 2009-04-12 15:36 . 2009-04-12 15:30 -------- d-----w c:\program files\Disk Cleaner 2009-04-12 15:26 . 2009-04-12 15:26 431079 ----a-w c:\program files\dcsetup1_5_7_feb_2008.exe 2009-04-11 14:55 . 2008-10-18 06:16 -------- d-----w c:\program files\MSN Messenger 2009-04-05 16:44 . 2009-04-05 16:44 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-04-05 16:38 . 2008-10-18 06:24 -------- d-----w c:\program files\Common Files\Adobe 2009-04-05 16:14 . 2009-04-05 16:14 43083040 ----a-w c:\program files\AdbeRdr910_en_US_Std.exe 2009-04-05 13:00 . 2009-04-05 12:51 -------- d-----w c:\program files\RegCleaner 2009-04-05 12:51 . 2009-04-05 12:51 553687 ----a-w c:\program files\jv16_regcleaner.exe 2009-04-03 20:21 . 2009-01-23 17:12 -------- d-----w c:\documents and settings\Acer\Application Data\EleFun Games 2009-03-31 14:20 . 2008-11-23 20:31 -------- d-----w c:\documents and settings\Acer\Application Data\iWin 2009-03-29 15:57 . 2008-11-12 21:05 -------- d-----w c:\documents and settings\All Users\Application Data\Intenium 2009-03-28 16:52 . 2008-11-13 12:08 -------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2009-03-27 19:34 . 2008-10-18 06:15 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-25 17:01 . 2009-03-16 14:50 -------- d-----w c:\documents and settings\Acer\Application Data\ITTNord 2009-03-19 15:06 . 2009-03-19 15:06 -------- d-----w c:\documents and settings\Acer\Application Data\Total Eclipse 2009-03-19 14:06 . 2009-03-16 14:00 -------- d-----w c:\program files\Spellagories 2009-03-19 13:56 . 2009-03-17 14:22 -------- d-----w c:\documents and settings\Acer\Application Data\Mind Control Software 2009-03-18 19:12 . 2009-03-18 19:12 -------- d-----w c:\documents and settings\All Users\Application Data\FreshGames 2009-03-16 15:31 . 2009-03-16 15:31 -------- d-----w c:\documents and settings\Acer\Application Data\Righteous Kill 2009-03-16 13:34 . 2009-03-09 13:59 -------- d-----w c:\documents and settings\Acer\Application Data\Ancient Quest of Saqqarah__gamehouse 2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\documents and settings\Acer\Application Data\panoramik 2009-03-15 15:32 . 2009-03-15 15:32 -------- d-----w c:\documents and settings\All Users\Application Data\Game Club Cafe Game Downloads 2009-03-14 19:51 . 2009-03-14 19:51 -------- d-----w c:\documents and settings\Acer\Application Data\ViquaSoft 2009-03-12 13:40 . 2009-01-28 15:41 -------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2009-03-08 14:49 . 2009-03-08 14:49 -------- d-----w c:\documents and settings\Acer\Application Data\Playrix Entertainment 2009-03-07 14:43 . 2008-11-17 17:16 -------- d-----w c:\documents and settings\All Users\Application Data\Gogii 2009-03-07 13:29 . 2009-03-07 13:29 -------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze 2009-03-05 15:16 . 2008-11-18 15:14 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2009-03-05 15:16 . 2008-11-18 15:14 -------- d-----w c:\documents and settings\Acer\Application Data\PlayFirst 2009-03-04 11:51 . 2009-02-20 10:53 4 --s-a-w C:\dp01m.log 2009-02-28 14:45 . 2009-02-28 14:45 -------- d-----w c:\documents and settings\All Users\Application Data\HoverBee Studios 2009-02-24 12:33 . 2009-02-20 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\FaceOnBody 2009-02-24 12:33 . 2009-02-20 11:34 -------- d-----w c:\program files\FaceOnBody 2009-02-21 21:20 . 2009-02-21 21:20 -------- d-----w c:\documents and settings\All Users\Application Data\PlayPond 2009-02-21 21:18 . 2009-02-20 10:46 -------- d-----w c:\program files\Google 2009-02-20 16:25 . 2009-02-20 10:36 -------- d-----w c:\documents and settings\Acer\Application Data\IDM 2009-02-20 15:43 . 2009-02-20 10:36 -------- d-----w c:\documents and settings\Acer\Application Data\DMCache 2009-02-20 11:31 . 2009-02-20 11:31 -------- d-----w c:\program files\Common Files\xing shared 2009-02-20 11:31 . 2008-10-18 06:13 -------- d-----w c:\program files\Common Files\Real 2009-02-20 10:57 . 2008-10-18 06:20 -------- d-----w c:\program files\CyberLink 2009-02-20 10:53 . 2009-02-20 10:53 -------- d-----w c:\program files\Waraxe 2009-02-20 10:52 . 2009-02-20 10:48 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2009-02-20 10:42 . 2009-02-20 10:41 -------- d-----w c:\program files\QuickWiz 2009-02-20 10:41 . 2009-02-20 10:41 -------- d-----w c:\program files\Common Files\Accent Shared 2009-02-20 10:41 . 2009-02-20 10:41 -------- d-----w c:\program files\Common Files\GuruNet Shared 2009-02-20 10:29 . 2008-10-18 06:25 -------- d-----w c:\program files\Common Files\ACD Systems 2009-02-20 10:28 . 2008-10-18 06:25 -------- d-----w c:\program files\ACD Systems 2009-02-17 11:46 . 2009-02-20 10:39 298496 ----a-w c:\windows\uninst.exe 2009-02-16 20:14 . 2008-10-18 06:29 6 ----a-w C:\ISACER.ID . ((((((((((((((((((((((((((((( SnapShot@2009-04-19_14.20.05 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-20 10:35 . 2009-04-20 10:35 16384 c:\windows\Temp\Perflib_Perfdata_450.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-18 77824] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-20 1862144] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-20 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Acer\Start Menu\Programs\Startup\ Disk Cleaner.lnk - c:\program files\Disk Cleaner\dclean.exe [2005-11-21 209920] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-3 415072] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R3 EpmShd;Acer EPM System Hardware Driver; [x] S1 aswSP;avast! Self Protection; [x] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 13:51 13560] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.sa/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-20 14:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2009-04-20 14:26 ComboFix-quarantined-files.txt 2009-04-20 11:25 ComboFix2.txt 2009-04-19 14:26 Pre-Run: 11,812,671,488 bytes free Post-Run: 11,805,868,032 bytes free 160 Dopuna: 20 Apr 2009 13:33 USBNoRisk 1.6 by bobby Started at 20/04/2009 02:27:04 م Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {3963cdfb-9c9c-11dd-88c2-806d6172696f} D: {3963cdfc-9c9c-11dd-88c2-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 3963cdfb-9c9c-11dd-88c2-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 3963cdfc-9c9c-11dd-88c2-806d6172696f ======================================== New device connected at 20/04/2009 02:27:24 م Scanning for connected USB mass storage... ---------------------------------------- N: {97cd132a-9dec-11dd-8853-0013cec26358} Added N: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on N: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- Sanitized 97cd132a-9dec-11dd-8853-0013cec26358 ======================================== ---------------------------------------- Desktop.ini on N: - None ---------------------------------------- ======================================== ======================================== Removed N: ======================================== New device connected at 20/04/2009 02:27:36 م Scanning for connected USB mass storage... ---------------------------------------- F: {8d2e1f05-a5fa-11dd-8865-0014a48dce6e} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on F: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 8d2e1f05-a5fa-11dd-8865-0014a48dce6e ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ======================================== ======================================== Removed F: ======================================== New device connected at 20/04/2009 02:28:09 م Scanning for connected USB mass storage... ---------------------------------------- F: {cd02ede8-9f71-11dd-8856-0013cec26358} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] open = smss.exe shell\Open\Command=smss.exe shell\Open\Default=1 shell\Explore\Command=smss.exe shell\Autoplay\Command=smss.exe ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\smss.exe -r-hs 229621 ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for cd02ede8-9f71-11dd-8856-0013cec26358 ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ======================================== ======================================== Removed F: ========================================

Profil

argus Poslao: 20 Apr 2009 17:11 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni USBNoRisk, prebaci se na karticu Script i tamo unesi sledeci tekst: `{cd02ede8-9f71-11dd-8856-0013cec26358} f_delete: %DRIVE%smss.exe delete_blocked:` Prebaci se na karticu Monitor. Sada ubodi problematicni USB stick u komp i dopusti da USBNoRisk obavi svoje (ovaj put ce to da potraje malo duze). Kada zavrsi ponovo snimi log i postavi ga u poruci na forumu.

Profil

vania71 Poslao: 21 Apr 2009 15:17 Idi na vrh
offline vania71 Novi MyCity građanin Pridružio: 18 Apr 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 21 Apr 2009 15:08 USBNoRisk 1.6 by bobby Started at 21/04/2009 03:55:34 م Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {3963cdfb-9c9c-11dd-88c2-806d6172696f} D: {3963cdfc-9c9c-11dd-88c2-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 3963cdfb-9c9c-11dd-88c2-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 3963cdfc-9c9c-11dd-88c2-806d6172696f ======================================== New device connected at 21/04/2009 03:56:18 م Scanning for connected USB mass storage... ---------------------------------------- F: {cd02ede8-9f71-11dd-8856-0013cec26358} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] open = smss.exe shell\Open\Command=smss.exe shell\Open\Default=1 shell\Explore\Command=smss.exe shell\Autoplay\Command=smss.exe ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\smss.exe -r-hs 229621 ---------------------------------------- ---------------------------------------- Autorun.inf on F: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for cd02ede8-9f71-11dd-8856-0013cec26358 ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: F:\ cd02ede8-9f71-11dd-8856-0013cec26358 SectionStart = 0 SectionEnd = 2 f_delete: file "F:\smss.exe" deleted successfully ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: F:\autorun.inf.blocked > Done! ---------------------------------------- ======================================== ======================================== Removed F: ======================================== New device connected at 21/04/2009 03:57:18 م Scanning for connected USB mass storage... ---------------------------------------- F: {cd02ede8-9f71-11dd-8856-0013cec26358} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on F: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for cd02ede8-9f71-11dd-8856-0013cec26358 ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: F:\ cd02ede8-9f71-11dd-8856-0013cec26358 SectionStart = 0 SectionEnd = 2 f_delete: F:\smss.exe > File does not exist! ---------------------------------------- Deleting blocked files: ---------------------------------------- None ---------------------------------------- ======================================== ======================================== Removed F: ======================================== New device connected at 21/04/2009 04:01:18 م Scanning for connected USB mass storage... ---------------------------------------- F: {8d2e1f05-a5fa-11dd-8865-0014a48dce6e} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on F: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 8d2e1f05-a5fa-11dd-8865-0014a48dce6e ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: F:\ No script to process for F:\ ---------------------------------------- ======================================== ======================================== Removed F: ======================================== New device connected at 21/04/2009 04:04:25 م Scanning for connected USB mass storage... ---------------------------------------- N: {97cd132a-9dec-11dd-8853-0013cec26358} Added N: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on N: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 97cd132a-9dec-11dd-8853-0013cec26358 ======================================== ---------------------------------------- Desktop.ini on N: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: N:\ No script to process for N:\ ---------------------------------------- ======================================== ======================================== Removed N: ======================================== Dopuna: 21 Apr 2009 15:17 Dobar dan,hvala Vam sto se trudite da mi pomognete.Uradila sam sve sto ste trazili danas i nije trajalo dugo par sekundi pa sam stavila sva tri USB nadam se da to nije bila greska.Neznam tacno gde je problem mislim da je virus usao u sve aparate.

Profil

argus Poslao: 21 Apr 2009 20:10 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! vania71 kod tebe je sve cisto i ako nemas vise problema sa kompom uradi sledece: Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi.

Profil

vania71 Poslao: 22 Apr 2009 15:38 Idi na vrh
offline vania71 Novi MyCity građanin Pridružio: 18 Apr 2009 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hvala Vam puno to je jako dobra vest.Pre 5 dana pravila sam skeniranje komp.sa spyware doctor i rezultat posle 12 sati je bio da imam 1 spyware 1 adware i 3 vrste trojan virusa jedan je nosio ime trojan killers sa oznakom high level risk. Na kraju skeniranja nisam znala sta da uradim pa sam program zatvorila a dan kasnije i deinstalirala.Vec 6 meseci imam problem sa istim virusom koji mi duplira fajlove i komp. usporava isti je slucaj i sa laptopom mog muza.U svakom slucaju hvala jos jednom.Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem sa trojancima

Ko je trenutno na forumu

Ukupno su 906 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 873 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bokisha253, croato, Dimitrise93, dule10savic, ginjica, goxsys, Lieutenant, lord sir giga, Misha V, mkukoleca, mnn2, Mr. Majevica, mrav pesadinac, nedeljkovici, nenad81, Panter, pein, raptorsi, repac, Rogan33, S2M, Smiljke, Srki94, Srle993, stalja, Trpe Grozni, Tvrtko I, wolf431, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by