MyCity » Ambulanta -> Arhiva Ambulante » provjera...

provjera...

Napisano na dan: 11.11.2008

provjera...

Sledeća strana

Pagination

Odgovori

no_name- Poslao: 11 Nov 2008 15:57 Idi na vrh
offline no_name- Novi MyCity građanin Pridružio: 10 Nov 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! molim vas da mi provjerite ova priložen log... u posljednje vrijeme mi je jaklo usporen komp i kada surfam samo mi odjednom mozilla firefox izbaci erorr i onda mi izađe... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:52:14, on 11.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ask.com?o=1607 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [qviw] C:\WINDOWS\system32\qviw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{95597CBF-B989-4479-B6D1-DEAC3B5F0662}: NameServer = 195.29.149.197 195.29.149.196 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Print Spooler Service (k8yeu9odor2rvz) - Unknown owner - C:\WINDOWS\system32\qviw.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7122 bytes

Profil

dr_Bora Poslao: 11 Nov 2008 17:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav no_name-... Pisanje u temama koje su drugi korisnici foruma otvorili u Ambulanti je zabranjeno (čisto da znaš za drugi put). Što se tiče kompjutera, postoje tragovi malware-a. * Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

no_name- Poslao: 11 Nov 2008 17:36 Idi na vrh
offline no_name- Novi MyCity građanin Pridružio: 10 Nov 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-10.01 - Korinik 2008-11-11 17:22:19.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.65 [GMT 1:00] Running from: c:\documents and settings\Korinik\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Korinik\Favorites\Download programs.url c:\documents and settings\Korinik\Favorites\Games.url c:\documents and settings\Korinik\Favorites\Translator.url c:\documents and settings\Korinik\Favorites\Videos.url c:\documents and settings\Korinik\Start Menu\Programs\Download programs.url c:\documents and settings\Korinik\Start Menu\Programs\Games.url c:\documents and settings\Korinik\Start Menu\Programs\Translator.url c:\documents and settings\Korinik\Start Menu\Programs\Videos.url c:\windows\Temp\log.txt . ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-11 15:51 . 2008-11-11 15:51 <DIR> d-------- c:\program files\Trend Micro 2008-11-10 13:36 . 2008-11-10 13:36 <DIR> d-------- c:\program files\Common Files\xing shared 2008-11-09 18:25 . 2008-11-09 18:25 <DIR> d---s---- c:\documents and settings\Korinik\UserData 2008-11-09 14:38 . 2008-11-10 21:08 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-09 14:19 . 2008-11-09 14:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-09 14:19 . 2008-11-09 14:19 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-09 14:18 . 2008-11-11 13:15 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-09 14:18 . 2008-11-09 14:18 <DIR> d-------- c:\program files\AVG 2008-11-09 14:18 . 2008-11-09 18:27 <DIR> d-------- c:\documents and settings\Korinik\Application Data\AVGTOOLBAR 2008-11-09 14:18 . 2008-11-09 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-09 14:18 . 2008-11-09 14:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-01 11:33 . 2008-11-01 11:36 <DIR> d-------- c:\program files\Sprint-Layout50 (Demo) 2008-10-19 17:40 . 2008-10-22 18:50 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-19 17:40 . 2008-10-19 17:40 1,409 --a------ c:\windows\QTFont.for 2008-10-17 22:18 . 2008-10-17 22:18 268 --ah----- C:\sqmdata19.sqm 2008-10-17 22:18 . 2008-10-17 22:18 244 --ah----- C:\sqmnoopt19.sqm 2008-10-17 12:32 . 2008-10-17 12:32 268 --ah----- C:\sqmdata18.sqm 2008-10-17 12:32 . 2008-10-17 12:32 244 --ah----- C:\sqmnoopt18.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 14:24 --------- d-----w c:\program files\mobitel 2008-11-10 14:19 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 14:19 --------- d-----w c:\program files\FrostWire 2008-11-10 12:35 --------- d-----w c:\program files\Common Files\Real 2008-11-09 13:38 --------- d-----w c:\program files\MessengerDiscovery 2008-11-01 17:50 --------- d-----w c:\program files\EWB512 2008-10-02 22:04 --------- d-----w c:\program files\riječnik 2008-10-02 22:03 --------- d-----w c:\program files\eMule 2008-09-27 10:20 --------- d-----w c:\program files\Winamp 2008-09-26 18:27 --------- d-----w c:\documents and settings\Korinik\Application Data\LimeWire 2008-09-20 12:21 --------- d-----w c:\documents and settings\Korinik\Application Data\BSplayer Pro 2008-09-20 09:06 --------- d-----w c:\documents and settings\Korinik\Application Data\FrostWire 2008-09-20 08:40 --------- d-----w c:\program files\AskSBar 2008-09-20 08:18 --------- d-----w c:\program files\Movie Torrent 2008-09-20 07:25 --------- d-----w c:\program files\LimeWire 2008-09-15 15:06 --------- d-----w c:\program files\MSN Messenger 2008-09-13 14:09 --------- d-----w c:\program files\Witcobber 2007-02-13 09:47 1,997,824 ----a-w c:\program files\viewlayout50.exe 2007-02-13 09:43 2,017,280 ----a-w c:\program files\layout50.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-05-07 57344] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-09-20 66912] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-09-20 09:40 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] 2008-08-04 12:17 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-09 1234712] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-10 185872] c:\documents and settings\Korinik\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2008-03-25 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\igre\\Coll of duty 2\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\igre\\Soldat\\Soldat.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-09 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-09 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-09 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-09 76040] R2 CAPI;CAPI 2.0 Service;c:\windows\system32\DRIVERS\capi.sys [2001-03-21 26064] R2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\DRIVERS\ndiscapi.sys [2001-03-21 27792] R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-03 12672] R3 wdxwmac;PCI ISDN Card NDIS WAN Driver;c:\windows\system32\DRIVERS\wdxwmac.sys [2001-03-21 272016] S2 k8yeu9odor2rvz;Print Spooler Service;c:\windows\system32\qviw.exe [ ] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47d48954-022f-11dd-b907-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{727f6174-032e-11dd-b90a-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cb67449-049d-11dd-b90d-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e238ed06-d614-11dc-b8ad-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs Newly Created Service - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-eMuleAutoStart - c:\program files\eMule\emule.exe HKLM-Run-qviw - c:\windows\system32\qviw.exe HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Korinik\Application Data\Mozilla\Firefox\Profiles\iqxpt173.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.hr/firefox/ FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-11 17:26:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-11 17:31:23 ComboFix-quarantined-files.txt 2008-11-11 16:31:20 Pre-Run: 10.508.001.280 bytes free Post-Run: 13,513,052,160 bytes free 166

Profil

dr_Bora Poslao: 11 Nov 2008 19:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: Driver:: k8yeu9odor2rvz Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47d48954-022f-11dd-b907-000ef404149c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{727f6174-032e-11dd-b90a-000ef404149c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cb67449-049d-11dd-b90d-000ef404149c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e238ed06-d614-11dc-b8ad-000ef404149c}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

no_name- Poslao: 11 Nov 2008 19:35 Idi na vrh
offline no_name- Novi MyCity građanin Pridružio: 10 Nov 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-10.01 - Korinik 2008-11-11 19:23:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.83 [GMT 1:00] Running from: c:\documents and settings\Korinik\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-11 15:51 . 2008-11-11 15:51 <DIR> d-------- c:\program files\Trend Micro 2008-11-10 13:36 . 2008-11-10 13:36 <DIR> d-------- c:\program files\Common Files\xing shared 2008-11-09 18:25 . 2008-11-09 18:25 <DIR> d---s---- c:\documents and settings\Korinik\UserData 2008-11-09 14:38 . 2008-11-10 21:08 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-09 14:19 . 2008-11-09 14:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-09 14:19 . 2008-11-09 14:19 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-09 14:18 . 2008-11-11 13:15 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-09 14:18 . 2008-11-09 14:18 <DIR> d-------- c:\program files\AVG 2008-11-09 14:18 . 2008-11-09 18:27 <DIR> d-------- c:\documents and settings\Korinik\Application Data\AVGTOOLBAR 2008-11-09 14:18 . 2008-11-09 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-09 14:18 . 2008-11-09 14:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-01 11:33 . 2008-11-01 11:36 <DIR> d-------- c:\program files\Sprint-Layout50 (Demo) 2008-10-19 17:40 . 2008-10-22 18:50 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-19 17:40 . 2008-10-19 17:40 1,409 --a------ c:\windows\QTFont.for 2008-10-17 22:18 . 2008-10-17 22:18 268 --ah----- C:\sqmdata19.sqm 2008-10-17 22:18 . 2008-10-17 22:18 244 --ah----- C:\sqmnoopt19.sqm 2008-10-17 12:32 . 2008-10-17 12:32 268 --ah----- C:\sqmdata18.sqm 2008-10-17 12:32 . 2008-10-17 12:32 244 --ah----- C:\sqmnoopt18.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 14:24 --------- d-----w c:\program files\mobitel 2008-11-10 14:19 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 14:19 --------- d-----w c:\program files\FrostWire 2008-11-10 12:35 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-11-10 12:35 --------- d-----w c:\program files\Common Files\Real 2008-11-10 12:34 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-11-09 13:38 --------- d-----w c:\program files\MessengerDiscovery 2008-11-01 17:50 --------- d-----w c:\program files\EWB512 2008-10-02 22:05 770,560 ----a-w c:\windows\system32\VFP5ENU.DLL 2008-10-02 22:05 3,223,824 ----a-w c:\windows\system32\VFP500.DLL 2008-10-02 22:04 --------- d-----w c:\program files\riječnik 2008-10-02 22:03 --------- d-----w c:\program files\eMule 2008-09-27 10:20 --------- d-----w c:\program files\Winamp 2008-09-26 18:27 --------- d-----w c:\documents and settings\Korinik\Application Data\LimeWire 2008-09-20 12:21 --------- d-----w c:\documents and settings\Korinik\Application Data\BSplayer Pro 2008-09-20 09:06 --------- d-----w c:\documents and settings\Korinik\Application Data\FrostWire 2008-09-20 08:40 --------- d-----w c:\program files\AskSBar 2008-09-20 08:18 --------- d-----w c:\program files\Movie Torrent 2008-09-20 07:25 --------- d-----w c:\program files\LimeWire 2008-09-15 15:06 --------- d-----w c:\program files\MSN Messenger 2008-09-13 14:09 --------- d-----w c:\program files\Witcobber 2007-02-13 09:47 1,997,824 ----a-w c:\program files\viewlayout50.exe 2007-02-13 09:43 2,017,280 ----a-w c:\program files\layout50.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-05-07 57344] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-09-20 66912] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-09-20 09:40 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] 2008-08-04 12:17 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-09 1234712] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-10 185872] c:\documents and settings\Korinik\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2008-03-25 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\igre\\Coll of duty 2\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\igre\\Soldat\\Soldat.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-09 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-09 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-09 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-09 76040] R2 CAPI;CAPI 2.0 Service;c:\windows\system32\DRIVERS\capi.sys [2001-03-21 26064] R2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\DRIVERS\ndiscapi.sys [2001-03-21 27792] R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-03 12672] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] R3 wdxwmac;PCI ISDN Card NDIS WAN Driver;c:\windows\system32\DRIVERS\wdxwmac.sys [2001-03-21 272016] S2 k8yeu9odor2rvz;Print Spooler Service;c:\windows\system32\qviw.exe [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47d48954-022f-11dd-b907-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{727f6174-032e-11dd-b90a-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cb67449-049d-11dd-b90d-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e238ed06-d614-11dc-b8ad-000ef404149c}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Korinik\Application Data\Mozilla\Firefox\Profiles\iqxpt173.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.hr/firefox/ FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-11 19:26:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... c:\windows\explorer.exe [1880] 0xFE4BB068 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-11 19:30:59 ComboFix-quarantined-files.txt 2008-11-11 18:30:52 ComboFix2.txt 2008-11-11 16:31:25 Pre-Run: 13.507.305.472 bytes free Post-Run: 13,498,183,680 bytes free 156

Profil

dr_Bora Poslao: 11 Nov 2008 20:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo pročitaj moju prethodnu poruku (i isprati uputstvo). Znači, potrebno je iskopirati sve to što se nalazi unutar kod polja u Notepad i to sačuvati na disk pod nazivom CFScript. Zatim taj file, CFScript.txt prevući na ikonicu programa ComboFix (time će program biti pokrenut). Itd...

Profil

no_name- Poslao: 11 Nov 2008 20:32 Idi na vrh
offline no_name- Novi MyCity građanin Pridružio: 10 Nov 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! neznam jel se treba kompjuter resetirati u sred programa... meni se resetirao, ali kada se upalio onda je bio uključen combofix i kada sam pričekao dobio sam log file, nadam se da ovaj valja pozz ComboFix 08-11-10.01 - Korinik 2008-11-11 20:09:59.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.55 [GMT 1:00] Running from: c:\documents and settings\Korinik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korinik\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_K8YEU9ODOR2RVZ -------\Service_k8yeu9odor2rvz ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-11 15:51 . 2008-11-11 15:51 <DIR> d-------- c:\program files\Trend Micro 2008-11-10 13:36 . 2008-11-10 13:36 <DIR> d-------- c:\program files\Common Files\xing shared 2008-11-09 18:25 . 2008-11-09 18:25 <DIR> d---s---- c:\documents and settings\Korinik\UserData 2008-11-09 14:38 . 2008-11-10 21:08 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-09 14:19 . 2008-11-09 14:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-09 14:19 . 2008-11-09 14:19 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-09 14:18 . 2008-11-11 13:15 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-09 14:18 . 2008-11-09 14:18 <DIR> d-------- c:\program files\AVG 2008-11-09 14:18 . 2008-11-09 18:27 <DIR> d-------- c:\documents and settings\Korinik\Application Data\AVGTOOLBAR 2008-11-09 14:18 . 2008-11-09 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-09 14:18 . 2008-11-09 14:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-01 11:33 . 2008-11-01 11:36 <DIR> d-------- c:\program files\Sprint-Layout50 (Demo) 2008-10-19 17:40 . 2008-10-22 18:50 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-19 17:40 . 2008-10-19 17:40 1,409 --a------ c:\windows\QTFont.for 2008-10-17 22:18 . 2008-10-17 22:18 268 --ah----- C:\sqmdata19.sqm 2008-10-17 22:18 . 2008-10-17 22:18 244 --ah----- C:\sqmnoopt19.sqm 2008-10-17 12:32 . 2008-10-17 12:32 268 --ah----- C:\sqmdata18.sqm 2008-10-17 12:32 . 2008-10-17 12:32 244 --ah----- C:\sqmnoopt18.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 14:24 --------- d-----w c:\program files\mobitel 2008-11-10 14:19 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 14:19 --------- d-----w c:\program files\FrostWire 2008-11-10 12:35 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-11-10 12:35 --------- d-----w c:\program files\Common Files\Real 2008-11-10 12:34 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-11-09 13:38 --------- d-----w c:\program files\MessengerDiscovery 2008-11-01 17:50 --------- d-----w c:\program files\EWB512 2008-10-02 22:05 770,560 ----a-w c:\windows\system32\VFP5ENU.DLL 2008-10-02 22:05 3,223,824 ----a-w c:\windows\system32\VFP500.DLL 2008-10-02 22:04 --------- d-----w c:\program files\riječnik 2008-10-02 22:03 --------- d-----w c:\program files\eMule 2008-09-27 10:20 --------- d-----w c:\program files\Winamp 2008-09-26 18:27 --------- d-----w c:\documents and settings\Korinik\Application Data\LimeWire 2008-09-20 12:21 --------- d-----w c:\documents and settings\Korinik\Application Data\BSplayer Pro 2008-09-20 09:06 --------- d-----w c:\documents and settings\Korinik\Application Data\FrostWire 2008-09-20 08:40 --------- d-----w c:\program files\AskSBar 2008-09-20 08:18 --------- d-----w c:\program files\Movie Torrent 2008-09-20 07:25 --------- d-----w c:\program files\LimeWire 2008-09-15 15:06 --------- d-----w c:\program files\MSN Messenger 2008-09-13 14:09 --------- d-----w c:\program files\Witcobber 2007-02-13 09:47 1,997,824 ----a-w c:\program files\viewlayout50.exe 2007-02-13 09:43 2,017,280 ----a-w c:\program files\layout50.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-11_17.30.51,85 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-05-07 57344] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-09-20 66912] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-09-20 09:40 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] 2008-08-04 12:17 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-08-04 1569304] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-09 1234712] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-10 185872] c:\documents and settings\Korinik\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2008-03-25 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\igre\\Coll of duty 2\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\igre\\Soldat\\Soldat.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-09 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-09 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-09 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-09 76040] R2 CAPI;CAPI 2.0 Service;c:\windows\system32\DRIVERS\capi.sys [2001-03-21 26064] R2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\DRIVERS\ndiscapi.sys [2001-03-21 27792] R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-03 12672] R3 wdxwmac;PCI ISDN Card NDIS WAN Driver;c:\windows\system32\DRIVERS\wdxwmac.sys [2001-03-21 272016] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-11 20:17:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE c:\windows\system32\PnkBstrA.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe . ************************************************************************ . Completion time: 2008-11-11 20:24:43 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-11 19:24:32 ComboFix2.txt 2008-11-11 18:31:00 ComboFix3.txt 2008-11-11 16:31:25 Pre-Run: 13.465.309.184 bytes free Post-Run: 13,421,817,856 bytes free 159

Profil

dr_Bora Poslao: 11 Nov 2008 20:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, taj valja... Ovo sada izgleda čisto. Postoji li neki konkretan problem za koji sumnjaš da bi mogao biti prouzrokovan malware-om?

Profil

no_name- Poslao: 11 Nov 2008 21:04 Idi na vrh
offline no_name- Novi MyCity građanin Pridružio: 10 Nov 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! za sada ne postoji nikakav problem , ak ga u međuvremenu otkrijem ja se javim , kompjuter je postao brži hvala na pomoči pozz

Profil

dr_Bora Poslao: 11 Nov 2008 21:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi još i ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » provjera...

Ko je trenutno na forumu

Ukupno su 1078 korisnika na forumu :: 63 registrovanih, 6 sakrivenih i 1009 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., ajo baba, amaterSRB, aramis s, armor, babaroga, Battlehammer, BlekMen, cenejac111, Dimitrije Paunovic, Dimitrise93, djboj, draganca, draggan, dule10savic, esx66, FileFinder, Georgius, goxin, havoc995, Ivan Campo, Kaplar2, Kibice, kobaja77, Krvava Devetka, kunktator, laurusri, ljubacv, mercedesamg, Mercury, milenko crazy north, milimoj, Milometer, milutin134, nelsa, nikoladim, Nobunaga, novator, oldtimer, Panter, panzerwaffe, Recce, Romibrat, royst33, ruger357, ruma, S2M, shone34, Sirius, solic, Stoilkovic, Sumadija34, suton, uruk, vathra, Vlada1389, VojvodaMisic, wolverined4, šumar bk2, žeks62, 125, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by