treba mi pomoc

1

treba mi pomoc

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

zna li neko sta da uradim da mi se ovo vise ne pojavljuje pri paljenju racunara


mycity.rs/imgs/84013_54388591_untitled.JPG

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav

Isprati uputstvo za Ambulantu.

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

Napisano: 24 Avg 2009 22:39

DDS (Ver_09-07-30.01) - NTFSx86
Run by Sinisa at 22:24:12,85 on pon 24.08.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1516 [GMT 2:00]

FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\raidhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
"C:\Documents and Settings\Sinisa\Application Data\Microsoft\svchost.exe"
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
svchost
C:\WINDOWS\TEMP\dqfcwfnnyw.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\TEMP\dqfcwfnnyw.exe
C:\Documents and Settings\Sinisa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uSearch Page =
uSearch Bar =
mSearchAssistant =
mURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe c:\windows\cursors\lsass.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitTorrent] "d:\program files\bittorrent\bittorrent.exe"
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Nvidias] c:\windows\system32\rundll32.exe c:\docume~1\sinisa\locals~1\temp\237670781734Ati.dll,Sets
uRun: [svchost.exe] c:\documents and settings\sinisa\application data\microsoft\svchost.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [WINSCHEDULER] c:\progra~1\interv~1\windvr\WINSCH~1.EXE
mRun: [WinRemote] "c:\program files\intervideo\windvr\WinRemote.exe"
mRun: [WindowsHive] c:\windows\system32\rpcc.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [raidhost] raidhost.exe
StartupFolder: c:\documents and settings\sinisa\start menu\programs\startup\rncsys32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nokiao~1.lnk - f:\program files\nokia\ovi\suite\RunLauncher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R?2 AlerterALG;Alerter AlerterALG;c:\windows\temp\dqfcwfnnyw.exe service --> c:\windows\temp\dqfcwfnnyw.exe service [?]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2008-11-23 464264]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2008-4-1 19616]
S2 TwonkyMedia;TwonkyMedia;f:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> f:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\msn messenger\usnsvc.exe [2007-1-19 97136]

=============== Created Last 30 ================

2009-08-21 22:07 159,744 a------- C:\Adooobe.exe
2009-08-17 19:27 8 a------- c:\windows\system32\DROPPEDFILEOK2.tmp
2009-08-17 19:27 595,968 ---shr-- c:\windows\raidhost.exe
2009-08-14 17:18 <DIR> --d----- c:\docume~1\sinisa\applic~1\GARMIN
2009-08-14 17:17 <DIR> --d----- C:\Garmin

==================== Find3M ====================

2009-08-21 23:42 292,865 ---sh--- c:\windows\cursors\lsass.exe
2009-07-06 19:20 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-06 19:20 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-29 23:14 22,328 a------- c:\docume~1\sinisa\applic~1\PnkBstrK.sys
2009-04-19 11:13 88 ---shr-- c:\windows\system32\A3D6196DB1.sys
2009-04-19 11:13 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:25:35,43 ===============

mycity.rs/must-login.png

Dopuna: 24 Avg 2009 22:43

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 24 Avg 2009 22:50

zaboravih da pitam dali mozda znate u cemu je problem pa posle duzeg rada kompjutera ne mogu uci u ie , samo mi pokazuje da konekcija nije uredu i ja samo restartujem komp. i onda mi normalno radi i otvara mi sve stranice ali za nekih otprilike 5,6 sati opet isto

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

ComboFix 09-08-26.03 - Sinisa 26.08.2009 20:10.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1650 [GMT 2:00]
Running from: c:\documents and settings\Sinisa\Desktop\ComboFix.exe
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sinisa\Application Data\wiaserva.log
c:\documents and settings\Sinisa\Start Menu\Programs\Startup\rncsys32.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\Cursors\lsass.exe
c:\windows\Fonts\Reubalach.ttf
c:\windows\Installer\SwInstall.msi
c:\windows\raidhost.exe
c:\windows\system32\drivers\hjgruivvwqttrp.sys
c:\windows\system32\hjgruibprdsipf.dll
c:\windows\system32\hjgruirdylkrfp.dll
c:\windows\system32\hjgruismsqfupj.dat
c:\windows\system32\hjgruiwbihwuya.dat
c:\windows\system32\nerocheck.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiopupoboi
-------\Legacy_hjgruiopupoboi


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-21 20:08 . 2009-08-21 20:08 159744 ---h--w- c:\documents and settings\Sinisa\Application Data\Microsoft\svchost.exe
2009-08-21 20:07 . 2009-08-21 20:08 159744 ----a-w- C:\Adooobe.exe
2009-08-14 15:18 . 2009-08-14 15:32 -------- d-----w- c:\documents and settings\Sinisa\Application Data\GARMIN
2009-08-14 15:17 . 2009-08-14 15:18 -------- d-----w- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 18:07 . 2008-09-01 18:14 -------- d-----w- c:\documents and settings\Sinisa\Application Data\BitTorrent
2009-08-26 18:07 . 2008-08-15 14:31 -------- d-----w- c:\documents and settings\Sinisa\Application Data\DNA
2009-08-26 15:29 . 2008-08-15 14:31 -------- d-----w- c:\program files\DNA
2009-08-17 17:27 . 2009-08-17 17:27 8 ----a-w- c:\windows\system32\DROPPEDFILEOK2.tmp
2009-08-13 22:28 . 2009-03-09 13:29 2978776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-08 11:40 . 2008-10-30 18:58 -------- d-----w- c:\documents and settings\Sinisa\Application Data\PC Suite
2009-07-08 11:22 . 2008-10-30 19:08 -------- d-----w- c:\documents and settings\Sinisa\Application Data\Nokia
2009-07-07 14:02 . 2009-07-06 17:03 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-06 17:24 . 2009-07-06 17:24 -------- d-----w- c:\documents and settings\Sinisa\Application Data\Nseries
2009-07-06 17:21 . 2008-10-30 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-06 17:20 . 2009-07-06 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-06 17:20 . 2009-07-06 17:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-06 17:13 . 2008-04-01 17:16 181760 ----a-w- c:\documents and settings\Sinisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 17:06 . 2009-07-06 17:06 -------- d-----w- c:\program files\Nokia
2009-07-06 17:06 . 2009-07-06 17:06 -------- d-----w- c:\program files\MSXML 6.0
2009-07-06 17:06 . 2009-07-06 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-06 17:05 . 2009-07-06 17:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-06 17:05 . 2009-07-06 17:04 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-06 16:57 . 2008-10-30 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-18 19:05 . 2009-06-18 19:05 49152 ----a-r- c:\documents and settings\Sinisa\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-06-11 16:21 . 2009-06-11 16:21 15 ----a-w- c:\windows\popcinfo.dat
2009-04-19 09:13 . 2008-04-11 14:03 88 --sh--r- c:\windows\system32\A3D6196DB1.sys
2009-04-19 09:13 . 2008-04-11 14:03 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-12 21:37 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"BitTorrent"="d:\program files\BitTorrent\bittorrent.exe" [2009-08-21 653104]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-22 342848]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-1-6 131072]
Nokia Ovi Suite.lnk - f:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TGbox\\Gbox Control\\webinterface\\bin\\apache\\mapache.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\PES 09\\PES 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"f:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6168:TCP"= 6168:TCP:Gbox
"6168:UDP"= 6168:UDP:gbox

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [23.11.2008 1:03 464264]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20.7.2007 18:40 84992]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [1.4.2008 19:54 19616]
S2 AlerterALG;Alerter AlerterALG;c:\windows\TEMP\dqfcwfnnyw.exe service --> c:\windows\TEMP\dqfcwfnnyw.exe service [?]
S2 TwonkyMedia;TwonkyMedia;f:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> f:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8213910032.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-raidhost - raidhost.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-26 20:16
Windows 5.1.2600 Service Pack 3, v.3180 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "c:\program files\MSN Messenger\msnmsgr.exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,19,c4,28,16,df,88,b4,73,62,15,57,cb,58,96,35,eb,ff,33,7c,68,
2c,77,81,ea,a0,39,6b,41,b6,7e,02,f4,ee,85,b6,ec,89,2f,67,b9,ee,ec,10,a1,27,\
"rkeysecu"=hex:ea,c6,3c,ac,13,29,ba,78,17,23,fa,72,3f,a8,ac,d8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-26 20:18
ComboFix-quarantined-files.txt 2009-08-26 18:18
ComboFix2.txt 2009-01-02 00:04

Pre-Run: 9.386.278.912 bytes free
Post-Run: 9.807.732.736 bytes free

173 --- E O F --- 2008-06-21 10:55

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\documents and settings\Sinisa\Application Data\Microsoft\svchost.exe
C:\Adooobe.exe
c:\windows\system32\DROPPEDFILEOK2.tmp

Driver::
AlerterALG



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

ComboFix 09-08-26.05 - Sinisa 26.08.2009 23:28.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1558 [GMT 2:00]
Running from: c:\documents and settings\Sinisa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sinisa\Desktop\CFScript.txt
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"C:\Adooobe.exe"
"c:\documents and settings\Sinisa\Application Data\Microsoft\svchost.exe"
"c:\windows\system32\DROPPEDFILEOK2.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Adooobe.exe
c:\documents and settings\Sinisa\Application Data\Microsoft\svchost.exe
c:\windows\system32\DROPPEDFILEOK2.tmp
c:\windows\system32\nerocheck.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALERTERALG
-------\Service_AlerterALG


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-14 15:18 . 2009-08-14 15:32 -------- d-----w- c:\documents and settings\Sinisa\Application Data\GARMIN
2009-08-14 15:17 . 2009-08-14 15:18 -------- d-----w- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 21:37 . 2008-09-01 18:14 -------- d-----w- c:\documents and settings\Sinisa\Application Data\BitTorrent
2009-08-26 21:34 . 2008-08-15 14:31 -------- d-----w- c:\program files\DNA
2009-08-26 21:34 . 2008-08-15 14:31 -------- d-----w- c:\documents and settings\Sinisa\Application Data\DNA
2009-08-26 19:01 . 2008-04-02 09:33 -------- d-----w- c:\program files\Ahead
2009-08-13 22:28 . 2009-03-09 13:29 2978776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-08 11:40 . 2008-10-30 18:58 -------- d-----w- c:\documents and settings\Sinisa\Application Data\PC Suite
2009-07-08 11:22 . 2008-10-30 19:08 -------- d-----w- c:\documents and settings\Sinisa\Application Data\Nokia
2009-07-07 14:02 . 2009-07-06 17:03 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-06 17:24 . 2009-07-06 17:24 -------- d-----w- c:\documents and settings\Sinisa\Application Data\Nseries
2009-07-06 17:21 . 2008-10-30 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-06 17:20 . 2009-07-06 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-06 17:20 . 2009-07-06 17:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-06 17:13 . 2008-04-01 17:16 181760 ----a-w- c:\documents and settings\Sinisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 17:06 . 2009-07-06 17:06 -------- d-----w- c:\program files\Nokia
2009-07-06 17:06 . 2009-07-06 17:06 -------- d-----w- c:\program files\MSXML 6.0
2009-07-06 17:06 . 2009-07-06 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-06 17:05 . 2009-07-06 17:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-06 17:05 . 2009-07-06 17:04 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-06 16:57 . 2008-10-30 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-18 19:05 . 2009-06-18 19:05 49152 ----a-r- c:\documents and settings\Sinisa\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-06-11 16:21 . 2009-06-11 16:21 15 ----a-w- c:\windows\popcinfo.dat
2009-04-19 09:13 . 2008-04-11 14:03 88 --sh--r- c:\windows\system32\A3D6196DB1.sys
2009-04-19 09:13 . 2008-04-11 14:03 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-26_18.16.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-09-21 06:47 . 2000-09-21 06:47 35328 c:\windows\system32\picn20.dll
+ 2009-08-26 21:34 . 2009-08-26 21:34 1536 c:\windows\temp\NEventMessages.dll
+ 2000-09-21 11:53 . 2000-09-21 11:53 275312 c:\windows\system32\ImagXpr5.dll
+ 2000-09-27 15:15 . 2000-09-27 15:15 532480 c:\windows\system32\imagx5.dll
+ 2000-09-21 16:02 . 2000-09-21 16:02 507904 c:\windows\system32\imagr5.dll
+ 2009-08-26 19:01 . 2009-08-26 19:01 14303744 c:\windows\Installer\300b93.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-12 21:37 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"BitTorrent"="d:\program files\BitTorrent\bittorrent.exe" [2009-08-21 653104]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-22 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-1-6 131072]
Nokia Ovi Suite.lnk - f:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TGbox\\Gbox Control\\webinterface\\bin\\apache\\mapache.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\PES 09\\PES 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"f:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6168:TCP"= 6168:TCP:Gbox
"6168:UDP"= 6168:UDP:gbox

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [23.11.2008 1:03 464264]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20.7.2007 18:40 84992]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [1.4.2008 19:54 19616]
S2 TwonkyMedia;TwonkyMedia;f:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> f:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136]
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8213910032.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NeroCheck - c:\windows\system32\\NeroCheck.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-26 23:34
Windows 5.1.2600 Service Pack 3, v.3180 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,19,c4,28,16,df,88,b4,73,62,15,57,cb,58,96,35,eb,ff,33,7c,68,
2c,77,81,ea,a0,39,6b,41,b6,7e,02,f4,ee,85,b6,ec,89,2f,67,b9,ee,ec,10,a1,27,\
"rkeysecu"=hex:ea,c6,3c,ac,13,29,ba,78,17,23,fa,72,3f,a8,ac,d8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\INTERV~1\WinDVR\WINSCH~1.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-08-26 23:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 21:38
ComboFix2.txt 2009-08-26 18:18
ComboFix3.txt 2009-01-02 00:04

Pre-Run: 9.619.578.880 bytes free
Post-Run: 9.525.956.608 bytes free

196 --- E O F --- 2008-06-21 10:55

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Otvoriti Notepad i iskopirati sledeci tekst:


DeQuarantine::
C:\Qoobox\Quarantine\C\windows\system32\nerocheck.exe.vir
Quit::



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Nakon što odradiš prvo uputstvo preuzmi file sa linka i pokreni ga dvoklikom na ikonicu.

Prikazaće se MessageBox.

Klikni Yes pa Ok


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

C:\Qoobox\Quarantine\C\windows\system32\nerocheck.exe.vir -> C:\windows\system32\nerocheck.exe ( 155648 bytes )

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Kakvo je sada stanje?

Ko je trenutno na forumu
 

Ukupno su 648 korisnika na forumu :: 11 registrovanih, 1 sakriven i 636 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Battlehammer, bojank, DPera, dragoljub11987, gorantrojka, hyla, Krvava Devetka, Lord Nem, nemkea71, slonic_tonic