MyCity » Ambulanta -> Arhiva Ambulante » zarazen kompjuter

zarazen kompjuter

Napisano na dan: 11.6.2009

Strana:
1
2
3

zarazen kompjuter

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

nadjime Poslao: 11 Jun 2009 15:37 Idi na vrh
offline nadjime Građanin Pridružio: 07 Jun 2008 Poruke: 104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! moja drugarica ima prob. sa kompjuterom nija ga koristila neko vrijeme pa sad joj nesta sa netom nije uredu da li je do virusa ili nesta slicno,pa mozete li mi nekako pomoci?poz

Profil

diarno Poslao: 11 Jun 2009 16:53 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne mozemo joj pomoci... [Link mogu videti samo ulogovani korisnici] e kad to uradis onda mozemo da joj pomognemo

Profil

nadjime Poslao: 13 Jun 2009 16:16 Idi na vrh
offline nadjime Građanin Pridružio: 07 Jun 2008 Poruke: 104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 12 Jun 2009 13:35 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:09:18, on 12.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\x\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]* R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: &Search - ?p=ZCfox000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [searching] Search from the Address bar O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 5867 bytes Dopuna: 12 Jun 2009 18:54 oćeli mu biti pomoći----.. Dopuna: 13 Jun 2009 16:16 neradi joj kompjuter,mozete li pomoci mojoj drugarici?

Profil

diarno Poslao: 13 Jun 2009 16:21 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Dr.Web CureIt (~13 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

Profil

nadjime Poslao: 14 Jun 2009 15:08 Idi na vrh
offline nadjime Građanin Pridružio: 07 Jun 2008 Poruke: 104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! testabd.dll c:\program files\thunmail Trojan.PWS.Wow.1315 Deleted. winse32.exe c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013 Trojan.Packed.469 Deleted. dncyool64.sys C:\WINDOWS\system32 Trojan.Click.25715 Deleted. youtubesetup.exe\data001 C:\Documents and Settings\x\My Documents\Programi\youtubesetup.exe BackDoor.BlackHole.3160 youtubesetup.exe C:\Documents and Settings\x\My Documents\Programi Archive contains infected objects Moved. BcbtRmv_1.7.exe C:\Program Files\D-Link\Bluetooth Software\bin Win32.Virut.56 Cured. MSACCESS.EXE C:\Program Files\Microsoft Office\Office Win32.Virut.56 Cured. vcredist_x64.exe C:\Program Files\Sony Setup\Sound Forge 9.0\nrpack Win32.Virut.56 Cured. vmuvc.exe C:\Program Files\Vimicro Corporation\VMUVC Win32.Virut.56 Cured. msimg32.dll C:\Program Files\Windows Live\Messenger Adware.MyWebSearch.6 Incurable.Moved. riched20.dll C:\Program Files\Windows Live\Messenger Adware.MyWebSearch.8 Incurable.Moved.

Profil

diarno Poslao: 14 Jun 2009 19:50 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

nadjime Poslao: 16 Jun 2009 22:05 Idi na vrh
offline nadjime Građanin Pridružio: 07 Jun 2008 Poruke: 104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Jun 2009 19:31 ComboFix 09-05-22.04 - x 15.06.2009 18:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.72 [GMT 2:00] Running from: c:\documents and settings\x\Desktop\co mbbb\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\CrucialSoft Ltd c:\program files\Common Files\System\Uninstall c:\program files\Common Files\System\Uninstall\Uninstall A360.lnk c:\program files\ThunMail c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe c:\windows\Install.txt c:\windows\jestertb.dll c:\windows\system32\3361 c:\windows\system32\FInstall.sys c:\windows\system32\Install.txt . ((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 ))))))))))))))))))))))))))))))) . 2009-06-13 17:25 . 2009-06-13 17:25 -------- d-----w c:\documents and settings\x\DoctorWeb . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-14 09:43 . 2008-05-24 16:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-06-10 11:36 . 2008-10-24 18:41 -------- d-----w c:\documents and settings\x\Application Data\skypePM 2009-06-10 11:36 . 2008-10-23 20:00 -------- d-----w c:\documents and settings\x\Application Data\Skype 2009-05-19 16:31 . 2009-04-25 09:35 0 ----a-w c:\windows\system32\drivers\1d91fa8d.sys 2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-08 14:40 . 2009-05-08 14:31 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-05-08 14:30 . 2009-05-07 21:10 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-08 14:13 . 2009-05-08 14:13 -------- d-----w c:\program files\Realtek Sound Manager 2009-05-08 14:13 . 2004-10-06 15:50 -------- d-----w c:\program files\AvRack 2009-05-08 14:13 . 2009-05-08 14:12 -------- d-----w c:\program files\Realtek AC97 2009-05-08 13:04 . 2004-10-06 06:17 22776 ----a-w c:\windows\system32\emptyregdb.dat 2009-05-08 10:10 . 2009-05-08 10:10 36864 ----a-w c:\windows\system32\slrundll.exe 2009-05-08 06:37 . 2008-03-10 18:01 -------- d-----w c:\program files\Winamp 2009-05-08 05:55 . 2009-05-08 05:49 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-07 19:55 . 2009-05-07 19:55 -------- d-----w c:\documents and settings\x\Application Data\TuneUp Software 2009-05-07 13:38 . 2008-10-10 20:50 90112 ----a-w c:\windows\unvise32qt.exe 2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w c:\windows\UNRecode.exe 2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w c:\windows\UNNeroVision.exe 2009-05-07 13:29 . 2004-10-06 15:53 26624 ----a-w c:\windows\system32\xpsp1hfm.exe 2009-05-07 13:13 . 2004-10-06 16:03 323584 ----a-w c:\windows\system32\nwiz.exe 2009-05-07 13:12 . 1998-10-01 19:00 39936 ----a-w c:\windows\system32\MAPISRVR.EXE 2009-05-07 13:12 . 2004-10-06 16:03 290816 ----a-w c:\windows\system32\keystone.exe 2009-05-07 13:11 . 2002-08-29 03:41 172544 ----a-w c:\windows\system32\jview.exe 2009-05-07 13:11 . 2002-08-29 03:41 14848 ----a-w c:\windows\system32\jdbgmgr.exe 2009-05-07 13:11 . 2004-08-03 23:56 22016 ----a-w c:\windows\system32\faxpatch.exe 2009-05-07 13:05 . 2004-08-03 23:56 8704 ----a-w c:\windows\system32\spdwnwxp.exe 2009-05-07 13:05 . 2007-07-15 21:46 165376 ----a-w c:\windows\system32\SpoonUninstall.exe 2009-05-07 13:05 . 2004-08-03 23:56 22016 ----a-w c:\windows\system32\spupdwxp.exe 2009-05-07 12:50 . 2007-08-08 18:21 47104 ----a-w c:\windows\system32\uwdf.exe 2009-05-07 12:46 . 2002-08-29 03:41 171520 ----a-w c:\windows\system32\wjview.exe 2009-05-07 12:46 . 2002-08-29 03:41 81920 ----a-w c:\windows\system32\wmpstub.exe 2009-05-07 12:42 . 2008-10-29 18:17 9728 ----a-w c:\windows\system32\comsdupd.exe 2009-05-07 12:42 . 2002-08-29 03:41 50176 ----a-w c:\windows\system32\clspack.exe 2009-05-06 22:51 . 2005-01-18 06:58 300032 ----a-w c:\windows\uninst.exe 2009-05-06 22:51 . 2005-01-18 06:58 302592 ----a-w c:\windows\unin040c.exe 2009-05-06 22:51 . 2005-08-09 21:38 274432 ----a-w c:\windows\TLCUninstall.exe 2009-05-06 22:51 . 2004-10-06 15:49 307712 ----a-w c:\windows\IsUninst.exe 2009-05-06 22:10 . 1999-08-02 09:47 391680 ----a-w c:\program files\YuRecnik.exe 2009-05-06 22:10 . 1999-08-02 09:40 224256 ----a-w c:\program files\MiniYuRecnik.exe 2009-05-06 22:10 . 1999-01-25 04:27 29184 ----a-w c:\program files\Uninstal.exe 2009-05-06 19:45 . 2004-10-06 16:00 335872 ----a-r c:\windows\Anvshell.exe 2009-05-06 19:45 . 2004-10-06 16:00 24576 -c--a-r c:\windows\ANVUNIS.exe 2009-05-06 18:57 . 2004-10-09 22:26 1094656 ----a-w c:\documents and settings\Recnik\Recnik.EXE 2009-05-06 18:49 . 2008-11-18 14:55 2560 ----a-w c:\windows\_MSRSTRT.EXE 2009-05-06 18:01 . 2008-12-25 23:32 184320 ----a-w c:\windows\system32\PnkBstrB.exe 2009-05-06 17:56 . 2007-08-08 18:21 38912 ----a-w c:\windows\system32\wdfmgr.exe 2009-05-06 17:56 . 2004-10-06 16:03 73728 ----a-w c:\windows\system32\nvsvc32.exe 2009-05-06 17:54 . 2004-10-10 00:35 221184 ----a-w c:\windows\system32\srkey.exe 2009-04-28 15:06 . 2006-12-12 23:45 -------- d-----w c:\program files\Recnik20 2009-04-28 14:35 . 2009-02-01 12:48 -------- d-----w c:\program files\Mp3 Knife 2009-04-28 14:35 . 2009-02-01 13:06 -------- d-----w c:\program files\DVD Knife 2009-01-07 20:56 . 2007-03-12 01:08 1123 ----a-w c:\program files\Yurecnik.ini 2009-01-07 11:54 . 2007-03-12 01:08 258 ----a-w c:\program files\Mini-YuRecnik.ini 2007-08-07 21:20 . 2004-10-08 04:05 778240 ----a-w c:\program files\Mv2Player.exe 2007-03-12 01:07 . 2007-03-12 01:06 10819 ---ha-w c:\program files\Yurecnik.GID 2007-03-12 01:06 . 2007-03-12 01:06 1909 ----a-w c:\program files\uninstal.log 2007-02-17 23:17 . 2005-05-11 00:02 313 ----a-w c:\program files\MV2Player.rcn 2007-02-17 23:17 . 2005-05-11 00:02 10751 ----a-w c:\program files\MV2Player.ini 2007-02-17 23:17 . 2005-05-11 00:02 36 ----a-w c:\program files\LastSet.mv2 1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w c:\program files\YURECNIK.HLP 1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w c:\program files\Yurecnik.CNT 1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w c:\program files\Reci.dat 1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w c:\program files\Fb_deflt.dic 1996-02-23 15:26 . 1996-02-23 15:26 469504 -c--a-w c:\program files\Fb_11k8.dll 1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w c:\program files\Fb_spch.dll 1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w c:\program files\Fb_timer.dll 1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w c:\program files\Fb_ngn.exe 1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w c:\program files\Uraspec.exe 1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w c:\program files\Dictmgr.exe 1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w c:\program files\Monologw.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll "wave2"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk] backup=c:\windows\pss\PalTalk.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^x^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reader_s HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vt100 emulator HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 S1 1d91fa8d;1d91fa8d;c:\windows\system32\drivers\1d91fa8d.sys [25.4.2009 11:35 0] S2 PowerManager;Power Manager; [x] S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.12.2008 19:51 29744] S3 ISOUSB;Vimicro UVC generic driver;c:\windows\system32\drivers\vgeneric.sys [28.10.2008 22:20 64000] S3 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [29.10.2008 21:04 249984] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [29.10.2008 21:04 476032] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04570f19-a671-11dd-ba8b-000c761c93fc}] \Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com \Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc85b93-2b66-11de-bc2b-000c761c93fc}] \Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe \Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8529539-f1f1-11dd-bb8b-000c761c93fc}] \Shell\AutoOpen\command - f:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = about:blank mSearch Bar = [Link mogu videti samo ulogovani korisnici]http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]* IE: &Search - ?p=ZCfox000 IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\x\Application Data\Mozilla\Firefox\Profiles\255yjv76.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll FF - plugin: c:\program files\Opera75\Program\Plugins\Npindeo.dll FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll FF - plugin: c:\program files\Opera75\Program\Plugins\nprjplug.dll FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-06-15 18:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun] "ImagePath"="\??\C:\huadio.tmp" . Completion time: 2009-06-15 18:47 ComboFix-quarantined-files.txt 2009-06-15 16:46 Pre-Run: 6.659.788.800 bytes free Post-Run: 6.647.955.456 bytes free 213 Dopuna: 16 Jun 2009 22:05 Jesmo sve uredu napravili, koji je sledeći korak

Profil

diarno Poslao: 17 Jun 2009 18:45 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Start>Run i kucaj Combofix /u Zatim Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

nadjime Poslao: 17 Jun 2009 19:01 Idi na vrh
offline nadjime Građanin Pridružio: 07 Jun 2008 Poruke: 104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa mi smo jednom radili ovo,treba li ponoviti?

Profil

diarno Poslao: 17 Jun 2009 19:03 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mora.. i obrisi staru verziju i skini program sa neki od ovih linkova tacno na Desktop a ne kao u prethodnom slucaju c:\documents and settings\x\Desktop\co mbbb\ComboFix.exe

Profil

MyCity » Ambulanta -> Arhiva Ambulante » zarazen kompjuter

Ko je trenutno na forumu

Ukupno su 2281 korisnika na forumu :: 63 registrovanih, 5 sakrivenih i 2213 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, Aleksandar Tomić, Bane5, Bo96, bolenbgd, Bosnjo, Bozjidar87, bukefal, Cicumile, Cirkon, Dannyboy, Ercomero, gripen, Hans Gajger, HrcAk47, jalos, Kajzer Soze, Kenanjoz, kybonacci, lcc, Lotus, mercedesamg, Milan A. Nikolic, milanpb, Miler88, MILO-VAN, Milos ZA, miroslav milanović, MK10, niksa517, Orc, ozzy, PITT, Prečanin30, RD84, Recce, Robin, rodoljub, Rogan33, saki80, sarma, Shinobi, sickmouse, Slingshot, Smiljkovich, Snorks, Solunac na steroidima, spalev, ssekir75, stevanito, stingD, Tafocus, TBF1D, The Boss, The_new_Statesman, Timočka Divizija, Tvrtko I, uruk, wolverined4, zrno, zziko, 1107, 2001

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by