MyCity » Ambulanta -> Arhiva Ambulante » Brljavi PC

Brljavi PC

Napisano na dan: 4.3.2009

Brljavi PC

Sledeća strana

Pagination

Odgovori

vladimirNS Poslao: 04 Mar 2009 10:37 Idi na vrh
offline vladimirNS Građanin Pridružio: 11 Maj 2004 Poruke: 145 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 10:33:01, on 4.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\FreeCommander\FreeCommander.exe C:\Download\VladimirThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcBQjKa.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {A5BFB05E-4EDC-4B72-A1C3-ADEB1BB70508} - C:\WINDOWS\system32\jkkkKCVP.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" O4 - HKLM\..\Run: [48938685] rundll32.exe "C:\WINDOWS\system32\egpjiqbs.dll",b O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8D738B14-285B-4DB3-B52C-9F2BC4A5F38F}: NameServer = 192.168.10.1 O20 - Winlogon Notify: ddcBQjKa - C:\WINDOWS\SYSTEM32\ddcBQjKa.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

Profil

helen1 Poslao: 04 Mar 2009 13:55 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, zasto nisi koristio verziju sa ovog linka: http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe ------------------------------- * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ---------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

vladimirNS Poslao: 04 Mar 2009 14:24 Idi na vrh
offline vladimirNS Građanin Pridružio: 11 Maj 2004 Poruke: 145 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-03.01 - User 2009-03-04 14:11:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.502.157 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus On-access scanning disabled (Updated) FW: Kaspersky Anti-Virus disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Q.EXE c:\windows\system32\aquwwj.dll c:\windows\system32\arbidkhh.dll c:\windows\system32\ddcBQjKa.dll c:\windows\system32\eaqmcc.dll c:\windows\system32\egpjiqbs.dll c:\windows\system32\fccAQJAs.dll c:\windows\system32\jkkkKCVP.dll c:\windows\system32\ojxkbgqt.dll c:\windows\system32\ormsqwrf.dll c:\windows\system32\Plugins c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll c:\windows\system32\Plugins\Hoster\archivto.dll c:\windows\system32\Plugins\Hoster\bluehostto.dll c:\windows\system32\Plugins\Hoster\dataupde.dll c:\windows\system32\Plugins\Hoster\fastloadnet.dll c:\windows\system32\Plugins\Hoster\fastshareorg.dll c:\windows\system32\Plugins\Hoster\fileuploadnet.dll c:\windows\system32\Plugins\Hoster\megauploadcom.dll c:\windows\system32\Plugins\Hoster\meinuploadcom.dll c:\windows\system32\Plugins\Hoster\moosharede.dll c:\windows\system32\Plugins\Hoster\myvideode.dll c:\windows\system32\Plugins\Hoster\netloadin.dll c:\windows\system32\Plugins\Hoster\PluginSettings.ini c:\windows\system32\Plugins\Hoster\qsharecom.dll c:\windows\system32\Plugins\Hoster\rapidsharecom.dll c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll c:\windows\system32\Plugins\Hoster\shareplacecom.dll c:\windows\system32\Plugins\Hoster\silofilescom.dll c:\windows\system32\Plugins\Hoster\speedysharecom.dll c:\windows\system32\Plugins\Hoster\uploadedto.dll c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll c:\windows\system32\Plugins\Hoster\youtubecom.dll c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll c:\windows\system32\Plugins\YouCrypt\captcha.dll c:\windows\system32\Plugins\YouCrypt\cineto.dll c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll c:\windows\system32\Plugins\YouCrypt\ddlscene.dll c:\windows\system32\Plugins\YouCrypt\ddl(zabranjeno).dll c:\windows\system32\Plugins\YouCrypt\dreidl.dll c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll c:\windows\system32\Plugins\YouCrypt\gameblog.dll c:\windows\system32\Plugins\YouCrypt\gamezam.dll c:\windows\system32\Plugins\YouCrypt\gapping.dll c:\windows\system32\Plugins\YouCrypt\g(zabranjeno).dll c:\windows\system32\Plugins\YouCrypt\linkbank.dll c:\windows\system32\Plugins\YouCrypt\linksafe.dll c:\windows\system32\Plugins\YouCrypt\LinkSave.dll c:\windows\system32\Plugins\YouCrypt\lix.dll c:\windows\system32\Plugins\YouCrypt\mirrorit.dll c:\windows\system32\Plugins\YouCrypt\netfolderin.dll c:\windows\system32\Plugins\YouCrypt\onekh.dll c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll c:\windows\system32\Plugins\YouCrypt\relinkus.dll c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll c:\windows\system32\Plugins\YouCrypt\rslayer.dll c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll c:\windows\system32\Plugins\YouCrypt\secured.dll c:\windows\system32\Plugins\YouCrypt\securnet.dll c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll c:\windows\system32\Plugins\YouCrypt\shareonall.dll c:\windows\system32\Plugins\YouCrypt\shareprotect.dll c:\windows\system32\Plugins\YouCrypt\stealth.dll c:\windows\system32\Plugins\YouCrypt\tinyurl.dll c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll c:\windows\system32\Plugins\YouCrypt\urlcash.dll c:\windows\system32\Plugins\YouCrypt\usercashcom.dll c:\windows\system32\Plugins\YouCrypt\xlinkin.dll c:\windows\system32\PVCKkkkj.ini c:\windows\system32\PVCKkkkj.ini2 c:\windows\system32\sbqijpge.ini c:\windows\system32\ssqOeFYp.dll c:\windows\system32\tqgbkxjo.ini c:\windows\system32\weoaiuhn.dll c:\windows\system32\wrfmpy.dll c:\windows\system32\xdoihqbm.ini . ((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 ))))))))))))))))))))))))))))))) . 2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\ocr 2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\Data 2009-03-04 09:43 . 2009-03-04 09:53 <DIR> d-------- c:\program files\temp 2009-03-03 09:32 . 2009-03-03 09:32 <DIR> d-------- c:\program files\TryMedia 2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\Infogrames Interactive 2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\directx 2009-02-27 12:57 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe 2009-02-27 12:57 . 2009-02-27 13:02 132 --a------ c:\windows\_delis32.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 13:17 3,071,520 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-04 13:17 108,832 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-03-04 13:16 42,188 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-04 13:16 11,228 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-03-04 11:44 --------- d-----w c:\program files\Mozilla Sunbird 2009-03-04 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-02-09 06:29 --------- d-----w c:\program files\Defraggler 2009-02-04 05:58 89,601 ----a-w c:\windows\system32\drivers\klick.dat 2009-02-04 05:58 101,287 ----a-w c:\windows\system32\drivers\klin.dat 2009-01-29 06:13 --------- d-----w c:\documents and settings\User\Application Data\Design Science 2009-01-29 06:08 --------- d-----w c:\program files\MathType 2009-01-28 13:30 --------- d-----w c:\program files\DAMN NFO Viewer 2009-01-28 10:12 --------- d-----w c:\program files\OpenOffice.org 3 2009-01-28 10:12 --------- d-----w c:\program files\JRE 2009-01-15 12:40 112,144 ----a-w c:\windows\system32\drivers\kl1.sys 2009-01-15 11:25 --------- d-----w c:\program files\Kaspersky Lab 2009-01-06 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-05 11:56 --------- d-----w c:\program files\7-Zip 2009-01-05 07:36 --------- d-----w c:\program files\Wise Registry Cleaner 3 2008-12-22 11:25 118,784 ----a-w c:\windows\GREUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eaqmcc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] -ra------ 2006-03-23 05:13 77824 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] -ra------ 2006-03-23 05:17 118784 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] -ra------ 2006-03-23 05:17 94208 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] --a------ 2004-08-04 13:00 158208 c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 13:00 110592 c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-06-13 13:05 16239616 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-05-15 469935] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344] . - - - - ORPHANS REMOVED - - - - BHO-{5d959b1e-01c2-431b-99ec-f8f39b41548b} - c:\windows\system32\eaqmcc.dll BHO-{A5BFB05E-4EDC-4B72-A1C3-ADEB1BB70508} - c:\windows\system32\jkkkKCVP.dll MSConfigStartUp-48938685 - c:\windows\system32\mbqhiodx.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {8D738B14-285B-4DB3-B52C-9F2BC4A5F38F} = 192.168.10.1 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\m3sgnjyl.default\ FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= ---- FIREFOX POLICIES ---- pref(dom.disable_open_during_load, true);. ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-04 14:18:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System] "OODEFRAG11.00.00.01WORKSTATION"="08B06054C2F . ------------------------ Other Running Processes ------------------------ . c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe c:\program files\Java\jre6\bin\jqs.exe . ************************************************************************* . Completion time: 2009-03-04 14:19:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-04 13:19:32 Pre-Run: 75.863.478.272 bytes free Post-Run: 75,795,136,512 bytes free 209 --- E O F --- 2009-01-19 06:19:07

Profil

helen1 Poslao: 04 Mar 2009 15:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci ponovo Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" DirLook:: c:\windows\system32\ocr` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. -------------------------------- Uploaduj mi sledeci fajl na proveru: c:\windows\_delis32.ini preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

vladimirNS Poslao: 05 Mar 2009 07:28 Idi na vrh
offline vladimirNS Građanin Pridružio: 11 Maj 2004 Poruke: 145 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala na ekspiditivnosti ali cu ovo moci da uradim sutra ujutro,do 9 najkasnije. Izvini! Dopuna: 04 Mar 2009 16:35 Hvala na ekspeditivnosti ali cu ovo moci da uradim sutra ujutro,do 9 najkasnije. Izvini! Dopuna: 05 Mar 2009 7:12 ComboFix 09-03-03.01 - User 2009-03-05 7:04:59.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.502.287 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Kaspersky Anti-Virus On-access scanning disabled (Updated) FW: Kaspersky Anti-Virus disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))) . 2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\ocr 2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\Data 2009-03-04 09:43 . 2009-03-04 09:53 <DIR> d-------- c:\program files\temp 2009-03-03 09:32 . 2009-03-03 09:32 <DIR> d-------- c:\program files\TryMedia 2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\Infogrames Interactive 2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\directx 2009-02-27 12:57 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe 2009-02-27 12:57 . 2009-02-27 13:02 132 --a------ c:\windows\_delis32.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-05 06:06 3,146,784 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-05 06:06 113,440 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-03-05 05:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-03-04 13:52 42,500 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-04 13:52 11,420 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-03-04 11:44 --------- d-----w c:\program files\Mozilla Sunbird 2009-02-09 06:29 --------- d-----w c:\program files\Defraggler 2009-02-04 05:58 89,601 ----a-w c:\windows\system32\drivers\klick.dat 2009-02-04 05:58 101,287 ----a-w c:\windows\system32\drivers\klin.dat 2009-01-29 06:13 --------- d-----w c:\documents and settings\User\Application Data\Design Science 2009-01-29 06:08 --------- d-----w c:\program files\MathType 2009-01-28 13:30 --------- d-----w c:\program files\DAMN NFO Viewer 2009-01-28 10:12 --------- d-----w c:\program files\OpenOffice.org 3 2009-01-28 10:12 --------- d-----w c:\program files\JRE 2009-01-15 12:40 112,144 ----a-w c:\windows\system32\drivers\kl1.sys 2009-01-15 11:25 --------- d-----w c:\program files\Kaspersky Lab 2009-01-06 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-05 11:56 --------- d-----w c:\program files\7-Zip 2009-01-05 07:36 --------- d-----w c:\program files\Wise Registry Cleaner 3 2008-12-22 11:25 118,784 ----a-w c:\windows\GREUninstall.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\ocr ---- 2008-10-16 08:16 219 --a------ c:\windows\system32\ocr\netload.in\netload.bat ((((((((((((((((((((((((((((( SnapShot@2009-03-04_14.18.51.56 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-04 13:17:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_794.dat + 2009-03-05 05:57:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_794.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] -ra------ 2006-03-23 05:13 77824 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] -ra------ 2006-03-23 05:17 118784 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] -ra------ 2006-03-23 05:17 94208 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] --a------ 2004-08-04 13:00 158208 c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 13:00 110592 c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-06-13 13:05 16239616 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-05-15 469935] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {8D738B14-285B-4DB3-B52C-9F2BC4A5F38F} = 192.168.10.1 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\m3sgnjyl.default\ FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= ---- FIREFOX POLICIES ---- pref(dom.disable_open_during_load, true);. ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-05 07:06:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="08B06054 . Completion time: 2009-03-05 7:07:36 ComboFix-quarantined-files.txt 2009-03-05 06:07:33 ComboFix2.txt 2009-03-04 13:19:37 Pre-Run: 75.827.871.744 bytes free Post-Run: 75,814,363,136 bytes free 123 --- E O F --- 2009-01-19 06:19:07 Dopuna: 05 Mar 2009 7:28 Fajl sam poslao c:\windows\_delis32.ini

Profil

helen1 Poslao: 05 Mar 2009 10:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje racunara?

Profil

vladimirNS Poslao: 05 Mar 2009 11:46 Idi na vrh
offline vladimirNS Građanin Pridružio: 11 Maj 2004 Poruke: 145 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne primecujem nikave probleme! Radi lepo.

Profil

helen1 Poslao: 05 Mar 2009 12:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Drago mi je. Uradi jos ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Brljavi PC

Ko je trenutno na forumu

Ukupno su 1097 korisnika na forumu :: 31 registrovanih, 3 sakrivenih i 1063 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., anbeast, Andrija357, Boris BM, djboj, DonRumataEstorski, draganca, dushan, esx66, galerija, janbo, JOntra, krkalon, Kubovac, Leonov, Litostroton, Marko Marković, mercedesamg, Mercury, Milos82, nikoladim, Oscar, ozzy, ruger357, stegonosa, Trpe Grozni, vladulns, vukovi, yrraf, zeo, zixmix

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by