MyCity » Ambulanta -> Arhiva Ambulante » Hajdemo opet...

Hajdemo opet...

Napisano na dan: 9.1.2009

Strana:
1
2

Hajdemo opet...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

kravadinka Poslao: 09 Jan 2009 23:45 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:38:49 PM, on 1/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\VMware\VMware Tools\vmacthlp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\VMware\VMware Tools\VMwareService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [f0763b6e] rundll32.exe "C:\WINDOWS\system32\mrthgqrv.dll",b O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe O23 - Service: VMware Physical Disk Helper Service - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe -- End of file - 2191 bytes

Profil

diarno Poslao: 09 Jan 2009 23:49 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:3 - Nakon toga kliknite 2 puta na taj novi folder i u njemu promenite ime fajla HijackThis.exe u recimo TR3.exe.

Profil

kravadinka Poslao: 10 Jan 2009 00:01 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:08 PM, on 1/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\VMware\VMware Tools\vmacthlp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\VMware\VMware Tools\VMwareService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe C:\Documents and Settings\Administrator\Desktop\New Folder\TR3.exe O2 - BHO: (no name) - {4E290212-13A8-4D19-90D8-E39BB7E61DA1} - C:\WINDOWS\system32\cbXNFyxw.dll O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll O2 - BHO: PolMaker - {EAA3FD3B-107B-4944-8139-B6D57E0358A5} - C:\WINDOWS\system32\kdz32.dll O2 - BHO: (no name) - {F1F1537F-671E-41C2-8B7E-C3042F59C7ED} - C:\WINDOWS\system32\efcCtrSj.dll O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [f0763b6e] rundll32.exe "C:\WINDOWS\system32\mrthgqrv.dll",b O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Administrator\Application Data\gadcom\gadcom.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257 O20 - Winlogon Notify: efcCtrSj - C:\WINDOWS\SYSTEM32\efcCtrSj.dll O20 - Winlogon Notify: winmhv32 - C:\WINDOWS\SYSTEM32\winmhv32.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe O23 - Service: VMware Physical Disk Helper Service - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe -- End of file - 2721 bytes

Profil

diarno Poslao: 10 Jan 2009 00:08 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

kravadinka Poslao: 10 Jan 2009 00:24 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-08.05 - Administrator 2009-01-09 23:15:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.801 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1201 [VPS 080516-1] On-access scanning enabled (Outdated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\gadcom c:\documents and settings\Administrator\Application Data\gadcom\gadcom.exe c:\documents and settings\Administrator\Favorites\Cheap Pharmacy Online.url c:\documents and settings\Administrator\Favorites\Search Online.url c:\documents and settings\Administrator\Favorites\SMS TRAP.url c:\documents and settings\Administrator\Favorites\VIP Casino.url c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts c:\program files\Mjcore c:\program files\Mjcore\Mjcore.dll c:\windows\system32\bbiigrdf.ini c:\windows\system32\c.ico c:\windows\system32\cbXNFyxw.dll c:\windows\system32\clluskxx.ini c:\windows\system32\ecmuofnk.ini c:\windows\system32\efcCtrSj.dll c:\windows\system32\gjknpjxy.ini c:\windows\system32\m.ico c:\windows\system32\mrthgqrv.dll c:\windows\system32\p.ico c:\windows\system32\s.ico c:\windows\system32\vrqghtrm.ini c:\windows\system32\winjwu32.dll c:\windows\system32\winmhv32.dll c:\windows\system32\wxyFNXbc.ini c:\windows\system32\wxyFNXbc.ini2 . ((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 ))))))))))))))))))))))))))))))) . 2009-01-09 22:13 . 2009-01-09 22:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Cakewalk 2009-01-04 13:01 . 2009-01-04 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nokia 2009-01-04 13:01 . 2009-01-04 13:01 110,592 --a------ c:\windows\system32\kdz32.dll 2009-01-04 13:01 . 2009-01-04 13:01 21,446 --a------ c:\windows\system32\sf.ico 2009-01-04 13:01 . 2009-01-04 13:01 13,942 --a------ c:\windows\system32\m3.ico 2009-01-04 13:01 . 2009-01-04 13:01 3,095 --a------ c:\windows\ios.dat 2009-01-03 21:17 . 2009-01-03 21:17 <DIR> d-------- c:\program files\GetData 2009-01-03 21:17 . 2009-01-03 23:43 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-12-20 15:26 . 2008-12-20 15:26 <DIR> d-------- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-09 22:27 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 22:27 --------- d-----w c:\program files\Digidesign 2009-01-09 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\KORG 2008-12-20 15:55 51,712 ----a-w c:\windows\system32\migpwd.exe 2008-12-20 15:55 47,104 ----a-w c:\windows\system32\uwdf.exe 2008-12-20 15:55 20,480 ----a-w c:\windows\system32\cliconfg.exe 2008-12-20 15:55 --------- d-----w c:\program files\Vodei 2008-12-20 15:55 --------- d-----w c:\program files\ffdshow 2008-11-10 15:37 32,256 ----a-w c:\windows\system32\xxyxuRkH.dll 2008-11-10 15:37 32,256 ----a-w c:\windows\system32\rqRHWMFY.dll 2008-11-10 15:36 32,256 ----a-w c:\windows\system32\urqNGvvW.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2008-02-06 375344] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\cbXNFyxw [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\winver.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2007-09-07 17968] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-20 78416] R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2007-09-07 11696] R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-09-07 62768] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-20 20560] R4 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [2007-09-07 102704] R4 LGTO_Sync;Sync Driver;c:\windows\system32\drivers\lgtosync.sys [2007-09-07 36400] R4 VMMEMCTL;VMware server memory controller;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [2008-02-06 15408] R4 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [2008-02-06 272944] R4 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\VMware\VMware Tools\vmacthlp.exe [2008-02-06 182832] S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys --> c:\windows\system32\DRIVERS\MBX2DFU.sys [?] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys --> c:\windows\system32\drivers\mbx2midk.sys [?] S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2007-09-07 36016] . - - - - ORPHANS REMOVED - - - - BHO-{F1F1537F-671E-41C2-8B7E-C3042F59C7ED} - c:\windows\system32\efcCtrSj.dll BHO-{F90A66EF-8DC2-47AD-943C-8E6A93650077} - c:\windows\system32\cbXNFyxw.dll ShellExecuteHooks-{F1F1537F-671E-41C2-8B7E-C3042F59C7ED} - c:\windows\system32\efcCtrSj.dll Notify-winmhv32 - winmhv32.dll ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-09 23:18:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\wdfmgr.exe . ************************************************************************ . Completion time: 2009-01-09 23:18:37 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2009-01-09 23:18:35 Pre-Run: 12,554,297,344 bytes free Post-Run: 12,665,495,552 bytes free 119

Profil

diarno Poslao: 10 Jan 2009 02:22 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\xxyxuRkH.dll c:\windows\system32\rqRHWMFY.dll c:\windows\system32\urqNGvvW.dll c:\windows\system32\kdz32.dll c:\windows\system32\sf.ico c:\windows\system32\m3.ico c:\windows\ios.dat Registry:: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 DirLook:: c:\documents and settings\Administrator\Application Data\Nokia` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

kravadinka Poslao: 10 Jan 2009 16:07 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-08.05 - Administrator 2009-01-10 14:58:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.823 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1201 [VPS 080516-1] On-access scanning disabled (Outdated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 ))))))))))))))))))))))))))))))) . 2009-01-09 22:13 . 2009-01-09 22:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Cakewalk 2009-01-04 13:01 . 2009-01-04 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nokia 2009-01-04 13:01 . 2009-01-04 13:01 110,592 --a------ c:\windows\system32\kdz32.dll 2009-01-04 13:01 . 2009-01-04 13:01 21,446 --a------ c:\windows\system32\sf.ico 2009-01-04 13:01 . 2009-01-04 13:01 13,942 --a------ c:\windows\system32\m3.ico 2009-01-04 13:01 . 2009-01-04 13:01 3,095 --a------ c:\windows\ios.dat 2009-01-03 21:17 . 2009-01-03 21:17 <DIR> d-------- c:\program files\GetData 2009-01-03 21:17 . 2009-01-03 23:43 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-12-20 15:26 . 2008-12-20 15:26 <DIR> d-------- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-09 22:27 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 22:27 --------- d-----w c:\program files\Digidesign 2009-01-09 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\KORG 2008-12-20 15:55 51,712 ----a-w c:\windows\system32\migpwd.exe 2008-12-20 15:55 47,104 ----a-w c:\windows\system32\uwdf.exe 2008-12-20 15:55 20,480 ----a-w c:\windows\system32\cliconfg.exe 2008-12-20 15:55 --------- d-----w c:\program files\Vodei 2008-12-20 15:55 --------- d-----w c:\program files\ffdshow 2008-11-10 15:37 32,256 ----a-w c:\windows\system32\xxyxuRkH.dll 2008-11-10 15:37 32,256 ----a-w c:\windows\system32\rqRHWMFY.dll 2008-11-10 15:36 32,256 ----a-w c:\windows\system32\urqNGvvW.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-09_23.18.14.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-10 14:59:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_48c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2008-02-06 375344] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\winver.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2007-09-07 17968] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-20 78416] R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2007-09-07 11696] R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-09-07 62768] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-20 20560] R4 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [2007-09-07 102704] R4 LGTO_Sync;Sync Driver;c:\windows\system32\drivers\lgtosync.sys [2007-09-07 36400] R4 VMMEMCTL;VMware server memory controller;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [2008-02-06 15408] R4 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [2008-02-06 272944] R4 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\VMware\VMware Tools\vmacthlp.exe [2008-02-06 182832] S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys --> c:\windows\system32\DRIVERS\MBX2DFU.sys [?] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys --> c:\windows\system32\drivers\mbx2midk.sys [?] S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2007-09-07 36016] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-10 15:00:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\wdfmgr.exe . ************************************************************************ . Completion time: 2009-01-10 15:00:32 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2009-01-10 15:00:29 Pre-Run: 12,642,263,040 bytes free Post-Run: 12,635,357,184 bytes free 88

Profil

diarno Poslao: 10 Jan 2009 16:22 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi ono sto sam ti rekao u mom prethodnom postu.

Profil

kravadinka Poslao: 10 Jan 2009 17:14 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-08.05 - Administrator 2009-01-10 16:06:44.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.812 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: avast! antivirus 4.8.1201 [VPS 080516-1] On-access scanning disabled (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\ios.dat c:\windows\system32\kdz32.dll c:\windows\system32\m3.ico c:\windows\system32\rqRHWMFY.dll c:\windows\system32\sf.ico c:\windows\system32\urqNGvvW.dll c:\windows\system32\xxyxuRkH.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\ios.dat c:\windows\system32\kdz32.dll c:\windows\system32\m3.ico c:\windows\system32\rqRHWMFY.dll c:\windows\system32\sf.ico c:\windows\system32\urqNGvvW.dll c:\windows\system32\xxyxuRkH.dll . ((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 ))))))))))))))))))))))))))))))) . 2009-01-09 22:13 . 2009-01-09 22:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Cakewalk 2009-01-04 13:01 . 2009-01-04 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nokia 2009-01-03 21:17 . 2009-01-03 21:17 <DIR> d-------- c:\program files\GetData 2009-01-03 21:17 . 2009-01-03 23:43 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-12-20 15:26 . 2008-12-20 15:26 <DIR> d-------- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-09 22:27 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 22:27 --------- d-----w c:\program files\Digidesign 2009-01-09 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\KORG 2008-12-20 15:55 51,712 ----a-w c:\windows\system32\migpwd.exe 2008-12-20 15:55 47,104 ----a-w c:\windows\system32\uwdf.exe 2008-12-20 15:55 20,480 ----a-w c:\windows\system32\cliconfg.exe 2008-12-20 15:55 --------- d-----w c:\program files\Vodei 2008-12-20 15:55 --------- d-----w c:\program files\ffdshow . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Administrator\Application Data\Nokia ---- 2009-01-04 17:15 1872 --a------ c:\documents and settings\Administrator\Application Data\Nokia\Tools\themeStudio2.prefs ((((((((((((((((((((((((((((( snapshot@2009-01-09_23.18.14.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-10 14:59:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_48c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2008-02-06 375344] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\winver.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2007-09-07 17968] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-20 78416] R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2007-09-07 11696] R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-09-07 62768] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-20 20560] R4 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [2007-09-07 102704] R4 LGTO_Sync;Sync Driver;c:\windows\system32\drivers\lgtosync.sys [2007-09-07 36400] R4 VMMEMCTL;VMware server memory controller;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [2008-02-06 15408] R4 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [2008-02-06 272944] R4 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\VMware\VMware Tools\vmacthlp.exe [2008-02-06 182832] S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys --> c:\windows\system32\DRIVERS\MBX2DFU.sys [?] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys --> c:\windows\system32\drivers\mbx2midk.sys [?] S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2007-09-07 36016] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-10 16:07:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-01-10 16:08:00 ComboFix-quarantined-files.txt 2009-01-10 16:07:53 Pre-Run: 12,629,217,280 bytes free Post-Run: 12,621,430,784 bytes free 97

Profil

diarno Poslao: 10 Jan 2009 17:56 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Hajdemo opet...

Ko je trenutno na forumu

Ukupno su 813 korisnika na forumu :: 2 registrovanih, 1 sakriven i 810 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ALBION101, mrav pesadinac

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by