MyCity » Ambulanta -> Arhiva Ambulante » Help,Help,Help

Help,Help,Help

Napisano na dan: 16.3.2009

Help,Help,Help
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Mar 2009 14:53
Idi na vrh
offline
  • Pridružio: 13 Mar 2009
  • Poruke: 229

Cao drugari.Napalo me je nesto strasnoEvo mog log fajla. Inace sta mi se desava, meni nestaje prostor na disku, dobijam upozorenja od sistema i pali mi se disk cleanup. Inace imam ADSL 512/64, koristio sam Kaspersky ali kad mi je istekao trial instalirao sam ovaj neki Rising antivirus.I jos da napomenem reinstalisao sam windows kao i formatirao particiju gdje mi je sistem ali ne mogu da formatiram drugu particiju jer imam vaznih podataka na njoj.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:52 PM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Slavkan\Desktop\Antispy\TR3.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

--
End of file - 1916 bytes



Poslao: 16 Mar 2009 16:57
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Privremeno isključi antivirus.


Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 16 Mar 2009 20:16
Idi na vrh
offline
  • Pridružio: 13 Mar 2009
  • Poruke: 229

E ovako, ja sam se odusevio. Za ove autoranove sam znao da imam, nego nisam uopste mogao da vidim moje skrivene fajlove jer cim chekiram opciju show hiden... i kad opet provjerim da li mi je chekirano show hiden... vidim da nije. Dalje, ove viruse koje je pronasao pronasao je i ovaj moj antivirus i "kao obrisao" ali ako je obrisao valjda ga ovaj Combofix nebi nasao i ponovo brisao. Sad ove procese dole sto slijede neke poznajem neke ne ali necu vise da davim evo log koji ste trazili pa da vidimo:

ComboFix 09-03-15.01 - Slavkan 2009-03-16 20:02:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.96 [GMT 1:00]
Running from: c:\documents and settings\Slavkan\Desktop\ComboFix.exe
AV: Rising Antivirus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\autorun.inf
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
F:\autorun.inf
F:\uxkl0apt.bat
G:\autorun.inf
G:\uxkl0apt.bat

.
((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-16 19:48 . 2009-03-16 19:49 <DIR> d-------- C:\Sliciceeee
2009-03-16 19:44 . 2009-03-16 19:47 <DIR> dr------- C:\Slike
2009-03-16 19:12 . 2009-03-16 19:12 <DIR> d-------- C:\Programi
2009-03-16 19:12 . 2009-03-16 19:13 <DIR> d-------- C:\Fakultet
2009-03-16 19:10 . 2009-03-16 19:10 <DIR> d-------- C:\Igrice
2009-03-16 19:08 . 2009-03-16 19:10 <DIR> d-------- C:\Video
2009-03-16 17:12 . 2009-03-16 19:43 <DIR> d-------- C:\Spotovi
2009-03-16 15:17 . 2009-03-16 14:48 238,704 --a------ c:\windows\system32\bsmain.exe
2009-03-16 15:17 . 2009-03-16 14:43 140,784 --a------ c:\windows\system32\drivers\HookSys.sys
2009-03-16 15:17 . 2009-03-16 14:44 33,904 --a------ c:\windows\system32\drivers\HookHelp.sys
2009-03-16 15:17 . 2009-03-16 15:11 15,216 --a------ c:\windows\system32\drivers\HookCont.sys
2009-03-16 15:17 . 2009-03-16 14:48 10,832 --a------ c:\windows\system32\drivers\RsNTGdi.sys
2009-03-16 15:17 . 2009-03-16 15:17 160 --a------ c:\windows\system32\BsMain.ini
2009-03-16 15:17 . 2009-03-16 15:19 132 -r-hs---- C:\rising.ini
2009-03-16 14:26 . 2009-03-16 19:06 <DIR> dr--s---- C:\RavBin
2009-03-16 14:26 . 2009-03-16 14:24 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-03-16 14:26 . 2009-03-16 14:24 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-03-16 14:26 . 2009-03-16 14:24 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-03-16 14:26 . 2009-03-16 14:31 146,032 --a------ c:\windows\system32\RavExt.dll
2009-03-16 14:26 . 2009-03-16 15:19 14,834 --a------ c:\windows\Rav.inf
2009-03-16 14:25 . 2009-03-16 14:25 <DIR> d-------- c:\program files\Rising
2009-03-16 14:25 . 2009-03-16 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rising
2009-03-16 14:25 . 2009-03-16 15:21 63 --a------ c:\windows\Rav.ini
2009-03-16 10:51 . 2009-03-16 10:50 110,629 -r-hs---- C:\luk1ylq.com
2009-03-16 01:29 . 2009-03-16 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-16 00:54 . 2009-03-16 00:54 <DIR> d-------- c:\program files\Microsoft VM
2009-03-16 00:54 . 2009-03-16 00:54 <DIR> d---s---- c:\documents and settings\Slavkan\UserData
2009-03-16 00:48 . 2009-03-16 00:48 268 --ah----- C:\sqmdata00.sqm
2009-03-16 00:48 . 2009-03-16 00:48 244 --ah----- C:\sqmnoopt00.sqm
2009-03-16 00:05 . 2009-03-16 01:02 <DIR> d-------- c:\documents and settings\Slavkan\Contacts
2009-03-16 00:04 . 2009-03-16 00:04 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-16 00:04 . 2009-03-16 00:04 <DIR> d-------- c:\program files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-15 23:54 155,995 ----a-w c:\windows\java\Packages\27T7XNJJ.ZIP
2009-03-15 22:44 --------- d-----w c:\documents and settings\Slavkan\Application Data\Talkback
2009-03-15 21:39 --------- d-----w c:\program files\microsoft frontpage
2007-03-12 09:01 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:01 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:01 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 09:01 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:01 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [BU]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RavTray"="c:\program files\Rising\Rav\RsTray.exe" [2009-03-16 141936]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [2009-03-16 146032]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 RsNTGDI;RsNTGDI;c:\windows\system32\drivers\RsNTGdi.sys [2009-03-16 10832]
R1 hookcont;hookcont;c:\windows\system32\drivers\HookCont.sys [2009-03-16 15216]
R1 hooksys;hooksys;c:\windows\system32\drivers\HookSys.sys [2009-03-16 140784]
R2 RavTask;Rising RavTask Manager;c:\program files\Rising\Rav\RavTask.exe [2009-03-16 129648]
S2 RavCCenter;Rav Process Communication Center;c:\program files\Rising\Rav\CCenter.exe [2009-03-16 113264]
S2 RsRavMon;Rising RealTime Monitor;c:\program files\Rising\Rav\RavMonD.exe [2009-03-16 133744]
S2 RsScanSrv;Rising Scan Service;c:\program files\Rising\Rav\ScanFrm.exe [2009-03-16 51824]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7489333-11b2-11de-81af-afe94e728a78}]
\Shell\AutoRun\command - F:\luk1ylq.com
\Shell\open\Command - F:\luk1ylq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deac6806-120f-11de-81b5-81e66741c076}]
\Shell\AutoRun\command - G:\uxkl0apt.bat
\Shell\open\Command - G:\uxkl0apt.bat
.
.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Slavkan\Application Data\Mozilla\Firefox\Profiles\ruhlnpby.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-16 20:03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-16 20:04:45
ComboFix-quarantined-files.txt 2009-03-16 19:04:42

Pre-Run: 1,629,229,056 bytes free
Post-Run: 1,619,558,400 bytes free

127

Poslao: 16 Mar 2009 20:40
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\luk1ylq.com

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7489333-11b2-11de-81af-afe94e728a78}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deac6806-120f-11de-81b5-81e66741c076}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 16 Mar 2009 23:09
Idi na vrh
offline
  • Pridružio: 13 Mar 2009
  • Poruke: 229

Dakle :


ComboFix 09-03-15.01 - Slavkan 2009-03-16 23:00:34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.84 [GMT 1:00]
Running from: c:\documents and settings\Slavkan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Slavkan\Desktop\CFScript.txt
AV: Rising Antivirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
C:\luk1ylq.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\luk1ylq.com

.
((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-16 20:33 . 2009-03-16 20:33 1,172 --a------ c:\windows\mozver.dat
2009-03-16 15:17 . 2009-03-16 14:48 238,704 --a------ c:\windows\system32\bsmain.exe
2009-03-16 15:17 . 2009-03-16 14:43 140,784 --a------ c:\windows\system32\drivers\HookSys.sys
2009-03-16 15:17 . 2009-03-16 14:44 33,904 --a------ c:\windows\system32\drivers\HookHelp.sys
2009-03-16 15:17 . 2009-03-16 15:11 15,216 --a------ c:\windows\system32\drivers\HookCont.sys
2009-03-16 15:17 . 2009-03-16 14:48 10,832 --a------ c:\windows\system32\drivers\RsNTGdi.sys
2009-03-16 15:17 . 2009-03-16 15:17 160 --a------ c:\windows\system32\BsMain.ini
2009-03-16 15:17 . 2009-03-16 15:19 132 -r-hs---- C:\rising.ini
2009-03-16 14:26 . 2009-03-16 19:06 <DIR> dr--s---- C:\RavBin
2009-03-16 14:26 . 2009-03-16 14:24 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-03-16 14:26 . 2009-03-16 14:24 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-03-16 14:26 . 2009-03-16 14:24 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-03-16 14:26 . 2009-03-16 14:31 146,032 --a------ c:\windows\system32\RavExt.dll
2009-03-16 14:26 . 2009-03-16 15:19 14,834 --a------ c:\windows\Rav.inf
2009-03-16 14:25 . 2009-03-16 14:25 <DIR> d-------- c:\program files\Rising
2009-03-16 14:25 . 2009-03-16 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rising
2009-03-16 14:25 . 2009-03-16 15:21 63 --a------ c:\windows\Rav.ini
2009-03-16 01:29 . 2009-03-16 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-16 00:54 . 2009-03-16 00:54 <DIR> d-------- c:\program files\Microsoft VM
2009-03-16 00:54 . 2009-03-16 00:54 <DIR> d---s---- c:\documents and settings\Slavkan\UserData
2009-03-16 00:48 . 2009-03-16 00:48 268 --ah----- C:\sqmdata00.sqm
2009-03-16 00:48 . 2009-03-16 00:48 244 --ah----- C:\sqmnoopt00.sqm
2009-03-16 00:05 . 2009-03-16 01:02 <DIR> d-------- c:\documents and settings\Slavkan\Contacts
2009-03-16 00:04 . 2009-03-16 00:04 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-16 00:04 . 2009-03-16 00:04 <DIR> d-------- c:\program files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-15 23:54 155,995 ----a-w c:\windows\java\Packages\27T7XNJJ.ZIP
2009-03-15 22:44 --------- d-----w c:\documents and settings\Slavkan\Application Data\Talkback
2009-03-15 21:39 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-16 19:37:54 25,214 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\SC_Reader.exe
+ 2003-03-18 20:05:50 89,088 ----a-r c:\windows\system32\atl71.dll
+ 2009-02-02 17:15:00 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-02 17:15:00 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RavTray"="c:\program files\Rising\Rav\RsTray.exe" [2009-03-16 141936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [2009-03-16 146032]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 RsNTGDI;RsNTGDI;c:\windows\system32\drivers\RsNTGdi.sys [2009-03-16 10832]
R1 hookcont;hookcont;c:\windows\system32\drivers\HookCont.sys [2009-03-16 15216]
R1 hooksys;hooksys;c:\windows\system32\drivers\HookSys.sys [2009-03-16 140784]
R2 RavTask;Rising RavTask Manager;c:\program files\Rising\Rav\RavTask.exe [2009-03-16 129648]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 RavCCenter;Rav Process Communication Center;c:\program files\Rising\Rav\CCenter.exe [2009-03-16 113264]
S2 RsRavMon;Rising RealTime Monitor;c:\program files\Rising\Rav\RavMonD.exe [2009-03-16 133744]
S2 RsScanSrv;Rising Scan Service;c:\program files\Rising\Rav\ScanFrm.exe [2009-03-16 51824]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
.
.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Slavkan\Application Data\Mozilla\Firefox\Profiles\ruhlnpby.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-16 23:01:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-16 23:03:11
ComboFix-quarantined-files.txt 2009-03-16 22:03:08
ComboFix2.txt 2009-03-16 19:04:47

Pre-Run: 7.558.524.928 bytes free
Post-Run: 7,588,618,240 bytes free

112

Poslao: 17 Mar 2009 00:01
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda ok.

Postoji li sada neki problem?

Poslao: 17 Mar 2009 01:10
Idi na vrh
offline
  • Pridružio: 13 Mar 2009
  • Poruke: 229

Pa ne, sve je ok. Racunar se preporodio Smile Hvala puno.

Poslao: 17 Mar 2009 09:33
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uradi sledeće:Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve.

MyCity » Ambulanta -> Arhiva Ambulante » Help,Help,Help

Ko je trenutno na forumu
 

Ukupno su 855 korisnika na forumu :: 83 registrovanih, 7 sakrivenih i 765 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 4fat, 8u47, A.R.Chafee.Jr., airliners, arezina, BaneM75, blues100, BOXRR, bpop, Brankojle, Bubimir, Burovnyak, Cicumile, cvrle312, DeerHunter, Dejan_vw, dejankm, djonsule, Dovla 1980, Džekson, ElGenius, Flanker-G, Gogi_avio, iceburn, Ikica977, Ir, ISOF, Ivan Campo, ivan_8282, jaeger, JohnDoe, Jozo74, Kajzer Soze, kapela, klepesina, kljift, knutveliki, kovac9mm, kunktator, KUZMAR, Lance Guest, laurusri, leptirleptir, lord sir giga, Macalone, MadMike, Marko00, Martin543, max power, maxim_von_burdengate, Michellefromrezistance, Milos ZA, milos.cbr, mnn2, nelezele, neutrino, nikolapetkovic, pablojepao, Pekman, picknick, Pilipenda, pisac12, PitterBg, Prašinar, Promising0, raptorsi, RD84, Regrut Boskica, rokokoko, Romibrat, sap, shiro, Simulink11000, sombrero, stefan95, The Boss, tomigun, Username1000, VJ, Vlada1389, Vrač, |_MeD_|, 79693